This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Address for the Sophos update/download server used by my SEC-server

Hi

 

From time to time our firewall (not Sophos firewall) detects more false positives than I like. Today I found this entry in my firewall log:

"msg="Gateway Anti-Virus Alert: ConvertAd.AFU (Adware) blocked." src=13.33.76.208:80:X1 dst=192.168.110.40"

192.168.110.40 is the IP of my Sophos SEC server. I expect the server 13.33.76.208 to be one of the servers my SEC server download Sophos updates from?

 

I am looking for a DNS entry I can use in my firewall to exclude traffic between my SEC and the Sophos infrastructure from anti-virus check in the firewall – ex download.sophos.com. At the same time, I will (in my firewall) block traffic from my SEC to all other external ip-addresses.

In this way SEC server can communicate only with the Sophos infrastructure and this traffic will not be interrupted by the firewall.

That means I need a DNS sentry that will include all IP addresses used for communication between my SEC and Sophos infrastructure.

 

What is the DNS entry used for Sophos updates? (updates.sophos.com? download.sophos.com?)

 

PS: It would be nice to know the address used by my PCs for the "Secondary Server" as well. In my C:\programdata\Sophos\AutoUpdate\Config\iconn.cfg it is listed http://es-web.sophos.com/update/ but this server don't have a DNS entry.

 

Thanks in advance.

BR Harald



This thread was automatically locked due to age.