ZTNA 2.0 enables ZTNA as a Service (ZTNAaaS), a new cloud-based ZTNA service offering that makes ZTNA deployments even easier. Instead of virtual gateways, it uses lightweight ZTNA connectors on the application side that establish connections to Sophos Cloud on port 443 to eliminate the need for firewall NAT configuration. This also enhances security by eliminating open firewall ports to the internet providing a further abstraction of the application services that ZTNA is providing access to. Sophos Cloud now brokers the secure connections between agents (or zero trust endpoints) and the ZTNA connectors. The new ZTNA connectors support the same platform support as our gateways: VMware, Hyper-V, and AWS.
With ZTNA 2.0, you now have a choice of deployment models:
- ZTNA Gateway – works just as before, with your own data plane using virtual gateways on VMware, Hyper-V, or AWS platforms. This solution will be best for those customers who want to own the data plane and/or have concerns about latency via the ZTNAaaS points of presence (see below).
- ZTNA as a Service – with a Sophos Cloud data plane utilizing new lightweight ZTNA connectors that automatically connect to the Sophos Cloud on VMware, Hyper-V, or AWS platforms through regional Sophos cloud points of presence. This solution offers a more streamlined deployment without requiring any firewall configuration and makes the applications more invisible and secure as a result.
ZTNAaaS cloud points of presence (PoPs) are available in:
- Europe (Ireland and Frankfurt)
- North America (Ohio and Oregon)
- Asia Pacific (Mumbai and Sydney)
You can define your preferred cloud point of presence when setting up your connectors.
The new Sophos ZTNA cloud service is a HUGE milestone for us and we couldn’t be more excited to share it with you. While Sophos ZTNA is the first to take advantage of this new cloud environment, it paves the way for additional SASE products that will be coming your way in the future.
See below for how to get started with early access to ZTNA as a Service.
We are also pleased to offer early access for Apple macOS agent support. Mac users can now get the same single-agent health-based secure access with Intercept X and Synchronized Security as Windows users.
Getting started with these early access programs couldn’t be easier. In Sophos Central, join the Early Access Programs for both ZTNA as a Service and the macOS agent from the drop down menu under your account name in the upper right of the console.
If you were a previous EAP member, that’s great, simply re-enroll to get access to this latest early access program. Your existing configuration will not be affected.
Then for ZTNAaaS, as highlighted below, from the Settings screen under ZTNA, make sure you Turn On ZTNAaaS, and use the Feedback option within Sophos Central to leave your feedback or report any issues.
Review the documentation and be sure to drop by the community forums.
New to Sophos ZTNA
Sophos ZTNA is the ultimate remote access VPN replacement with a single agent, single console, ZTNA, and next-gen endpoint integration, supporting Synchronized Security, all from a single vendor. It’s innovative and unique, earning Frost & Sullivan’s Global New Product Innovation Award for 2022.
Visit the Sophos Partner Portal to access all product, sales and marketing materials.