Skip to content

Resources & Access

You can manage the resources controlled by Zero Trust Network Access (ZTNA), and control access to them.

Go to ZTNA > Resources & Access to see and add resources (web apps, web pages, and local apps) for users to access through a ZTNA gateway. You control access with Policies.

Agent-based and agentless access

You can select agentless or agent-based access for a resource.

  • Agentless: This can only control access to web apps and pages, not local apps. It can't check device health.
  • Agent: This is more flexible. This can check device health and control access to all types of resources. You must install the Sophos Endpoint agent on your devices. This stops potentially infected devices accessing your resources.

Alerts for resources that are unreachable are only shown for agentless resources.

Web and local apps

The way you set up local apps on a gateway is different from web apps and pages.

  • Local apps: You must use an IP address to connect to local apps.
  • Web apps and pages: You must use an FQDN to connect to web apps and pages.


    If you selected Agentless access, the external FQDN for a web app or page must be publicly available. If you selected Agent access, the external FQDN must not be publicly available, or you won't be able to access the resource.

Add resource

Click Add resource.

For step-by-step instructions, see Add resources.

You can only apply one policy to a resource. If you apply a new policy to a resource that already has one applied, the old policy is no longer applied to it.

After you've added a resource, you can click it to see a summary. You can Edit a resource's settings or Delete it.

Click User groups to see the policy and groups assigned to a resource. You can click the policy name to see or change the policy.

If you add or remove users from a group, you might not see the change on the gateway for up to an hour.