Cisco DUO for 2FA
What is the roadmap for this? I would love to see the email and SMS 2FA replaced or have DUO added. There are so many firewalls that use DUO. Can we please implement this. I have over 60 firewalls and deploying more. I would really like this feature. I would even like to use DUO to log onto the firewall would be great.
The current 2fa with the FLEX with firewall reditection and 2fa approval and the EMAIL\SMS I have done all of that. My users do not like it at all. I am having a hell of a time getting them rolled over. Having a simple option to just enable DUO would be great.
Here is who supports DUO for VPN: I would love to see ZYXEL on the list.
Thanks.
The current 2fa with the FLEX with firewall reditection and 2fa approval and the EMAIL\SMS I have done all of that. My users do not like it at all. I am having a hell of a time getting them rolled over. Having a simple option to just enable DUO would be great.
Here is who supports DUO for VPN: I would love to see ZYXEL on the list.
Appsian Security Platform
Array SSL VPN
Barracuda SSL VPN
Check Point VPN
Cisco ASA
Cisco ASA SSL VPN
Cisco RADIUS VPN
Citrix Access Gateway
Citrix Gateway (NetScaler)
F5 FirePass SSL VPN
Fortinet FortiGate SSL VPN
Juniper SSL VPN
Meraki
Meraki RADIUS VPN
OpenVPN
OpenVPN Access Server
Palo Alto SSL VPN
SonicWALL SRA SSL VPN
Thanks.
0
All Replies
-
VCIT,
Like Mario mention. Zyxel firewall support RADIUS 2FA with many MFA solution.
I did integrated ZyWALL with Duo via RADIUS proxy for SSL VPN/ L2TPoverIPSec VPN in one of my customer. And I just re-test hours ago. It's working as usual.
There no magic to use dozens ago technology. Most of the vendor/product you list is doing the same way.
It's very simple and just follow Duo document to install authentication proxy and configure it.
https://duo.com/docs/radius
For the login password add a comma (",") to the end of your password and append a Duo second factor code.
For example, if the 1st factor password is "mypassword" and Duo 2nd factor code is "123456"
Then type-in the password: "mypassword,123456"
1 -
Hi @LPAPP ,
Topology: ZyWALL → Duo Proxy → RADIUS Server
Here the example.
[radius_client]
host=<IP of your RADIUS server>
secret=xxxxxxxx
port=<RADIUS Auth. port of your RADIUS server. Default is 1812.>
pass_through_all=true[radius_server_auto]
ikey=********************
skey=****************************************
api_host=api-********.duosecurity.com
radius_ip_1=<ZyWALL IP Address>
radius_secret_1=<secret for ZyWALL>
failmode=safe
client=radius_client
port=<RADIUS Auth. port of Duo Proxy. Default is 1812.>0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight