![]() ![]() Before proceeding, you should locate (or set up) a system on which you will install the Duo Authentication Proxy. To integrate Duo with Amazon WorkSpaces, you will need to install a Duo RADIUS authentication proxy service on one or more EC2 instances in an AWS VPC, or on one or more machines in an on-premises environment. ![]() If your organization requires IP-based rules, please review this Duo KB article. ![]() Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If you would like to keep your traffic completely private and as low latent as humanly possible, then implement an AWS Direct Connect Public Peering session to have the streaming media IP ranges for your region advertised as routes via Border Gateway Protocol (BGP) on your network.This application communicates with Duo's service on TCP port 443. For these reasons I’d recommend bypassing proxy devices and not decrypting the packets for all WorkSpaces network traffic. DSCP Afterĭifferentiated Service Field = AF41 Handy Hints for Traffic Bypass proxies and WAN optimization devicesĪll streaming traffic is encrypted and is typically not able to be inspected by proxy/firewall devices. Looking at the UDP packets we can see before/after DSCP tagging DSCP BeforeĪnd after the policy is enabled. Stop the capture and filter by the below expression. To test whether the packets are being tagged, install Wireshark on your PC that has AWS Workspaces and take a capture while you have a VDI session active.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |