Discover potential Apps in your Network

Note: Please contact Sophos Professional Services if you require direct assistance with your specific environment.

Sophos ZTNA relies on having an Application created within Central Admin. The Application needs to be configured as an FQDN in Central Admin to give the Client the route to the ZTNA Gateway. Certain applications use multiple FQDNs, which could be potentially unknown to the administrator. For example, an application, which uses load balancing technology and tries to connect to the destination host directly. 

To uncover such unknown hostnames // FQDNs you can use Wireshark on a test client or you can use Sophos Intercept X XDR live discover. XDR has the capabilities to query information from a client directly. 

You’ll find an XDR query to discover all used DNS FQDNs: https://community.sophos.com/intercept-x-endpoint/i/uncategorized/live-discover-query-for-all-dns-requests-in-a-time-frame-with-process-ztna-app-discover

You can create this query directly in Central. (Turn on the Designer Mode for the creation process). 

You need to specify the variables like this: 

Then enter your test timeframe. You can use " % " for Process Name if this is unknown to you. 




Added Horizontal Line
[edited by: emmosophos at 5:03 PM (GMT -7) on 4 Apr 2022]