Sophos ZTNA: Access Sophos Firewall Web Admin from ZTNA (Part 7: Add resources)

DisclaimerThis information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


This Recommended Reads is Part 7 (the last part) of the Series "Access the Sophos Firewall Web Admin from ZTNA".


  • Reading rights to Sophos Central
  • Admin rights to your 3rd Party DNS

Add Resources

Finally, we need to add the resource in ZTNA to access the Sophos Firewall. 

In Sophos Central, go to:

ZTNA > Resources & Access > Add Resource

In the new window that pops, enter a


(A meaningful name; as you add more resources, it might become difficult to identify resources)


(The gateway we created in Part 5)

Access Method

Resource Type

External FQDN

(FQDN of your Sophos Firewall; when you click the resource in ZTNA, it’ll redirect you to this FQDN)

Assign User Groups

(add the Group or Users we created in Part 2 and synced in Part 3)

(Note: The left square is what is available, the right square is the User/Groups that will have access to this resource)


This will create the resource and a summary 

Copy and Paste the Alias Domain as we’ll need it.

That is all for Sophos Central.

Now go to your 3rd party DNS provider, in our case, NameCheap (Note: We don't enforce the use of NameCheap; I use it simply because I bought my domain from them) 

In NameCheap, go to Domain List > your domain name > Manage > Advanced DNS > Under Host records, click Add New Record.

Type = ALIAS Record

Host = xg1

(In the FQDN of your Sophos Firewall, where ZTNA will redirect you to, once you access the ZTNA Application Portal) 

Value = 

(The Alias Domain for the Resource)

TTL = 5 minutes

Click the tick (save changes)

Wait between 5 to 30 minutes for the records to propagate.

And that is all for your DNS.

Note: You also must have your A records set up, but this RR assumes you have at least one set up)

Accessing the Sophos Firewall from ZTNA

1. Open your browser and type (or your ZTNA FQDN Gateway) 

2. You will be redirected to

3. Enter the email address of the user we created and have access to the ZTNA resource for the Sophos Firewall

Once authenticated, you should see the ZTNA Application Portal and the resources assigned to the user.

4. Click the Application you want to access in our case (Sophos Firewall Portal)

You should now see the Sophos Web Admin Portal

Note: Next time you type the ZTNA gateway in the same browser where you authenticated, you won't be asked to authenticate again unless you don't access the URL in 7 days.