Sophos Ideas / SG UTM

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

← SG UTM

You enable 2 factor authentication options with Duo Security

When you come out with 2 factor authentication. Please have an option to integrate with Duo Security (https://www.duosecurity.com/). They are an easy to use, low cost option that works well.

48 votes
Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

11 comments

Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Paul commented  ·   ·  Flag as inappropriate

    Do you have a link to that XG and Duo integration document?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Sophos XG supports DUO and I also have a document about the Integration between Sophos XG and DUO

  • Jacob Jensen commented  ·   ·  Flag as inappropriate

    Im in the same boat. Looking to implement Sophos XG to replace my TMG but if Duo Security does not work with sophos XG that will be a showstopper for us

  • vitale mazo commented  ·   ·  Flag as inappropriate

    Has this been completed my company can not move forward with Sophos firewall without DUO two factor this is a acquirement to use the firewall

  • vitale mazo commented  ·   ·  Flag as inappropriate

    What is the Status on Duo integration with SSL vpn this is a requirement for our company.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Integration with Duo Security is still a desired OOTB functionality. Or integration with other 2 form factor authentication period. We need to use a solution that is NOT dependent on Smart Phones only as some of our users do not wish to install a company required app on their personal smart phone. Need something that can work with SMS, RSA keys or other options.

  • Duo_on_UTM commented  ·   ·  Flag as inappropriate

    If anyone wants exact specifics, or if you want to take a shortcut and just grab pre-compiled stuff, I'll post this on the astaro forum.

  • Duo_on_UTM commented  ·   ·  Flag as inappropriate

    I was able to integrate DuoSec's openvpn plugin into my UTM 9.315-2 install. It requires building the plugin on an arch-similar platform; I used SLED 11 SP4. The plugins are all compiled as 32-bit ELF binaries, so make sure you include the -m32 cflag when building. Also, you'll need to make some edits to the duo_openvpn.c file prior to compiling, due to openvpn running in a chroot on the UTM. The path to the duo_openvpn.py script needs to be a static path that exists within the chroot. Also, since the openvpn chroot doesn't have the python binary or any of the associated libraries, they need to be copied/linked into the chroot as well. I used a bind mount for the python libraries, and just copied the python binary directly. Lastly, you'll have to edit the openvpn.conf-default file and comment out the utm plugin (it won't work with the duosec plugin), and insert the duo plugin info.

  • Joe commented  ·   ·  Flag as inappropriate

    Wondering if this has been considered since it was originally requested. We want to be able to use this feature with SSL VPN.

SG UTM: Authentication

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.