This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ZTNA Resource Paths

This question was already asked almost a year and a half ago here, but the answer at the time was just that it's not supported and it's in the backlog. Given that it's been more than a year, and it's actually a feature that's important to us, I want to ask again.

We are looking to replace our VPN with ZTNA, but would like the ability to define access to resources based on an application path, where for example default access to the root domain (eg. www.webapp.com) would be based on one ruleset, but for sensitive areas of the web app (eg. www.webapp.com/admin), a separate ruleset would apply, that would limit access to a smaller group of users. Ideally it would be even possibly to have the root domain publicly accessible and only ask for authentication on certain paths (we have several hybrid-access apps like this).

Right now this is handled via the Web Application Firewall in combination with users being given access based on being on the private network (either physically or via VPN), because the apps themselves are hosted on premises inside our network. But we are looking at a possible move to cloud VMs (eg. Hetzner), and along with it a switch to ZTNA. For purely private web apps, the Sophos ZTNA solution is perfect. But for these hybrid-access apps it seems like a no-go. It would be ideal if this kind of basic access-control based on app path would be possible without the need to also install a web application firewall.

For example, it seems that this is possible with other ZTNA products.

Is this likely to be implemented in Sophos ZTNA any time soon?

Thanks a lot for any infos you can provide.

Michael



This thread was automatically locked due to age.
Parents Reply
  • Such a basic feature is still in backlog for almost 2 years now...
    It is pretty sad that Sophos tries so hard to push its customers onto heavily priced licenses all over the place but somehow does not manage to implement such useful features into their products. The more I am experimenting with Sophos ZTNA, the more I feel like it is a Full Price Alpha.

Children
  • The thing is: A "path" implies, there is a reverse proxy and something does something with the traffic. 

    ZTNA focus on the connection based between A and B and not the "what happens inside of the connection stream".

    Just pointing out, this is not something easily implementable for DEV, instead it needs a reverse proxy to work inside of the solution. 

    __________________________________________________________________________________________________________________