Today, the network product team is pleased to announce the general availability of Sophos ZTNA v2, which enables ZTNA-as-a-Service via the Sophos cloud and new macOS agent support for zero trust endpoints.
This marks a significant milestone for us, being the first of our SASE (Secure Access Service Edge) solutions, paving the way for more exciting cloud-delivered security solutions in the future.
ZTNA – the ultimate remote access VPN replacement
Zero Trust Network Access (ZTNA) provides the ultimate networked application access, particularly for remote workers, but works equally well both in and out of the office.
ZTNA provides better security by only providing access to specific applications, easier more scalable cloud management, and a more transparent end-user experience than remote access VPN.
ZTNA not only secures access to the applications you own in your on-premise data center or AWS, but can also control access to SaaS applications that support IP address access control by limiting access from your ZTNA gateway IPs.
New ZTNA-as-a-Service cloud gateways
This latest release of our ZTNA platform makes deployment even easier and security even stronger by utilizing lightweight gateways on the application side that establish secure encrypted connections to the Sophos cloud on port 443, eliminating any need for firewall NAT configuration.
This enhances security by eliminating open firewall ports to the internet and provides a further abstraction of the applications that ZTNA is protecting.
With these new ZTNA gateways, the Sophos cloud now brokers the secure connections between zero trust endpoints and your applications. These new ZTNA gateways offer the same platform support as the current on-premise gateways: VMware, Hyper-V, and AWS.
In summary, with this release, there are now two options for ZTNA application gateways:
- Cloud gateways introduced in this release provide a new lightweight gateway deployment option that connects automatically via port 443 to the Sophos cloud at regional points of presence. This solution offers the most streamlined deployment option without requiring any firewall configuration and makes the applications more invisible and secure as a result.
- On-premise gateways continue to provide a private data plane connection directly between your zero trust endpoints and applications. This solution will be best for those customers who have concerns about latency via the Sophos cloud points of presence. Current customers can switch to the new cloud gateways or continue to run these on-premise gateways or utilize the new cloud gateways in a mixed or hybrid approach.
ZTNA-as-a-Service cloud points of presence currently include:
- Europe (Ireland and Frankfurt)
- North America (Ohio and Oregon)
- Asia Pacific (Mumbai and Sydney)
You select your preferred cloud point of presence when setting up your ZTNA connectors in Sophos Central.
macOS support
Running agentless continues to be an option for web-based apps on all platforms, including mobile devices.
Getting started
These new capabilities are now included in Sophos ZTNA, available on Sophos Central. Simply log into your Sophos Central account to begin taking advantage of these new capabilities.
Review the documentation and stop by the community forums to discuss the release.
If you’re new to Sophos ZTNA, learn more at Sophos.com/ZTNA.