https://community.cisco.com/t5/deployment-strategy/questions-about-using-duo-deploy/m-p/4875927#M6 <DIV class="duo-migrated-content"><P>Duo Authentication Proxy supports LDAP and RADIUS authentication.</P> <P>Duo Access Gateway supports SAML 2.0 only.</P> <P>So which one you choose depends on your use case. If you are looking to add 2FA to FTD VPN logins, then we recommend <A href="https://duo.com/docs/cisco-firepower">RADIUS with the Duo Authentication Proxy</A>.</P> <P>I saw that the new FTD 6.7 release supports SAML for VPN, so Duo Access Gateway or Duo Single Sign-on are also valid options. We do not yet have step-by-step instructions for FTD with SAML, but you could configure this using a <A href="https://duo.com/docs/sso-generic">Duo generic SAML application</A>.</P> <P>Duo Network Gateway is a like a reverse proxy for publishing internal web applications or SSH servers externally with 2FA added. It is not a good solution for adding 2FA to FTD RA VPN. It would be used instead of the RA VPN to provide SSH/HTTPS access to internal services without a VPN tunnel.</P></DIV> Wed, 16 Dec 2020 22:44:45 GMT DuoKristina 2020-12-16T22:44:45Z https://community.cisco.com/t5/deployment-strategy/questions-about-using-duo-deploy/m-p/4875926#M5 <DIV class="duo-migrated-content"><P>Hi everyone</P> <P>I have encountered some doubts about the way Duo runs authentication (I integrate with FTD). Duo has three methods Authentication Proxy, Duo Network Gateway, Duo Access Gateway, and I also know that Authentication Proxy uses RADIUS or LDAP for authentication. Duo does the second verification.<BR /> Duo Network Gateway means to install Duo’s connection tool on the host, you can use Duo Network Gateway use ssh connect to internal network<BR /> Duo Access Gateway can be verified through AD or online or Google G Suite accounts online verification service</P> <P>I want to know what kind of environment these three types should be built in? All three are very similar. I can’t distinguish the pros and cons of each method. I hope I can mention it, thank all</P></DIV> Wed, 16 Dec 2020 10:11:42 GMT https://community.cisco.com/t5/deployment-strategy/questions-about-using-duo-deploy/m-p/4875926#M5 ZONGYUho80020 2020-12-16T10:11:42Z https://community.cisco.com/t5/deployment-strategy/questions-about-using-duo-deploy/m-p/4875927#M6 <DIV class="duo-migrated-content"><P>Duo Authentication Proxy supports LDAP and RADIUS authentication.</P> <P>Duo Access Gateway supports SAML 2.0 only.</P> <P>So which one you choose depends on your use case. If you are looking to add 2FA to FTD VPN logins, then we recommend <A href="https://duo.com/docs/cisco-firepower">RADIUS with the Duo Authentication Proxy</A>.</P> <P>I saw that the new FTD 6.7 release supports SAML for VPN, so Duo Access Gateway or Duo Single Sign-on are also valid options. We do not yet have step-by-step instructions for FTD with SAML, but you could configure this using a <A href="https://duo.com/docs/sso-generic">Duo generic SAML application</A>.</P> <P>Duo Network Gateway is a like a reverse proxy for publishing internal web applications or SSH servers externally with 2FA added. It is not a good solution for adding 2FA to FTD RA VPN. It would be used instead of the RA VPN to provide SSH/HTTPS access to internal services without a VPN tunnel.</P></DIV> Wed, 16 Dec 2020 22:44:45 GMT https://community.cisco.com/t5/deployment-strategy/questions-about-using-duo-deploy/m-p/4875927#M6 DuoKristina 2020-12-16T22:44:45Z