Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
This Recommended Reads is Part 7 (the last part) of the Series "Access the Sophos Firewall Web Admin from ZTNA".
Requirements
- Reading rights to Sophos Central
- Admin rights to your 3rd Party DNS
Add Resources
Finally, we need to add the resource in ZTNA to access the Sophos Firewall.
In Sophos Central, go to:
ZTNA > Resources & Access > Add Resource
In the new window that pops, enter a
Name
(A meaningful name; as you add more resources, it might become difficult to identify resources)
Gateway
(The gateway we created in Part 5)
Access Method
Resource Type
External FQDN
(FQDN of your Sophos Firewall; when you click the resource in ZTNA, it’ll redirect you to this FQDN)
Assign User Groups
(add the Group or Users we created in Part 2 and synced in Part 3)
(Note: The left square is what is available, the right square is the User/Groups that will have access to this resource)
Save
This will create the resource and a summary
Copy and Paste the Alias Domain as we’ll need it.
That is all for Sophos Central.
Now go to your 3rd party DNS provider, in our case, NameCheap (Note: We don't enforce the use of NameCheap; I use it simply because I bought my domain from them)
In NameCheap, go to Domain List > your domain name > Manage > Advanced DNS > Under Host records, click Add New Record.
Type = ALIAS Record
Host = xg1
(In the FQDN of your Sophos Firewall, where ZTNA will redirect you to, once you access the ZTNA Application Portal)
Value = 
(The Alias Domain for the Resource)
TTL = 5 minutes
Click the tick (save changes)
Wait between 5 to 30 minutes for the records to propagate.
And that is all for your DNS.
Note: You also must have your A records set up, but this RR assumes you have at least one set up)
Accessing the Sophos Firewall from ZTNA
1. Open your browser and type ztna.sohos.com (or your ZTNA FQDN Gateway)
2. You will be redirected to login.microsoftonline.com/abunchoflettersandsnumbersandsymbolsakaastoken=true
3. Enter the email address of the user we created and have access to the ZTNA resource for the Sophos Firewall
Once authenticated, you should see the ZTNA Application Portal and the resources assigned to the user.
4. Click the Application you want to access in our case (Sophos Firewall Portal)
You should now see the Sophos Web Admin Portal
Note: Next time you type the ZTNA gateway in the same browser where you authenticated, you won't be asked to authenticate again unless you don't access the URL in 7 days.