Skip to content

Latest commit



196 lines (156 loc) · 5.68 KB

File metadata and controls

196 lines (156 loc) · 5.68 KB

Cisco Duo Network Gateway Raspberry PI

What is it ?

This project guide you through the deployment of a Cisco Duo Network Gateway (DNG) in a lab environment. The Cisco DNG will act as a reverse proxy to secure remote access to application without any VPN.

Cisco Duo Network Gateway documentation


Get started

1. Cisco DNG installation

The Cisco DNG will be installed on a Raspberry Pi 4 running Ubuntu 22.04 LTS:

image Host: Raspberry Pi 4
Hostname: raspberrypi4

1.1 Download the Duo Network Gateway configuration file

curl -JO
Expected output
xvalette@raspberrypi4:~/cisco-duo$ curl -JO

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                               Dload  Upload   Total   Spent    Left  Speed
100  1358  100  1358    0     0   1496      0 --:--:-- --:--:-- --:--:--  1495

xvalette@raspberrypi4:~/cisco-duo$ ls

1.2 Emulate a AMD64 architecture on the Raspberry (optionnal on AMD64 devices)

ⓘ Duo Network Gateway expect a AMD64 system, where the Raspberry is a ARCH64,

A workaround is to use a Docker image maintained by tonistiigi :

docker run --privileged --rm tonistiigi/binfmt --install amd64 
Expected output
xvalette@raspberrypi4:~/cisco-duo$ docker run --privileged --rm tonistiigi/binfmt --install amd64 

Unable to find image 'tonistiigi/binfmt:latest' locally
latest: Pulling from tonistiigi/binfmt
6dda554f4baf: Pull complete 
2b0720d7a501: Pull complete 
Digest: sha256:66e11bea77a5ea9d6f0fe79b57cd2b189b5d15b93a2bdb925be22949232e4e55
Status: Downloaded newer image for tonistiigi/binfmt:latest
installing: amd64 OK
  "supported": [
  "emulators": [

1.3 Run the Duo Network Gateway dockers

sudo docker compose -p network-gateway -f network-gateway-2.2.0.yml up -d
Expected output
xvalette@raspberrypi4:~/cisco-duo$ sudo docker compose -p network-gateway -f network-gateway-2.2.0.yml up -d
xvalette@raspberrypi4:~/cisco-duo$ sudo docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                      NAMES
170975b904b3   duosecurity/network-gateway   "bash -c /bin/run-co…"   35 seconds ago   Up 32 seconds>443/tcp, :::8443->443/tcp                                    network-gateway-admin
88589143fb9b   duosecurity/network-gateway   "bash -c /bin/run-co…"   35 seconds ago   Up 32 seconds>80/tcp, :::80->80/tcp,>443/tcp, :::443->443/tcp   network-gateway-portal
bdfc487ef00b   duosecurity/network-gateway   "docker-entrypoint.s…"   35 seconds ago   Up 33 seconds   6379/tcp                                                                   network-gateway-redis

2. Cisco DNG, Duo and Azure AD configuration

2.1 Set-up the admin access to the Cisco DNG

Connect to the Duo Network Gateway web interface https://<Your Cisco DNG IP>:8443

Expected output


Generate a temporary password

sudo docker exec network-gateway-admin reset-password
Expected output
xvalette@raspberrypi4:~/cisco-duo$ sudo docker exec network-gateway-admin reset-password

Enter the given password in the Set Duo Network Gateway passwordpage, and set your new admin password

Expected output image

Azure AD configuration

image User: xvalette
Single sign-on: SAML
Primary domain:
Application Name: Duo SSO