Hi there,
I have an environment of 4 offline Windows 10 computers. I would like to put Sophos on all of them. Is there a way to activate Sophos offline? I will have one online machine as well, could I use the online machine to manually pull updates and signatures? Thanks!
Hi Alexander,
Thank you for reaching out to Sophos Community.
I'll be moving this to the Endpoint Forum.
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Hello Alex,Yes, this is possible by creating two different networks 1st is for the device which will act as a server that has open internet access for the Update cache and a message relay and the 2nd was for the network where those offline machines are connected. You need to allow certain connections from Network 1 and network 2 but on network 2 you’ll restrict any internet access. You can refer to this article on how Update cache and message relay will work.
These devices would be completely offline and not touching any other devices or networks. My only mode of transporting data would be disc media.
A fully air-gapped setup is currently not supported with Sophos Endpoint. It may be possible to configure firewall rules to restrict traffic so the devices can only communicate with the Update Manager/Message Relay, but I am not currently aware of a method of transferring files manually for updating purposes.