Skip navigation
Duo Blog
Admin Login
Documentation

Duo Two-Factor Authentication for SonicWall SRA or SMA 100 Series SSL VPN with RADIUS and Duo Prompt

Last Updated: April 2nd, 2025

Contents

Related

End of Support Information

The iframe-based traditional Duo Prompt in SonicWall SRA or SMA RADIUS configurations reached its end of support on March 30, 2024. Customers must migrate to a supported Duo Single Sign-On application with Universal Prompt or a RADIUS configuration without the iframe for continued support from Duo.

We recommend you deploy Duo Single Sign-On for SonicWall SMA 200 Series to protect SonicWall SRA or SMA with Duo Single Sign-On, our cloud-hosted identity provider featuring Duo Central and the Duo Universal Prompt.

Another alternative is to reconfigure your existing radius_server_iframe Duo Authentication Proxy application so that it does not use the iframe, for example, RADIUS with Automatic Push for SonicWall SRA or SMA. See the "Related" links to the left to explore more RADIUS configurations.

Learn more about options for out-of-scope applications in the Universal Prompt update guide, and review the Duo End of Sale, Last Date of Support, and End of Life Policy.

If you are using SonicWall Mobile Connect client or SonicWall's Global VPN Client using IPsec please see the VPN Client Instructions to configure the SonicWall device to use Duo Security's push authentication.

Other types of SonicWall devices (such as the SMA 1000 series, NSA series, or Aventail) may also work with Duo's RADIUS Application.

The instructions for this solution were removed on April 2, 2025. Customers who had this configuration deployed before then and need to refer to the original instructions may contact Duo Support.

Troubleshooting

Need some help? Review troubleshooting tips for the Authentication Proxy and try the connectivity tool included with Duo Authentication Proxy 2.9.0 and later to discover and troubleshoot general connectivity issues.

Also take a look at the SonicWall SRA Frequently Asked Questions (FAQ) page or try searching our SonicWall SRA Knowledge Base articles or Community discussions. For further assistance, contact Support.

Network Diagram

SonicWall Network Diagram
  1. Primary authentication initiated to SonicWall SRA
  2. SonicWall SRA send authentication request to Duo Security’s authentication proxy
  3. Primary authentication using Active Directory or RADIUS
  4. Duo authentication proxy connection established to Duo Security over TCP port 443
  5. Secondary authentication via Duo Security’s service
  6. Duo Authentication Proxy receives authentication response
  7. SonicWall SRA access granted