Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azure SAML auth for Connect SSL VPN

Hi, 

what is the status of this development, when is it coming?
has sophos not yet understood how important this is for customers?

the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now.
and no, i don't need a ztna for x thousand chf, i need a cleanly implemented saml solution for vpn.
and also dont need tokens, that do not work with microsoft authentificator app. and no, my users, wont isntall 3 or 4 authenticator apps on their phones.

thx...



This thread was automatically locked due to age.
Parents
  • It is on the roadmap to build. Sophos understand the need.

    What does you bother on ZTNA? Is it the price? On the other end, you get fully managed client via Central without any kind of Client management anymore. 

    __________________________________________________________________________________________________________________

Reply
  • It is on the roadmap to build. Sophos understand the need.

    What does you bother on ZTNA? Is it the price? On the other end, you get fully managed client via Central without any kind of Client management anymore. 

    __________________________________________________________________________________________________________________

Children
  • I'm feeling invited to also answer this question.....

    I do see the advantage of ZTNA, however it's quite an investment to change over all our users from (free) VPN-service on Sophos firewall to ZTNA. Our IT-budget is growing year over year and usually it's growing more than any other expenses in the company. Still there are so many wishes that we would like to start using in the next couple of years (a zero trust solution being one of them), but we can't start using them all today and we may not even be able to start using some of them at all.

    While I know that VPN and zero trust are completely different solutions, it is possible to be very granular in what is accessible from VPN client. We have a lot of SSL-VPN policies assigned to just as many user groups to give access to only the specified server(s) and port(s) needed. This added with the heartbeat function in firewall rules also checks the client system to a certain degree.

    Configuring it this way makes it imho quite safe so access is only granted if the hearbeat has a green check mark and only the services that are really necessary for any given user are reachable. This allows us to postpone investing in ZTNA and invest in other things first.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • So to boil it down: The price vs free VPN is the only issue here? 
    Something which we(Sophos / Sophos Sales) could address here with a customer today? 

    __________________________________________________________________________________________________________________