Sophos Ideas / SG UTM

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

← SG UTM

You enable 2 factor authentication options with Duo Security

When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

47 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos ID New Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

11 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos ID New Sophos ID
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Sophos XG supports DUO and I also have a document about the Integration between Sophos XG and DUO

  • Jacob Jensen commented  ·   ·  Flag as inappropriate

    Im in the same boat. Looking to implement Sophos XG to replace my TMG but if Duo Security does not work with sophos XG that will be a showstopper for us

  • vitale mazo commented  ·   ·  Flag as inappropriate

    Has this been completed my company can not move forward with Sophos firewall without DUO two factor this is a acquirement to use the firewall

  • vitale mazo commented  ·   ·  Flag as inappropriate

    What is the Status on Duo integration with SSL vpn this is a requirement for our company.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Integration with Duo Security is still a desired OOTB functionality. Or integration with other 2 form factor authentication period. We need to use a solution that is NOT dependent on Smart Phones only as some of our users do not wish to install a company required app on their personal smart phone. Need something that can work with SMS, RSA keys or other options.

  • Duo_on_UTM commented  ·   ·  Flag as inappropriate

    If anyone wants exact specifics, or if you want to take a shortcut and just grab pre-compiled stuff, I'll post this on the astaro forum.

  • Duo_on_UTM commented  ·   ·  Flag as inappropriate

    I was able to integrate DuoSec's openvpn plugin into my UTM 9.315-2 install. It requires building the plugin on an arch-similar platform; I used SLED 11 SP4. The plugins are all compiled as 32-bit ELF binaries, so make sure you include the -m32 cflag when building. Also, you'll need to make some edits to the duo_openvpn.c file prior to compiling, due to openvpn running in a chroot on the UTM. The path to the duo_openvpn.py script needs to be a static path that exists within the chroot. Also, since the openvpn chroot doesn't have the python binary or any of the associated libraries, they need to be copied/linked into the chroot as well. I used a bind mount for the python libraries, and just copied the python binary directly. Lastly, you'll have to edit the openvpn.conf-default file and comment out the utm plugin (it won't work with the duosec plugin), and insert the duo plugin info.

  • Joe commented  ·   ·  Flag as inappropriate

    Wondering if this has been considered since it was originally requested. We want to be able to use this feature with SSL VPN.

SG UTM: Authentication

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.