SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX local and DUO 2FA Authentication Support?

    Posted 11-30-2021 19:28
    Good afternoon,

    I have an SRX300 running 20.3R3-S1 that is used for a few low volume site-to-site VPN's and for a few select users to allow them to VPN in via the Pulse Secure client and authenticate localy on the SRX.  The ask is now they want tighter security and to change to the Juniper Secure Connect client.  They would like to use DUO for 2FA and still use local authentication as there is no real server to authenticate against.  Is this supported?  Reading through forums and documents, I think it says this can work if we use an external authetication server.  But how about local authetication with 2FA?

    Thanks!

    ------------------------------
    KRISTIAN DURVIN
    ------------------------------


  • 2.  RE: SRX local and DUO 2FA Authentication Support?

     
    Posted 12-01-2021 05:55
    The SRX does not directly support 2FA but Duo does have an application that can work with the SRX RADIUS configuration and perform the function.  The SRX side is just using RADIUS instead of local and your local users are then on the Duo app as a self contained local proxy.

    https://duo.com/docs/authproxy-reference

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------