Announcing Duo’s MFA for Cisco’s Firepower Threat Defense (FTD)


March 7, 2019 - 1 Comment

This blog post is the second in a three-part series on how Duo’s MFA integrates with Cisco technology. Read part one here.

More than 5,000 customers use Duo’s multi-factor authentication (MFA) with Cisco’s AnyConnect to provide secure VPN access to users – the integration with Cisco’s AnyConnect VPN is one of Duo’s most popular.

Up until now, customers were able to secure their AnyConnect VPN client running on Adaptive Security Appliance (ASA) products only.

Secure Access on Firepower Threat Defense (FTD)

We recently extended our ability to secure Cisco offerings with the beta availability of Duo’s MFA for AnyConnect running on Cisco’s Firepower Threat Defense (FTD). You can learn more about Cisco FTD here. Previously, you were only able to secure your AnyConnect VPN client running on Adaptive Security Appliance (ASA) products.

This integration gives admins the ability to deploy Duo’s MFA to secure VPN access, and it gives users the flexibility to choose one of several authentication options, such as Duo Push, OTPs, Phone call, SMS or hardware tokens to authenticate with Duo.

Most Duo customers use Duo Push, which is an easy and secure way to authenticate. Push authentications give admins visibility into users’ mobile devices and insights into the security posture of those devices. If a device does not align with corporate security policies, such as having a passcode lock enabled, it can be blocked from receiving Push notifications, prompting the user to take appropriate remediation action.

To enable this integration, you need to upgrade to Firepower version 6.3 using Firepower Management Center (FMC) as the management software. Future software releases will include support for Firepower Device Manager (FDM), the on-box management software used to manage FTD.

This integration is available with all editions of Duo: Duo Free, Duo MFA, Duo Access and Duo Beyond.

To set up this integration, please refer to this integration document. You can also get in touch with your account executives.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

1 Comments

  1. Thanks alot for this valuable information.