This file is commonly found in the following locations: Locate your file, then right click on the file and choose Edit.
How to configure sophos home as proxy update#
Perform a workstation install on each workstation to update local Deploy folder. When completed, the file should contain only the information (as per the example) above. Once completed, save and close the nfig file. Highlight all text in nfig file then paste the text you have copied. \\SERVER\AONET\MYOBAO\AOSQL\Central\Deploy \\SERVER\MYOBAO\AOSQL\Central\Deploy
tf-presigned-url-ap-south-1-prod-*-bucket.s3.tf-presigned-url-ap-northeast-1-prod-*-bucket.s3.tf-presigned-url-ap-southeast-2-prod-*-bucket.s3.tf-presigned-url-ca-central-1-prod-*-bucket.s3.tf-presigned-url-us-west-2-prod-*-bucket.s3.tf-presigned-url-us-east-2-prod-*-bucket.s3.tf-presigned-url-eu-central-1-prod-*-bucket.s3.tf-presigned-url-eu-west-1-prod-*-bucket.s3.If you're using the Active Directory service, allow the following pre-signed s3 domains: If your firewall doesn't allow wildcards you can't use Sophos AD Sync utility. To confirm you need to add these domain exclusions, or to test that the exclusions are effective, check your DNS and your connectivity on a device. If you're using TLS inspection or have a firewall that uses application filtering, you must add these domains:
How to configure sophos home as proxy license#
.comĪllow these domains if your license includes MDR.Domains for XDRĪllow these domains if your license includes XDR: You must add these URLs to your firewall or proxy. This is expected as we use Amazon AWS to host several servers. Some firewalls or proxies show reverse lookups with *. addresses. line starting + MCS_URL= Add the domains from both lines to your rules.You may need to allow access to the following Certificate Authority sites if they aren't allowed by your firewall: .comĪdd the domains required for the SophosLabs Intelix service:..comĪdd the domains required for Sophos Management Communication System:.Look for the line starting Opening connection to. You can find it in C:\ProgramData\Sophos\CloudInstaller\Logs.
The domains you need to allow depend on whether your firewall or proxy supports wildcards. If your proxy or firewall supports wildcards, you can use the wildcard *. to cover these addresses.Īllow the following non-Sophos addresses: Managed Detection and Response Complete ServerĪllow the following domains.Managed Detection and Response Complete.Intercept X Advanced for Server with XDR.If you can't, there are some features you can't use.įollow these instructions if you have any of these licenses: See AWS IP address ranges and Amazon IP addresses.Ĭheck whether you can use wildcards in your firewall or proxy rules. This can happen because our products are hosted on Amazon Web Service (AWS), which uses non-static IP addresses. For example, a block on non-US regions could stop services that sometimes run through European regions. These could override your allowed list and prevent Sophos products from working. Recommendationsĭon't use firewall regional rules. If you're setting up Sophos Email Security, see Email domain information. Use this section too if you use Sophos AD Sync to keep your Sophos Central users list up to date. Use this section for your threat protection products. This page tells you which domains and ports you need for the following products: Others aren't, but are needed for essential operations such as checking that installations work or recognizing certificates. Some of the domains you need to allow are owned by Sophos Central Admin. This lets you protect your devices and manage them from Sophos Central.Īll features route traffic using the same proxy.
You must set up your firewall or proxy to allow the domains and ports listed here. Your browser doesn’t support copying the link to the clipboard. It will remain unchanged in future help versions. Always use the following when referencing this page.
0 kommentar(er)
