This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall port settings for Sophos AV updates

Hi,

I am planning on installing Sophos AV on a RHEL 7.x server.

The server will connect to a web proxy via a firewall to pull down signature updates.

What ports and protocols must be opened on the firewall?

What URL(s) is used to provide updates?

Regards John



This thread was automatically locked due to age.
Parents
  • Hello John,

    first of all - Central managed or on-premise SEC managed? I assume the former as you don't mention a management server. Or is it perhaps a stand-alone installation?

    For Central please see Domains and ports required ... and the FAQs for proxy support. The same update locations (*.sophosupd.com, *.sophosupd.net - note that in the settings/policy you enter the symbolic Sophos öocation) are used by SEC-managed endpoints, AFAIK at the moment only HTTP. Live Protection needs additional URLs.

    Christian

  • Hi Christian

    The installation is stand alone

     

    John

  • Hello John,

    as said, the update location is simply Sophos which indicates the sophosupd URLs that in turn are resolved to addresses on the CDN. Protocol is (still, I think) HTTP, could be HTTPS in the future.

    Christian

  • Is there documentation that explains how to use a standalone Sophos AV instance with an authenticating proxy?

    Example:

    The server with Sophos AV installed has a service account managed by Active Directory. When AV updates are initiated the request is sent to the proxy. The proxy in turn authenticates the user via AD before forwarding the request to Sophos CDN. How are the service account credentials provided to the proxy when running the update utility from command line? Are they stored in a configuration file? N.B. the user running the update utility is different from the service account user.

    Regards John

Reply
  • Is there documentation that explains how to use a standalone Sophos AV instance with an authenticating proxy?

    Example:

    The server with Sophos AV installed has a service account managed by Active Directory. When AV updates are initiated the request is sent to the proxy. The proxy in turn authenticates the user via AD before forwarding the request to Sophos CDN. How are the service account credentials provided to the proxy when running the update utility from command line? Are they stored in a configuration file? N.B. the user running the update utility is different from the service account user.

    Regards John

Children