ZTNA Resource Paths

This question was already asked almost a year and a half ago here, but the answer at the time was just that it's not supported and it's in the backlog. Given that it's been more than a year, and it's actually a feature that's important to us, I want to ask again.

We are looking to replace our VPN with ZTNA, but would like the ability to define access to resources based on an application path, where for example default access to the root domain (eg. www.webapp.com) would be based on one ruleset, but for sensitive areas of the web app (eg. www.webapp.com/admin), a separate ruleset would apply, that would limit access to a smaller group of users. Ideally it would be even possibly to have the root domain publicly accessible and only ask for authentication on certain paths (we have several hybrid-access apps like this).

Right now this is handled via the Web Application Firewall in combination with users being given access based on being on the private network (either physically or via VPN), because the apps themselves are hosted on premises inside our network. But we are looking at a possible move to cloud VMs (eg. Hetzner), and along with it a switch to ZTNA. For purely private web apps, the Sophos ZTNA solution is perfect. But for these hybrid-access apps it seems like a no-go. It would be ideal if this kind of basic access-control based on app path would be possible without the need to also install a web application firewall.

For example, it seems that this is possible with other ZTNA products.

Is this likely to be implemented in Sophos ZTNA any time soon?

Thanks a lot for any infos you can provide.


Parents Reply Children