Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
Hello to all,
I would have a question regarding the ports / domains to open for my sophos intercept x clients to install.
I have already opened the domains found on this thread (https://community.sophos.com/kb/en-us/121936) except for wildcard domains. Unfortunately my firewall doesn't handle this type of object.
Despite open domains, it seems not enough, the client does not download the application.Thanks
Hi Mario Rossi5
Would you please provide more details about the error you are receiving while you are trying to install Intercept X?
In reply to Shweta:
I didn't arrive at the installation.
My firewall block the download.
I think that the inserted domains are not enough. Is it possible?
As I said before my firewall doesn't manage wildicard domain.
In reply to Mario Rossi5:
HI Mario Rossi5
The above article defines all the domains and ports required for installation and communication from the endpoint to Server. I would suggest you check under the logs where it is getting blocked if you have already allowed these ports and domains.
Is the download of the Windows installer from Sophos Central failing or the download of the software via the SophosSetup.exe failing? If SophosSetup.exe, try creating exclusions for the following:dci.sophosupd.netdci.sophosupd.comd1.sophosupd.netd1.sophosupd.comd2.sophosupd.netd2.sophosupd.comd3.sophosupd.netd3.sophosupd.comAlso it might help if you can share with us the contents of the CloudInstaller log located in C:\ProgramData\Sophos\CloudInstaller\logs\
In reply to MEric:
I've already insert those exclusion whithout success.
The problem is not Sophos but the firewall. Seems that the destinations that I've opened is not enough to install Intercept X.
However now I ask to my customer to tell me what he see on "C:\ProgramData\Sophos\CloudInstaller\logs\"
2020-01-22T08:14:19.0300353Z INFO : Stage 1 command-line options:
2020-01-22T08:14:19.0300353Z INFO : ---
2020-01-22T08:14:19.0300353Z INFO : Quiet mode on: 0
2020-01-22T08:14:19.0300353Z INFO : Automatic Proxy detection disabled: 0
2020-01-22T08:14:19.0300353Z INFO : No feedback mode on: 0
2020-01-22T08:14:19.0300353Z INFO : Dump feedback enabled: 0
2020-01-22T08:14:19.0300353Z INFO : Bypass competitor removal: 0
2020-01-22T08:14:19.0300353Z INFO : Using CRT catalog file path: --
2020-01-22T08:14:19.0300353Z INFO : Only register endpoint with Central: 0
2020-01-22T08:14:19.0300353Z INFO : Log messages between endpoint and Central: 0
2020-01-22T08:14:19.0300353Z INFO : Log command-line passed to executables: 0
2020-01-22T08:14:19.0300353Z INFO : Using custom server that hosts the installer stage2 filename : --
2020-01-22T08:14:19.0300353Z INFO : Using cloud group: --
2020-01-22T08:14:19.0300353Z INFO : Overriding computer name: --
2020-01-22T08:14:19.0300353Z INFO : Overriding computer description: --
2020-01-22T08:14:19.0300353Z INFO : Overriding domain name: --
2020-01-22T08:14:19.0300353Z INFO : Language will be set to: --
2020-01-22T08:14:19.0300353Z INFO : Using message relays: --
2020-01-22T08:14:19.0300353Z INFO : Proxy address: --
2020-01-22T08:14:19.0300353Z INFO : Proxy user name: --
2020-01-22T08:14:19.0300353Z INFO : Using custom customer token: --
2020-01-22T08:14:19.0456501Z INFO : Using specified products: --
2020-01-22T08:14:19.0456501Z INFO : Using certificates from the MCS app data folder.: 0
2020-01-22T08:14:19.0456501Z INFO : Using custom customer ID.: --
2020-01-22T08:14:19.0456501Z INFO : Using specified user ID.: --
2020-01-22T08:14:19.0456501Z INFO : Using local install source.: --
2020-01-22T08:14:19.0456501Z INFO : ---
2020-01-22T08:14:19.3045082Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/f14b606f-acdd-4bb5-815c-fd032ee39fcf
2020-01-22T08:14:19.3200200Z WARNING : WinHttpGetProxyForUrl returned: 12180
2020-01-22T08:14:19.3200200Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
2020-01-22T08:14:19.3200200Z INFO : Set security protocol: 00000800
2020-01-22T08:14:19.3200200Z INFO : Opening connection to dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com
2020-01-22T08:14:19.3200200Z INFO : Request content size: 31
2020-01-22T08:14:26.2843333Z ERROR : WinHttpSendRequest failed with error 12029
2020-01-22T08:14:26.2843333Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
2020-01-22T08:14:26.2843333Z INFO : Cleaning up extracted files
Hi Mario Rossi5
Please check this article and see if it helps. If you try to download and install from other network source is it successful?
Try excluding 'dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com' as well as it looks like that is where the installer is getting caught up in the logs. Make sure there's no HTTPS scanning that's occurring this this site.
my customer tried to launch this command:
via powershell and then the client installed the software
Glad to know that issue has been resolved for you. Feel free to reach out to us for any further concerns.