![]() ![]() If you must co-locate the Duo Authentication Proxy with these services, be prepared to resolve potential LDAP or RADIUS port conflicts between the Duo service and your pre-existing services. We do not recommend installing the Duo Authentication Proxy on the same Windows server that acts as your Active Directory domain controller or one with the Network Policy Server (NPS) role. See detailed Authentication Proxy operating system performance recommendations in the Duo Authentication Proxy Reference. The Duo End of Sale, Last Date of Support, and End of Life Policy states that Duo does not offer support for integrations running on operating system versions beyond the vendor’s stated Last Date of Support date. We recommend the following operating systems for the system hosting the Duo Authentication Proxy: However, there are some cases where it might make sense for you to deploy a new proxy server for a new application, like if you want to co-locate the Duo proxy with the application it will protect in the same data center. ![]() You don't have to set up a new Authentication Proxy server for each application you create. ![]() If you are already running a Duo Authentication Proxy server in your environment, you can use that existing host for additional applications, appending the new configuration sections to the current config. This Duo proxy server will receive incoming RADIUS requests from your Citrix Access Gateway, contact your existing local LDAP/AD or RADIUS server to perform primary authentication, and then contact Duo's cloud service for secondary authentication. To integrate Duo with your Citrix Access Gateway, you will need to install a local Duo proxy service on a machine within your network. You should already have a working primary authentication configuration for your Citrix Access Gateway users before you begin to deploy Duo. First Stepsīefore moving on to the deployment steps, it's a good idea to familiarize yourself with Duo administration concepts and features like options for applications, available methods for enrolling Duo users, and Duo policy settings and how to apply them. See Duo Knowledge Base article 7546 for additional guidance. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.Įffective June 30, 2023, Duo no longer supports TLS 1.0 or 1.1 connections or insecure TLS/SSL cipher suites. This application communicates with Duo's service on SSL TCP port 443.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |