We are using a scientific system (Agilent) that uses HTTP to transfer files and data across our network. Does real time scanning internet on the endpoints only affect incoming and outgoing traffic from the gateway or does it scan the http traffic across our network as well?
Bill - great question.
In the Threat Protection Policy, I assume you are referring to this option:
For more in depth information this article can help you review what this option actually does:Sophos Endpoint…
For more in depth information this article can help you review what this option actually does:Sophos Endpoint: Download Reputation
Here is also a FAQ:Sophos Endpoint: Download reputation frequently asked questions
In a nutshell, this protection works via your browser(except firefox) and looks at files being downloaded (http/https) and the sites being visited on the internet in order to protect the user/endpoint.
In your scenario the "Real Time Scanning", "Live Protections", "Deep Learning" and the "Runtime Protections" will also be in play on your local network to ensure that the files being transferred are clean before landing on an endpoint. Even if something were to be copied over and that file is opened, one of the runtime protections in play will stop anything from executing before they happen and an alert/threat case generated. This is part of the layered protection you get with Intercept X.
You can refer to this online document for reference and overview of all the protections that are in play: Threat Protection Policy (sophos.com)
If you have any doubts about being protected, just make sure to use our "Recommended Settings" in the Threat Protection Policy to be fully secure.