Duo integrates with Sophos UTM 9 to add two-factor authentication to VPN logins, access to Sophos UTM WebAdmin and the User Portal. To integrate Duo with the UTM, first, install a local proxy service on a machine within your network. Before proceeding, setup a system and install the Duo Authentication Proxy.
The following sections are covered:
Applies to the following Sophos products and versions Sophos UTM UTM on AWS Marketplace
The following diagram shows the data flow between Sophos UTM 9, Duo Security’s services and the RADIUS server.
The guide for installing and configuring the Duo Authentication Proxy is available here.
The UTM needs to be configured to send RADIUS authentication requests to the Duo Authentication Proxy. In the next sections, there are instructions on how to setup the proxy within the UTM, as well as how to setup VPN and User Portal access with two-factor authentication.
Log on to the Sophos UTM WebAdmin.
Please see the Authentication Services section in the Sophos UTM Online Help for further explanations.
Most UTM 9 features should be able to make use of Duo Authentication backend. We have only validated selected features like the SSL VPN in real-world scenarios.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.