I would like to know, is it possible to create a rule whereby traffic coming in on an interface from different networks or hosts triggers them to have to authenticate via a splash screen and use our multi factor MFA which is Duo?
Hi, I want the auth to be triggered by the traffic flowing through the firewall, is this possible? on a checkpoint you can get redirected to an auth page for example
Good question, ASA alone can not do this here i guess - you may need some interceptor the traffic and look for authentication process when the matches that condition.
what is the use case very anxiety know - May be thinking use WCCP to send to Proxy if this is HTTP and HTTPS traffic (just idea). or use PBR to send different system to process if the match traffic.
It is indeed feasible to establish a regulation mandating that incoming traffic on an interface from various networks or hosts must undergo authentication through a splash screen and utilize multi-factor authentication (MFA) such as Duo. One common method to accomplish this is by configuring a captive portal on the network equipment, which captures the traffic and directs it to a login page where individuals are required to authenticate using Duo prior to being granted entry to the network assets.
