Skip to content
Avanet
Sophos ZTNA Gateway on Sophos Firewall

Sophos ZTNA Gateway on Sophos Firewall

Since Sophos Firewall version 19.5 MR3, it has been possible to use the Sophos ZTNA Gateway on Sophos Firewall. The solution is genuinely excellent and simple, but there is one catch to keep in mind (15 GB).

ZTNA Gateway (Cloud vs. On-premise)

The ZTNA Gateway is required to use Zero Trust. There are two different deployment modes: the on-premise gateway and the Sophos Cloud Gateway.

On-premise Gateway: This mode provides a direct, fast data connection without restrictions by installing the gateways in your own data center or on an in-house hypervisor. Although it offers greater control over the infrastructure, it also requires more administrative effort because firewall ports must be opened and NAT rules created.

Sophos Cloud Gateway: By contrast, the Sophos Cloud Gateway provides secure and isolated network delivery through the Sophos cloud. This mode guarantees 99.999% availability and allows users to connect to applications easily without having to open firewall ports or create NAT rules. One drawback, however, is the traffic limit of 15 GB per user per month, which can be reached quickly when network drives are involved.

There is no wrong decision here, as you always have the option to switch to the other method with relatively little effort.

Sophos ZTNA Connector on Sophos Firewall
Source: sophos.com

ZTNA Cloud Gateway on Sophos Firewall

The SFOS v19.5 MR3 update integrates the ZTNA Cloud Gateway into Sophos Firewall. This significantly simplifies ZTNA deployment because a separate ZTNA Gateway VM is no longer required. The firewall now takes on the role of the ZTNA Gateway, eliminating the need for hypervisor hosts and making it possible to get started within minutes. If you have a Firewall HA cluster, the ZTNA Gateway is of course highly available as well. Both the hardware appliance and the software solution can be used as a ZTNA Gateway.

Add Sophos Firewall ZTNA Cloud Gateway to Central
Add Sophos Firewall ZTNA Cloud Gateway to Central

Traffic Limitation

This limitation is not necessarily a disadvantage, but you should keep it in mind and plan which applications you want to use ZTNA for.

With the Cloud Gateway, data traffic passes through a data center, which creates traffic costs for Sophos. That is why a limit of 15 GB per user per month has been defined. If multiple users are licensed, the limit is aggregated across all users. So if you have data-hungry applications, the on-premise method is probably the better choice.

Licensing

No additional budget is required to use the ZTNA Gateway on Sophos Firewall. The ZTNA Gateways are free regardless of the deployment scenario and do not require a license. Only the users who use the service must be licensed per user.

Prices: Sophos Central Zero Trust Network Access

Let’s get started

If you want to test the ZTNA Gateway on Sophos Firewall or the on-premise gateway, here are a few helpful links to get you started:

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.