cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2805
Views
0
Helpful
5
Replies

F5 Loadbalancer/Authorized Networks/ RDS Gateway

jholly
Level 1
Level 1

Has anyone had problems configuring Authorized Networks in DUO when the RDS Gateway is behind a F5 Loadbalancer?

Because the F5 loadbalancer is proxying the connection between the user and the RDS Gateway. DUO only sees the IP address of the F5 loadbalancer in the DUO logs.

5 Replies 5

17G
Level 1
Level 1

I would be interested to know the answer to this as well. Same configuration except we use Kemp LBs.

We have our LBs and gateway in a DMZ. The session hosts are in a different subnet. We are trialling the Duo Remote desktop app install on all session hosts. We have whitelisted the internal LAN but not the DMZ. This means internal users dont get 2FA’d but external users via the gateway do.

Still in trial phase at the moment…

Duo for RDG does not utilize the host name or IP from x-forwarded-for as the client IP. Please contact Duo Support, your CSM, or your AE to open a feature request for this.

Duo, not DUO.

Thanks for update Kristina.

Would you recommend going around the f5 to get Authorized locations to work?

If you want the Authorized Networks feature to work reliably with Duo for RDG then the client IP received at the RDG server needs to be the actual client IP (which would likely be accomplished by bypassing your load balancer).

Duo, not DUO.

jholly
Level 1
Level 1

Thanks DUOKristina for your response.

Quick Links