Its no secret that Sophos Central and therefore Intercept X, is hosted on Amazons AWS infrastructure. Endpoints will need to communicate with that in order to receive policies, send alerts etc.. which may require you to open up your firewall.
If you want to use IP address ranges rather than dns domains, e.g *.amazon.com , then Amazon have published a handy web page that enables you to find the IP address ranges used with AWS.
Jump over to http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Sophos Central currently uses three regions - EU-CENTRAL-1, EU-WEST-1 and US-WEST-2. You can find out the region your endpoints are using by hovering over the download link for the agent in Sophos Central. Double check in case we have expanded the regions available.
As Amazon may change the IP ranges, it is advisable to subscribe to their notification service that you tell you if that happens.
This thread was automatically locked due to age.