Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN access condiitonal access (etc like Checkpoint VPN)

Hi everyone, 

been curious lately, is it possible to have something like checkpoint conditional access (like is windows up to date, is defender/antivius activated and so on) before allowing  to the vpn gateway.

And im not talking abou ZTNA since that isnt exactly a ssl vpn replacment but rather a way to make often used ressourced securitly available via the internet.

I know there is a way to associate a firewall rule with a hearbeat status, but that once again is happening once the client is already virtually inside the network.

Greetings,

George



This thread was automatically locked due to age.
Parents
  • The only conditional access I'm aware of with Sophos Connect Client is endpoint heartbeat status. I'm not sure you're right about that happening "once the client is already virtually inside the network." It might allow the client to authenticate to the firewall without a green heartbeat, but it should then block any traffic to inside the network, assuming the rules are configured as such.

    Sophos ZTNA currently uses the heartbeat, as well. I believe it's checked at the time the user attempts to access a specific resource. I also believe there has been discussion of adding other compliance checks, though I don't know if/when they show up on the roadmap.

    While the technologies are different, ZTNA can replace VPN in the majority of use cases.

Reply
  • The only conditional access I'm aware of with Sophos Connect Client is endpoint heartbeat status. I'm not sure you're right about that happening "once the client is already virtually inside the network." It might allow the client to authenticate to the firewall without a green heartbeat, but it should then block any traffic to inside the network, assuming the rules are configured as such.

    Sophos ZTNA currently uses the heartbeat, as well. I believe it's checked at the time the user attempts to access a specific resource. I also believe there has been discussion of adding other compliance checks, though I don't know if/when they show up on the roadmap.

    While the technologies are different, ZTNA can replace VPN in the majority of use cases.

Children
No Data