cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1029
Views
0
Helpful
1
Replies

Going from cisco ASA to FTD

Chris S
Level 1
Level 1

We are currently using Duo in a Cisco ASA enviornment using a DAG setup. We’re migrating to newer firewalls which utilize FTD. We followed the directions on setting up the Duo Proxy however; it looks like it uses just the AnyConnect interface and removes any option for my users to choose which method they want to authenticate with. I have some users who utilize SMS and YubiKeys - anybody else run into this? Is there another way other than not using FTD?

1 Accepted Solution

Accepted Solutions

DuoKristina
Cisco Employee
Cisco Employee

If you set up FTD with SAML then users see the Duo Prompt in AnyConnect.

*Requires FTD/FMC 6.7.0+

ETA: You can set up FTD to use SAML auth with DAG too, but you’d need to use the DAG Generic SAML app and when stepping through the FTD SSO instructions linked above you’d be supplying the certificate, Entity ID, SSO URL, and Logout URL from your DAG admin console instead of from Duo hosted SSO (but really, if it’s an option for you, consider migrating to Duo SSO).

Duo, not DUO.

View solution in original post

1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

If you set up FTD with SAML then users see the Duo Prompt in AnyConnect.

*Requires FTD/FMC 6.7.0+

ETA: You can set up FTD to use SAML auth with DAG too, but you’d need to use the DAG Generic SAML app and when stepping through the FTD SSO instructions linked above you’d be supplying the certificate, Entity ID, SSO URL, and Logout URL from your DAG admin console instead of from Duo hosted SSO (but really, if it’s an option for you, consider migrating to Duo SSO).

Duo, not DUO.
Quick Links