SAML support for SSL VPN

Hi,

please provide a list of the majority of players rather than generic statements.

Ian

Cisco ASA for example - About SSO and SAML 2.0

and SAML SSO resolve disconnect problems after sleep PC. Today, if PC goes to sleep my ssl vpn session will be destroyed. This is not convenient if 2fa is on. But, I can configure cisco asa, anyconnect and idP to automatically reconnect vpn because the sso token remains valid some time. Without SSO I have to enter password+2fa every time to reconnect

And thanks to the centralized idP, you can use a single 2fa code (or another protocols, for example: fido2) with all the applications integrated into it. This is much safer than 100500 programs, policies and 2fa codes

Looking into the ZTNA Market, Sophos already supports SAML via Azure AD and OKTA. And this is actually the future. 

If IT Security is your focus (which should be) you should take a look into the ZTNA Market instead. 

> Looking into the ZTNA Market, Sophos already supports SAML via Azure AD and OKTA.

Where is Sophos XG SSL VPN support SAML? Please send link/screenshot/example/etc. I use keycloak and I want to try.

> If IT Security is your focus (which should be) you should take a look into the ZTNA Market instead. 

If IT security is your focus (which should be), you should start by having a single account provider for all your services over OIDC or SAML. Identity providers aka idP (for example: keycloak, ADFS, authentik, ory hydra, etc) resolve this point

zero trust network access - too broad and redundant in the context of the first question

Sophos ZTNA is a own Product because it uses a own technology and not SSLVPN. 

https://www.sophos.com/en-us/products/zero-trust-network-access

LuCar Toni, the first question was about the Sophos XG. See tags in this question on the left ;) 

ZTNA does not apply in homelab, because free community license not available 

I know, and i gave an answer for the market and the product line. It is not available in SFOS right now. VPN will maybe be replaced in the near future by near technology like ZTNA. 

Hello Lucar Toni,

when you promote Sophos ZTNA technology so strongly, I think it would be appropriate to also mention how much Sophos ZTNA technology costs!

I'll leave it up to you if you find the courage to publish the price for Sophos ZTNA in this forum.

Regards

alda

Sure i can do this. Sophos ZTNA will be licensed based on the User count (Like Sophos Central Endpoint). As it is tied with the EP, it uses the same mechanism to license the product. 

As a Sophos Partner you can find the user band price on the Pricelist. The price can vary based on your region. If you want to get a price for your current region as a customer, you can ask for a offer directly by your Sophos Partner. Or on the Sophos Website: https://www.sophos.com/en-us/products/zero-trust-network-access/get-pricing

But still keep in mind. ZTNA is not a VPN replacement. Instead it is a part of the zero trust concept. This means it is a overhaul of your current security approach within your company. VPN is simply to connect a client to your network. ZTNA is being used even within your company network. You likely gonna replace the entire concept you used for the past decades with this technology. 

You rebuild the architecture you are using and used to by using technologies like ZTNA. Simply roll out the Endpoint, using Central and give your users access to all needed facilities, no matter where there are. Even in your own building.