Solving IT Problems Everyday - Since 2002
Solving Tech Issues for New Jersey - Since 2002
Doing Geek Stuff for Non-Geeks - Since 2002
Providing IT Support to Businesses for Over 20 Years
Looking to Upgrade Your "Computer Guy"? Call Us.

Call or Text

Setup DUO 2FA with SonicWall SSL VPN

In this blog, I’ll detail how to integrate DUO’s Two Factor Authentication service for use with SonicWall’s NetExtender SSL VPN client. In the configuration I outline here, I will be using Active Directory integration for user authentication. I’m also assuming that you already have a working SSL VPN setup on your SonicWall and are just integrating the DUO 2FA service.  This will not work with the SonicWall Global VPN Client.

Here is a basic workflow diagram showing how the VPN authentication and RADIUS 2FA push notifications work.

SonicWall DUO 2FA Configuration
  1. First you’ll need to setup a DUO account. Once your account is created you’ll need to define an application (Your SSL VPN configuration) within the DUO dashboard that you will be protecting. Record your keys and keep in a safe place. Do not share these key with others. They will be used later on.

    DUO Application Details_Redacted

  2.  Set your DUO application username setting to simple.
    DUO Application Username Setting
  3. Configure LDAP authentication in your SonicWall appliance. Here are some screen shots from my configuration.
    SonicWall LDAP Configuration 4
    SonicWall LDAP Configuration 3
    SonicWall LDAP Configuration 2
    SonicWall LDAP Configuration 1
  4. Install the Duo Authentication Proxy software on your AD Domain Controller. I used the following configuration in my proxy config file which utilizes LDAP authentication for the SSL VPN client and then DUO authentication for the 2FA. You will also need to create a read only AD service account for the LDAP authentication. That username and password will be specified below.


  1. Now you will need to configure the RADIUS authentication in your SonicWall appliance. Here are some screenshots of my configuration. You will be specifiying the IP address of the device where you installed your DUO Proxy Authentication Software. Please note that you will need to uncheck the Use Radius In check box in the SSL VPN Server Settings section.
    SonicWall RADIUS Setup
    SonicWall RADIUS Setup
    SonicWall RADIUS Setup
  2. The last thing you will need to do is setup your users in the DUO website. This included activating their mobile devices for push notification as well. The usernames should match exactly to the username in Active Directory. The domain information will not be passed to DUO so just the username needs to be the same.
    DUO Security User Section
  3. Now just test your configuration with your SonicWall NetExtender SSL VPN Client and you should get a push verification notice to your mobile device after proper AD user authentication.
    SonicWall NetExtender Client

Leave a Reply

Your email address will not be published. Required fields are marked *

Leave a Reply

Your email address will not be published. Required fields are marked *