Table of contents<\/h2>- Prerequisites for Sophos Zero Trust<\/a><\/li>
- Activate Sophos Central ZTNA<\/a><\/li>
- Wildcard certificate<\/a><\/li>
- Set up ZTNA<\/a><\/li><\/ul><\/div>\n\n
Prerequisites for Sophos Zero Trust<\/h2>\n\n\n- Sophos Central AccountSophos Central CreateSophos Central 30 days free trial account<\/a>)<\/li>\n\n\n\n
- Azure Active Directory with users and groups<\/li>\n\n\n\n
- VMware ESXi, Microsoft Hyper-V or Amazon Cloud AWS environment for new VM<\/li>\n\n\n\n
- Fixed IP address for VM<\/span><\/li>\n\n\n\n
- Wildcard certificate<\/li>\n<\/ul>\n\n
Activate Sophos Central ZTNA<\/h2>\n\n
If you haven’t already tested Zero Trust Network Access, feel free to do so with a new or existing Central Account.<\/p>\n\n\n![\"\"](\"https:\/\/www.avanet.com\/assets\/sophos-zero-trust-network-access-ztna-setup-start-trial-scaled.jpg\")
<\/a>Launch Sophos ZTNA Trial<\/figcaption><\/figure>\n<\/figure>\n\nWildcard certificate<\/h2>\n\n
For ZTNA you need a wildcard certificate.\nI recommend using a certificate that is valid for longer than 3 months, like the Let’s Encrypt certificates are.\nBut often you want to test the ZTNA solution during the 30 days trial period and Let’s Encrypt is a good choice if you don’t already have a wildcard certificate. <\/p>\n\n
If a certificate already exists, perfect.\nIf not, instructions: Create Let’s Encrypt Wildcard Certificate<\/a> <\/p>\n\nSet up ZTNA<\/h2>\n\n
Now, in order to use ZTNA, you must first set up the following five things.<\/p>\n\n
\n- Add directory service: Azure AD Sync with Central to synchronize users and groups.<\/li>\n\n\n\n
- Add identity providers: Set up the identity providers needed for authentication.<\/li>\n\n\n\n
- Add gateway: Create a virtual gateway for each network location.<\/li>\n\n\n\n
- Add policy: Set rules for resource access<\/li>\n\n\n\n
- Add resource: Specify resources and user groups that are allowed to access the resources.<\/li>\n<\/ol>\n\n
\n![\"\"](\"https:\/\/www.avanet.com\/assets\/sophos-zero-trust-network-access-ztna-setup-dashboard-scaled.jpg\")
<\/a>Sophos ZTNA Dashboard<\/figcaption><\/figure>\n<\/figure>\n\n1. Synchronize user (set up directory sync)<\/h3>\n\n
Not only for ZTNA, but for Central in general, it is helpful to use a directory service that synchronizes the users and groups with Central.\nIn the case of ZTNA, however, you need Azure AD or Okta – a normal Windows Active Directory Sync is not sufficient here. <\/p>\n\n
This guide explains how to fulfill this requirement: AddSophos Central Azure AD<\/a><\/p>\n\n2. Add identity provider (Add identitv provider)<\/h3>\n\n
After setting up the Azure AD, you can now enter the corresponding data here: Client ID<\/strong>, Tenant ID<\/strong>, and Client secret<\/strong>.<\/p>\n\n\n![\"\"](\"https:\/\/www.avanet.com\/assets\/sophos-zero-trust-network-access-ztna-identity-provider.jpg\")
<\/a><\/figure>\n<\/figure>\n\n3. Add gateway \/ connector (Set up gateways)<\/h3>\n\n
The Sophos Zero Trust Network Access Gateway is a component of the ZTNA architecture.\nWith this gateway, you can provide secure and controlled access to applications and resources for users and devices. <\/p>\n\n
The article Create Sophos ZTNA Gateway<\/a> explains how to create the ZTNA On-Premise Gateway or ZTNA Cloud Gateway.<\/p>\n\n4. Add policy (Add policy)<\/h3>\n\n
Instructions follow.\nWrite us via the contact form<\/a> if you want us to prioritize this. <\/p>\n\n5. Add resource (Add resources)<\/h3>\n\n
Instructions follow.\nWrite us via the contact form<\/a> if you want us to prioritize this. <\/p>\n\n6. Install ZTNA client on endpoints<\/h3>\n\n
Prerequisites for Sophos Zero Trust<\/h2>\n\n\n- Sophos Central AccountSophos Central CreateSophos Central 30 days free trial account<\/a>)<\/li>\n\n\n\n
- Azure Active Directory with users and groups<\/li>\n\n\n\n
- VMware ESXi, Microsoft Hyper-V or Amazon Cloud AWS environment for new VM<\/li>\n\n\n\n
- Fixed IP address for VM<\/span><\/li>\n\n\n\n
- Wildcard certificate<\/li>\n<\/ul>\n\n
Activate Sophos Central ZTNA<\/h2>\n\n
If you haven’t already tested Zero Trust Network Access, feel free to do so with a new or existing Central Account.<\/p>\n\n\n<\/a>Launch Sophos ZTNA Trial<\/figcaption><\/figure>\n<\/figure>\n\nWildcard certificate<\/h2>\n\n
For ZTNA you need a wildcard certificate.\nI recommend using a certificate that is valid for longer than 3 months, like the Let’s Encrypt certificates are.\nBut often you want to test the ZTNA solution during the 30 days trial period and Let’s Encrypt is a good choice if you don’t already have a wildcard certificate. <\/p>\n\n
If a certificate already exists, perfect.\nIf not, instructions: Create Let’s Encrypt Wildcard Certificate<\/a> <\/p>\n\nSet up ZTNA<\/h2>\n\n
Now, in order to use ZTNA, you must first set up the following five things.<\/p>\n\n
\n- Add directory service: Azure AD Sync with Central to synchronize users and groups.<\/li>\n\n\n\n
- Add identity providers: Set up the identity providers needed for authentication.<\/li>\n\n\n\n
- Add gateway: Create a virtual gateway for each network location.<\/li>\n\n\n\n
- Add policy: Set rules for resource access<\/li>\n\n\n\n
- Add resource: Specify resources and user groups that are allowed to access the resources.<\/li>\n<\/ol>\n\n
\n<\/a>Sophos ZTNA Dashboard<\/figcaption><\/figure>\n<\/figure>\n\n1. Synchronize user (set up directory sync)<\/h3>\n\n
Not only for ZTNA, but for Central in general, it is helpful to use a directory service that synchronizes the users and groups with Central.\nIn the case of ZTNA, however, you need Azure AD or Okta – a normal Windows Active Directory Sync is not sufficient here. <\/p>\n\n
This guide explains how to fulfill this requirement: AddSophos Central Azure AD<\/a><\/p>\n\n2. Add identity provider (Add identitv provider)<\/h3>\n\n
After setting up the Azure AD, you can now enter the corresponding data here: Client ID<\/strong>, Tenant ID<\/strong>, and Client secret<\/strong>.<\/p>\n\n\n<\/a><\/figure>\n<\/figure>\n\n3. Add gateway \/ connector (Set up gateways)<\/h3>\n\n
The Sophos Zero Trust Network Access Gateway is a component of the ZTNA architecture.\nWith this gateway, you can provide secure and controlled access to applications and resources for users and devices. <\/p>\n\n
The article Create Sophos ZTNA Gateway<\/a> explains how to create the ZTNA On-Premise Gateway or ZTNA Cloud Gateway.<\/p>\n\n4. Add policy (Add policy)<\/h3>\n\n
Instructions follow.\nWrite us via the contact form<\/a> if you want us to prioritize this. <\/p>\n\n5. Add resource (Add resources)<\/h3>\n\n
Instructions follow.\nWrite us via the contact form<\/a> if you want us to prioritize this. <\/p>\n\n6. Install ZTNA client on endpoints<\/h3>\n\n
Activate Sophos Central ZTNA<\/h2>\n\n
If you haven’t already tested Zero Trust Network Access, feel free to do so with a new or existing Central Account.<\/p>\n\n For ZTNA you need a wildcard certificate.\nI recommend using a certificate that is valid for longer than 3 months, like the Let’s Encrypt certificates are.\nBut often you want to test the ZTNA solution during the 30 days trial period and Let’s Encrypt is a good choice if you don’t already have a wildcard certificate. <\/p>\n\n If a certificate already exists, perfect.\nIf not, instructions: Create Let’s Encrypt Wildcard Certificate<\/a> <\/p>\n\n Now, in order to use ZTNA, you must first set up the following five things.<\/p>\n\n Not only for ZTNA, but for Central in general, it is helpful to use a directory service that synchronizes the users and groups with Central.\nIn the case of ZTNA, however, you need Azure AD or Okta – a normal Windows Active Directory Sync is not sufficient here. <\/p>\n\n This guide explains how to fulfill this requirement: AddSophos Central Azure AD<\/a><\/p>\n\n After setting up the Azure AD, you can now enter the corresponding data here: Client ID<\/strong>, Tenant ID<\/strong>, and Client secret<\/strong>.<\/p>\n\n The Sophos Zero Trust Network Access Gateway is a component of the ZTNA architecture.\nWith this gateway, you can provide secure and controlled access to applications and resources for users and devices. <\/p>\n\n The article Create Sophos ZTNA Gateway<\/a> explains how to create the ZTNA On-Premise Gateway or ZTNA Cloud Gateway.<\/p>\n\n Instructions follow.\nWrite us via the contact form<\/a> if you want us to prioritize this. <\/p>\n\n Instructions follow.\nWrite us via the contact form<\/a> if you want us to prioritize this. <\/p>\n\n<\/a>Wildcard certificate<\/h2>\n\n
Set up ZTNA<\/h2>\n\n
\n
<\/a>1. Synchronize user (set up directory sync)<\/h3>\n\n
2. Add identity provider (Add identitv provider)<\/h3>\n\n
<\/a><\/figure>\n<\/figure>\n\n3. Add gateway \/ connector (Set up gateways)<\/h3>\n\n
4. Add policy (Add policy)<\/h3>\n\n
5. Add resource (Add resources)<\/h3>\n\n
6. Install ZTNA client on endpoints<\/h3>\n\n