You should already have a working primary authentication configuration for your SonicWall SMA/SRA SSL VPN users before you begin to deploy Duo. First Stepsīefore moving on to the deployment steps, it's a good idea to familiarize yourself with Duo administration concepts and features like options for applications, available methods for enrolling Duo users, and Duo policy settings and how to apply them. See Duo Knowledge Base article 7546 for additional guidance. If your organization requires IP-based rules, please review Duo Knowledge Base article 1337.Įffective June 30, 2023, Duo no longer supports TLS 1.0 or 1.1 connections or insecure TLS/SSL cipher suites. This application communicates with Duo's service on SSL TCP port 443.įirewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If you have issues with the v10 "Contemporary mode" and cannot update your device firmware, access the "Classic mode" login page by changing the VPN login URL in your browser from to There is no setting in the SMA config to force use of "Classic mode". The issue displaying the Duo prompt in "Contemporary mode" was fixed in SMA firmware update 10.2.1.0-17. This mode may prevent display of the Duo prompt. Sonicwall introduced a new "Contemporary mode" for SMA in v10.2. SMA 1000 series devices which run v11 or v12 firmwares.No update to 9.0.0.10 to address this zero-day vulnerability alert is available for these end-of-life SRA appliances. SRA devices which have reached end of life, which includes SRA 1600, SRA 4600, SRA EX6000, and SRA EX7000.SonicWall discontinued SMA v8.x support in September 2019, and discontinued v9.0.x support in October 2021. SMA 100 series devices or upgraded SRA devices with firmware versions before 9.0.0.2-13.We do not support the Duo web-based prompt with: SonicWall discontinued SMA v10.0 support in October 2020.SMA 100 series devices (SMA 200, SMA 400, and SMA 500v) with v10 firmware.SonicWall has issued a zero-day vulnerability alert for firmware versions below 9.0.0.10.SMA 100 series devices (SMA 200, SMA 400, and SMA 500v) with 9.0.0.2-13 or later v9 firmware.We support the Duo web-based prompt with the following: Other types of SonicWall devices (such as the SMA 1000 series, NSA series, or Aventail) may also work with Duo's RADIUS Application. The Duo Prompt shown in browsers does not work with SonicWall client VPN applications. If you are using SonicWall Mobile Connect client or SonicWall's Global VPN Client using IPsec, or an unsupported device as listed below, then see the VPN Client Instructions to configure the SonicWall device to use Duo Security's push authentication. Learn more about options for out-of-scope applications in the Universal Prompt update guide, and review the Duo End of Sale, Last Date of Support, and End of Life Policy. See the "Related" links to the left to explore more RADIUS configurations. We recommend you deploy Duo Single Sign-On for SonicWall SMA 200 Series to protect SonicWall SRA or SMA with Duo Single Sign-On, our cloud-hosted identity provider featuring Duo Central and the Duo Universal Prompt.Īnother alternative is to reconfigure your existing radius_server_iframe Duo Authentication Proxy application so that it does not use the iframe, for example, RADIUS with Automatic Push for SonicWall SRA or SMA. Customers must migrate to a supported Duo Single Sign-On application with Universal Prompt or a RADIUS configuration without the iframe before that date for continued access. The iframe-based traditional Duo Prompt in SonicWall SRA or SMA RADIUS configurations will reach end of life on March 30, 2024.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |