Overview

Sophos Zero Trust Network Access is now available with gateway support for the Microsoft Hyper-V 2016 platform and above. This release also introduces troubleshooting and scalability enhancements with an increase in tunnel capacity from 1,000 to 10,000 clients per node, representing a tenfold increase. 

New to this release:

  • Hyper-V support
  • Troubleshooting via console diagnostics
  • Capacity enhancements
  • SaaS application access with Synchronized Security

Hyper-V 2016+ Support

Hyper-V support expands the ZTNA gateway deployment options considerably by including Microsoft’s very popular hypervisor platform.  Download the new ZTNA gateway image for Hyper-V from the ZTNA Gateways area in Sophos Central.  Click ‘Download gateway VM’ at the top of the screen.

The virtual gateway is also accessible from the ‘Protect Devices’ menu in Sophos Central.

Troubleshooting via Console Diagnostics

One of the most frequently requested enhancements which comes with this release, is support for troubleshooting via console diagnostics on the ZTNA gateway. Users can access the console and run pre-defined diagnostics tests to troubleshoot connectivity or other issues preventing a gateway from being managed via Sophos Central. A brief explanation will be displayed on the console itself. Check out the ZTNA troubleshooting guide for further information.


Node Capacity and Scaling enhancements

Client capacity has been significantly enhanced in this release.  Sophos ZTNA gateways with a single VM node (using 2 cores and 4 GB of RAM) now support up to 10,000 clients, and the maximum cluster of 9 nodes supports up to 90,000 clients. This represents a ten-fold increase over the previous version.

 Existing deployments should update their gateway firmware to take advantage of this enhanced capacity.

Zero Trust Access to SaaS Applications

ZTNA takes advantage of the simplicity of SaaS-based IP Access Enforcement and provides a new method for controlling access to SaaS applications.  

 ZTNA routes SaaS application traffic via the ZTNA gateway and provides several security benefits.

  • Visibility into SaaS access: visibility and reporting from application access to SaaS and private applications.
  • Enforcement: control what users and access methods are allowed to SaaS apps with a Zero Trust approach.
  • Dynamic access with Synchronized Security: automatically isolate and gate access from infected endpoints to stop threats from spreading and impacting data in SaaS and private applications.

 To take advantage of this feature, your SaaS applications must support IP access controls. Whether your users are working remotely or in the office, ZTNA ensures that only verified users and healthy devices can access your important SaaS applications. While this is not a replacement for a full-featured CASB solution, it does provide additional controls and security enhancements for your SaaS applications and data.

 Find out more in the ZTNA User Documentation.

Issues Fixed

Issue Key Summary
NZT-4366 Support Okta without API Access Management License
NZT-2084 Instances show incorrect Active Time Duration after Reboot

How to Update

Updates are available in Sophos Central:

  1. In your ZTNA gateway list, a green arrow will appear next to the version when an update is available

  2. Clicking the green arrow will allow you to see the list of available updates and either apply it now or schedule it.

Note: In order to add more gateway instances to existing deployments, you should first upgrade the existing gateways to the latest build.