RE: External Partners Accessing DMZ

Raphael Alganes — Tue, 19 Nov 2024 11:48:19 GMT

Hello Reem,

Good day, and thanks for reaching out.

Your proposed setup of clientless VPN should work since FTPS is supported on Clientless SSL VPN Bookmark: https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/Clientless/index.html

I think the catches here are:

-you do not have control over the end machine of the external partner (please take note of putting the server into a DMZ should the end machine has potential compromise)

-clientless relies on HTTP/S to access resources and could potentially cause overhead

-lacks further verification and access control, usually doesn't put zero-trust model architecture into consideration etc.

Some Pros I can think are:

-they are usually easy to implement and configure

-suitable for yout external partners since they do not need to install anything and will just access the resource on demand

That being said, the feature should work, but consider and weigh the items above (the list could go on, I only suggested essential ones I can quickly think of 🙂 )

Further, I may recommend you as well to be in touch with your local Sophos Sales Engineer or Sophos Partner to discuss further your setup.

I hope this helps you on your implementation.

Regards,