Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
1
Helpful
8
Replies

HA Duo Authentication Proxy

dianawinskymartin
Level 1
Level 1

‎04-02-2025 11:56 PM

Has anyone experienced the configuration of HA setup for duo authentication proxy without a load balancer? or is a load balancer required?

Labels:
0 Helpful
8 Replies 8

rschlayer
Level 4
Level 4

‎04-03-2025 04:57 AM

That depends on the Authentication Source going to the Proxy. Normally devices (such as ASA or other Firewalls) allow you to enter multiple radius servers in their configuration.

What device are you looking to set up?

-

dianawinskymartin
Level 1
Level 1
In response to rschlayer

‎04-05-2025 04:05 AM

I mean, is the usual setup of a duo authentication proxy installed on a Windows server or Linux server can be HA? How to set HA in On-prem and DR On-prem?

0 Helpful

Ken Stieers
VIP
VIP
In response to dianawinskymartin

‎04-05-2025 04:35 AM

Yes. You should install 2.
We put one in each prod, one in dr and both are configured in the various services that are using them. That way you can patch each one with no down time.

You just have to be sure the services using them will support that.
0 Helpful

dianawinskymartin
Level 1
Level 1
In response to Ken Stieers

‎04-05-2025 11:58 PM

So if I already configured the main one, it should be the same in DR? like there's no need to configure another external directory in DUO, it's just that I need to install duo auth proxy in DR on-prem like I did in main? Is there a guide for this HA setup in order for me to understand the procedures clearly?

0 Helpful

rschlayer
Level 4
Level 4

‎04-07-2025 02:11 AM

There is no real "HA" setup, you simply install two DUO Authentication proxy in your environment. This way you have two servers providing the DUO service. You then point your relevant devices to these duo servers and that is it.

0 Helpful

dianawinskymartin
Level 1
Level 1
In response to rschlayer

‎04-10-2025 01:52 AM

Do you have documentation to prove your input that there is no real "HA" setup? 

0 Helpful

dianawinskymartin
Level 1
Level 1
In response to dianawinskymartin

‎04-13-2025 11:58 PM

So how will I know if this auth proxy is primary and if down?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee

‎04-14-2025 10:47 AM

Hey @dianawinskymartin - are you aware that in addition to the technical documentation available at duo.com/docs, there is also a public knowledge base at help.duo.com? You can search for additional information there.

For example, a search for "authentication proxy high-availability" has this article as the first result. Within that article it is explained that a load-balancer is needed for active/active HA. You can consider this the documentation that proves there is no "real HA" in the Authentication Proxy application itself.

If you are setting up the Authentication Proxy for AD or LDAP directory sync, or SSO AD authentication, there is some redundancy provided if you add multiple Authentication Proxy servers to those setups with a common configuration (i.e. identical [cloud] sections for sync, or multiple connected servers for SSO). In these configurations there is failover when a connected Authentication proxy selected at random for use doesn't respond, but you cannot select or specify a specific proxy to use, set an order for use or failover, or see anything about the proxy other than the connected status.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents