ZTNA agent based access in office

Question

Hi everybody, 
 I would like to get some help with ZTNA in office. 
 I have a client with ZTNA agent installed. Accessing on prem resources over an external network works correctly. 
 But if I put the client into the on prem (our internal) network, access stops working. 
 Checking wireshark on the client I can see that it wants to connect to the resource by using source IP 100.64.0.1 destination IP 100.64.0.10. But 100.64.0.10 does not answer while in the internal network. 
 Am I missing something in my firewall configuration? 
 
 Edit: Maybe I should also mention that I have setup a ZTNA Gateway as VM in our internal network in Sphos Cloud Mode. 
 
 Regards 
 Philipp

Philipp N. · Accepted Answer

Solved: 1) a route to our second ISP for traffic to the gateway alias was missing because our primary ISP intercepts the HTTP traffic in a bad way 2) added a FW rule to allow contact to Sophos Heartbeat for agent based access (Port 8347)

ZTNA agent based access in office

Top Replies