https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122588#M1113235 <P><SPAN>It is indeed feasible to establish a regulation mandating that incoming traffic on an interface from various networks or hosts must undergo authentication through a splash screen and utilize multi-factor authentication (MFA) such as Duo. One common method to accomplish this is by configuring a captive portal on the network equipment, which captures the traffic and directs it to a login page where individuals are required to authenticate using Duo prior to being granted entry to the network assets. </SPAN></P> Sat, 01 Jun 2024 14:05:01 GMT Jonny Bacoz 2024-06-01T14:05:01Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5121917#M1113186 <P>Hi All</P><P>I would like to know, is it possible to create a rule whereby traffic coming in on an interface from different networks or hosts triggers them to have to authenticate via a splash screen and use our multi factor MFA which is Duo?</P><P>cheers</P> Fri, 31 May 2024 13:07:08 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5121917#M1113186 carl_townshend 2024-05-31T13:07:08Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122051#M1113194 <P>MFA and DUO auth users not traffic'</P> <P>So no I dont think you can do that.</P> <P>MHM</P> Fri, 31 May 2024 14:11:44 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122051#M1113194 MHM Cisco World 2024-05-31T14:11:44Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122065#M1113195 <P>Hi, I want the auth to be triggered by the traffic flowing through the firewall, is this possible? on a checkpoint you can get redirected to an auth page for example</P> Fri, 31 May 2024 14:31:55 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122065#M1113195 carl_townshend 2024-05-31T14:31:55Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122083#M1113196 <P>I dont have alot info</P> <P>But there is action in ACP called&nbsp;</P> <P>Interactive abd redirect&nbsp;</P> <P>The think that I do t know is it redirect the user to DUO for auth or not.&nbsp;</P> <P>So I will check this feature abd update you</P> <P>MHM</P> Fri, 31 May 2024 14:52:23 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122083#M1113196 MHM Cisco World 2024-05-31T14:52:23Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122342#M1113212 <P>Good question,&nbsp; ASA alone can not do this here i guess&nbsp; - you may need some interceptor the traffic and look for authentication process when the matches that condition.</P> <P>what is the use case very anxiety know - May be thinking use WCCP to send to Proxy if this is HTTP and HTTPS traffic (just idea). or use PBR to send different system to process if the match traffic.</P> Sat, 01 Jun 2024 07:02:15 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122342#M1113212 balaji.bandi 2024-06-01T07:02:15Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122588#M1113235 <P><SPAN>It is indeed feasible to establish a regulation mandating that incoming traffic on an interface from various networks or hosts must undergo authentication through a splash screen and utilize multi-factor authentication (MFA) such as Duo. One common method to accomplish this is by configuring a captive portal on the network equipment, which captures the traffic and directs it to a login page where individuals are required to authenticate using Duo prior to being granted entry to the network assets. </SPAN></P> Sat, 01 Jun 2024 14:05:01 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122588#M1113235 Jonny Bacoz 2024-06-01T14:05:01Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122668#M1113237 <P>Is this possible doing this on the ASA ?</P><P>&nbsp;</P> Sat, 01 Jun 2024 18:17:56 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122668#M1113237 carl_townshend 2024-06-01T18:17:56Z https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122848#M1113240 <P>May be look the option of cut through proxy :</P> <P>i was not sure is this can be integrated with MFA like DUO -&nbsp;</P> <P><A href="https://community.cisco.com/t5/security-knowledge-base/asa-cut-through-authentication-proxy-configuration-and-examples/ta-p/3118641" target="_blank">https://community.cisco.com/t5/security-knowledge-base/asa-cut-through-authentication-proxy-configuration-and-examples/ta-p/3118641</A></P> Sun, 02 Jun 2024 06:45:40 GMT https://community.cisco.com/t5/network-security/prompting-certain-traffic-to-trigger-authentication-on-asa/m-p/5122848#M1113240 balaji.bandi 2024-06-02T06:45:40Z