DUO with DUO Proxy firewall ports requirnments
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2023 12:07 AM
Hello:
I am implementing the DUO 2-FA with DUO Proxy. May I know the firewall port requirements for those custom application and Microsoft Remote Desktop Agent communicate with DUO Proxy? Is only port 443 was enough?
For the DUO Proxy to Cisco DUO Cloud (Internet), I just release port 443 for internet access is fine?
Thanks!
- Labels:
-
Duo Security Discussion

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 07:51 AM - edited 11-27-2023 07:51 AM
Do you mean Duo Authentication for Windows Logon when you say "Microsoft Remote Desktop Agent"?
When installed, Duo Authentication for Windows Logon attempts to contact Duo's cloud service via HTTPS on port 443.
If you configure a web proxy on that system using netsh, then it will use whatever port you specified in the netsh config: https://duo.com/docs/rdp-faq#does-duo-authentication-for-windows-logon-support-web-proxying?
If you configure a proxy for only Duo traffic using an upstream Duo Authentication Proxy, then it uses whatever port you specify in the config (default 80): https://duo.com/docs/rdp-faq#is-it-possible-to-use-a-web-proxy-only-for-duo-authentication-for-windows-logon-traffic?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2023 08:00 AM - edited 11-27-2023 08:01 AM
There are no proxy server can be using in Remote Desktop Service Server Farm. This Server farm was not allow to have any internet access. However, I have a Duo Authentication Proxy that was in DMZ (This Proxy Allow internet access) and the RDS Server Farm can access to this "Duo Authentication Proxy". If the "Duo Authentication Proxy" IP is 10.3.20.200. May I know how can I told to the "Duo Authentication for Windows Logon" to use this Duo Authentication Proxy?
Thanks!
