Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 41 subscribers
  • Views 4169 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Duo 2FA in SFOS 18

onward

Is there any documentation available that covers Duo support in SFOS 18?



This thread was automatically locked due to age.
  • +1

    We do it through DUO's Authentication Proxy that integrates with an existing RADIUS server (we use Microsoft's Network Policy Server as the RADIUS server).

    Works fine.

  • +1 in reply to JasP

    Essentially the DUO Proxy can be a Radius Server and server AD Requests. 

    The DUO Support exists, because XG has in V18 a Radius Timeout. 

    DUO generate the request to wait until the user confirms. In XGv17, this was 6 Sec until the request is denied. In V18, you can configure this timeout up to 60 sec. 

     

    The doc would be: Follow the DUO Doc to get a Radius server. Implement the Radius server into XG and configure the proper Timeout value. 

    Done. 

     

    As for UTM, DUO has a KB for integration. https://duo.com/docs/sophos-utm ~80% of it is how to configure DUO. 

    __________________________________________________________________________________________________________________

  • +1

    Personally, if you haven't already, I would get XG working directly with the RADIUS server first to check that part is working and configured correctly. Then introduce DUO Authentication Proxy. It just makes it easier to get the different parts of the configuration right rather than trying to do it all as one job.

Unfiltered HTML