Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
2
Replies

Connection Error on Macbook

eortizz
Level 1
Level 1

‎04-03-2025 06:47 AM

Hello, 

I am having and issue with a MacBook pro that I am working on setting up DUO 2FA for. This M3 MacBook is running Seqouia version 15.3.2. I am having a weird issue where I set up Duo on it, but it only works when on wi-fi, but the duo push fails when it is hardwired to my company network. Multiple people in my organization have attempted logging in when the laptop is not hardwired, and the DUO push is successful every time. But the second I hardwire the MacBook I get the Connection Error prompt in the login screen. Now when configuring DUO, I set it up, so it doesn't lock me out of the computer so after the failed push. 

If anyone had any insight at all on how to fix this issue, I would appreciate any help! It's a good thing that it works while on Wi-Fi at the very least because I know that means that it's communicating with DUO and communicating with our AD. Thanks!!!

Labels:
0 Helpful
2 Replies 2

wajidhassan
Level 1
Level 1

‎07-03-2025 08:55 AM

Checklist of Common Causes:
Firewall/Proxy Rules on Wired LAN:

DUO requires outbound HTTPS access to:

*.duosecurity.com

api-*.duosecurity.com

Ensure your wired VLAN/subnet permits outbound access to those domains and ports (TCP 443).

Some corporate networks enforce proxy or content filtering policies differently on wired vs. wireless.

DNS Resolution Issues on Wired:

Try nslookup api.duosecurity.com when wired vs. wireless.

Inconsistent DNS settings or DNS filtering could be causing the connection error.

Network Isolation:

Your Ethernet port might be assigned to a more restricted VLAN.

Compare the IP address, subnet, and default gateway when on wired vs. wireless.
Custom Proxy Settings or PAC Files:

macOS may be picking up a PAC file or system proxy only on the Ethernet interface.

Check in: System Settings > Network > Ethernet > Proxies

Disable any proxy temporarily and re-test.

DUO Network Requirements Not Met on Wired:

Duo Network Requirements for reference.

VPN Policy Interference (if applicable):

If your org uses VPN split-tunneling, the VPN might route traffic differently between interfaces.

🧪 Suggested Troubleshooting Steps
When the Mac is hardwired:

Test access to DUO endpoints.
Try pinging or resolving DUO domains:
Run tcpdump or use Wireshark to monitor if requests to DUO are going out or being blocked.

0 Helpful

wajidhassan
Level 1
Level 1

‎07-03-2025 09:17 AM

 

1. Check Network Segmentation

  • Ensure your Wi-Fi and Ethernet connections are on the same VLAN/subnet.

  • Often, Wi-Fi and Ethernet are on different segments. The Ethernet network may have outbound traffic restrictions blocking access to Duo’s cloud endpoints.

2. Test Connectivity to Duo from Wired Network

Open Terminal on the MacBook while hardwired, and run:

 

bash
Copy code
ping api-1b9c70d1.duosecurity.com

 

 

Also try:

 

 

 

If these fail, then the issue is with outbound firewall or proxy rules on the Ethernet segment.

3. Check DNS Resolution

Run:

 

bash
Copy code
nslookup api-1b9c70d1.duosecurity.com

 

 

Make sure DNS resolves properly on both Wi-Fi and Ethernet. If DNS is failing over Ethernet, check your DHCP or manual IP settings on Ethernet.

4. Review Proxy and Firewall Rules

  • Check if a proxy or content filter is intercepting traffic on Ethernet.

  • Confirm outbound HTTPS (TCP 443) access to Duo's API endpoints is not being blocked on the wired network.

Whitelist the following Duo endpoints if needed:

  • *.duosecurity.com

  • api-*.duosecurity.com

  • duo.com

5. Compare Network Settings

Compare Wi-Fi and Ethernet network settings on the Mac:

 

bash
Copy code
networksetup -getinfo Wi-Fi networksetup -getinfo Ethernet 
 

Pay attention to:

  • Router/Gateway

  • DNS Servers

  • Search Domains

6. Bypass Captive Portals or NAC

If your wired network uses Network Access Control (NAC) or a captive portal, it might delay or block Duo communication until full authorization is completed.

Try temporarily disabling the security/NAC policy on a test port.

7. Check macOS Firewall or Profiles

Ensure no custom configuration profiles or firewall settings on the Mac are interfering only on Ethernet. Look under:

  • System Settings > Network > Ethernet > Proxies

  • System Settings > Profiles

  • Disable any proxy settings for Ethernet temporarily.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents