Hey all, We're using ZTNA wherever we can, normally with Sophos firewalls. Works great. We have one situation where we're hosting servers for clients, so we need to use the VM gateway as only one tenant can use the firewall. We have had mixed results…

Hi, Is there an expected timeline for when there will be API endpoints for ZTNA? Being able to provision resources using an API would be a massive quality of life improvement as opposed to the current situation where we are required to manually provision…

I just want to check on IDEA ZTNA-I-201. DVRs and NVRs are so very vulnerable and they are seldom updated to mitigate security vulnerabilities. Wish more ppl used MileStones, a Windows based NVR that we can lock down easily. Be nice if customers could…

Hi While researching some RDP connection drops over ZTNA, I discovered some unusual ARP behavior on ZTNA TAP adapter: unicast ARP (for ARP table renewal) is never answered. The host (or ztna-gateway, i'm not sure) waits for the broadcast. So there is…

Hello I have a locally hosted network monitoring software that isn't working well with ZTNA. The front end of the software of course is a web page that runs off ports 443 and 80. The dashboard widgets present live snmp, ping, and other statistical information…

I have an ZTNA Client which is connected to an ZTNA Firewall Gateway. The Client is connecting to an ZTNA Ressource (192.168.1.10) which is behind an IPSEC S2S VPN of the Firewall meantioned above as the ZTNA Gateway. The ZTNA Gateway has more configured…

We host a web server internally and it's used for management of some network devices. We would like to move it to ZTNA, but some of our customers IT support staff have access. Any idea how/if we could grant them access via ZTNA?

We have had an increasing amount of mac computers where in the system vpn settings the ZTNA switch has been turned off by itself. And in randomly so there is no way to make it happen if I try. This causes the ZTNA to go in "not configured" mode.

Hello Sophos Community, I'm currently using Sophos Zero Trust Network Access (ZTNA) to connect remotely to a shared folder on an RDS server, plus RDP and connect to Remote Apps. The shared folder is mapped as the D drive on staff laptops. However, I…

Hi Folks, we are using ZTNA for several user and notice that sometimes, ZTNA seems to be green and connected, but in fact, DNS resolving for ressources on 100.64.0.x is not working -> no response. So it seems, that ZTNA is not fully working. After…

How do we configure a requirement for both agent and agentless to require daily authentication? We have attempted this through M365 conditional access policies asking it to request sign in but it has no affect. It seems unsecure to essentially never…

it would be ideal if it were possible to assign multiple verified domains and there FQDNs to a single gateway, I have now run into this limitation myself as i wanted to be able to use different domain names / FQDNs to different resources in a single tenant…

I have followed KBs ( https://support.sophos.com/support/s/article/KBA-000008481?language=en_US ) to get nearly all aspects of domain communication to work for ZTNA endpoints. They are able to change passwords, authenticate, access file shares over SMB…

ZTNA has stopped working ... possible after uploading new certificates. - open "fhem.ztna.mydomain.de" Authentication is triggered but afterwards i got a black screen - redirect to AZURE-Auth -- authenticating (i try different users) - redirected to …

Hello, is there an update on the topic of SRV entries via ZTNA? When will the workaround finally be implemented? We have used the workarounds and they work most of the time. Unfortunately, from time to time the SRV queries are not intercepted by the…

Hello, We have been using ZTNA for several months now and are quite happy with it overall. What is a problem, however, is that some clients only download updates or new resources after a reboot. Other clients get the updates within a few seconds. But…

Hi all, I've used ZTNA with FW as gateway for one year. After a license-issue, i am able to activate the 3 free licences and are able to reach central-ZTNA-configuration again. My old config is there, but my current/active firewall is no longer available…

I managed to find the ZTNA banner on the firewalls page which i activated and received the notification that the ZTNA subscription had activated, but then the ZTNA product page never loads via products, also initially when redirected to the ZTNA page…

Hello! While doing a basic HTTP speedtest you can see the throughput of the Agent-based resources is considerably low compared to an Agentless resource. Is there a reason for that? Latency and bandwidth aren't an issue since both tests were done…

Hello. I`m using Sophos Firewall as a Gateway. Im trying to access a agentless resource using ZTNA, the configuration process was OK and the DNS configurations OK as well. When we try to access a resource that is on port 9001 we get a no healthy upstream…

I just logged into Central and noticed a mentioning of Free ZTNA licence offer, but the link below just takes you to the community ZTNA page. Is there any info on this offer anywhere as I did like how ZTNA integrated into Firewall, unfortunately the cost…

Has anyone been able to get ZTNA to iDRAC working? I have st all the ports and access method Agent. When I connect to the iDrac i get a web prompt Your connection isn't private Attackers might be trying to steal your information from idrac.xxx…

Hi, Has anyone got a configuration guide for implementing ZTNA for CIFS/SMB servers on-prem. Clients are Azure native Windows 11 and Mac devices. File servers are domain joined on-prem. XGS at the gateway, ZTNA client would be on the device…

Hi all, I m trying to get an rds access with a web gateway but agentless ... I can open the web page but I get an error when I launch the shortcuts. error : the remote resource is inaccessible error 0X300000d Has someone already had this problem…

Hi, is there a way to do the below using either Intercept x or Ztna? 1. Block write but allow read usb 2. Allow access to gmail.com, Hotmail, we mail etc. But block ability to upload files to these sites and other webmail sites? 3. Allow access…