Cisco DUO for 2FA

VCIT
VCIT Posts: 4
What is the roadmap for this?  I would love to see the email and SMS 2FA replaced or have DUO added. There are so many firewalls that use DUO.  Can we please implement this.  I have over 60 firewalls and deploying more. I would really like this feature.  I would even like to use DUO to log onto the firewall would be great.  

The current 2fa with the FLEX with firewall reditection and 2fa approval and the EMAIL\SMS I have done all of that. My users do not like it at all.  I am having a hell of a time getting them rolled over.  Having a simple option to just enable DUO would be great.  

Here is who supports DUO for VPN: I would love to see ZYXEL on the list.

Appsian Security Platform

Array SSL VPN

Barracuda SSL VPN

Check Point VPN

Cisco ASA

Cisco ASA SSL VPN

Cisco RADIUS VPN

Citrix Access Gateway

Citrix Gateway (NetScaler)

F5 FirePass SSL VPN

Fortinet FortiGate SSL VPN

Juniper SSL VPN

Meraki

Meraki RADIUS VPN

OpenVPN

OpenVPN Access Server

Palo Alto SSL VPN

SonicWALL SRA SSL VPN


Thanks.

All Replies

  • Mario
    Mario Posts: 87  Ally Member
    i don't know DUO, but i have already set up several mfa solutions via radius (okta, authpoint).
    which protocols are used to set up duo?

  • zyman2008
    zyman2008 Posts: 146  Ally Member
    edited May 16
    VCIT,
    Like Mario mention. Zyxel firewall support RADIUS 2FA with many MFA solution.
    I did integrated ZyWALL with Duo via RADIUS proxy for SSL VPN/ L2TPoverIPSec VPN in one of my customer. And I just re-test hours ago. It's working as usual.

    There no magic to use dozens ago technology. Most of the vendor/product you list is doing the same way. 

    It's very simple and just follow Duo document to install authentication proxy and configure it.
    https://duo.com/docs/radius
    For the login password add a comma (",") to the end of your password and append a Duo second factor code.
    For example, if the 1st factor password is "mypassword" and Duo 2nd factor code is "123456"
    Then type-in the password: "mypassword,123456"

Security Highlight