Intercept X with Cisco ASA

Hello to all,

I would have a question regarding the ports / domains to open for my sophos intercept x clients to install.
I have already opened the domains found on this thread (https://community.sophos.com/kb/en-us/121936) except for wildcard domains. Unfortunately my firewall doesn't handle this type of object.
Despite open domains, it seems not enough, the client does not download the application.

Thanks
  • Hi  

    Would you please provide more details about the error you are receiving while you are trying to install Intercept X? 

  • In reply to Shweta:

    I didn't arrive at the installation.

    My firewall block the download.

    I think that the inserted domains are not enough. Is it possible?

    As I said before my firewall doesn't manage wildicard domain.

  • In reply to Mario Rossi5:

    HI  

    The above article defines all the domains and ports required for installation and communication from the endpoint to Server. I would suggest you check under the logs where it is getting blocked if you have already allowed these ports and domains. 

  • In reply to Mario Rossi5:

    Hi Mario,

    Is the download of the Windows installer from Sophos Central failing or the download of the software via the SophosSetup.exe failing?  If SophosSetup.exe, try creating exclusions for the following:
    dci.sophosupd.net
    dci.sophosupd.com
    d1.sophosupd.net
    d1.sophosupd.com
    d2.sophosupd.net
    d2.sophosupd.com
    d3.sophosupd.net
    d3.sophosupd.com

    Also it might help if you can share with us the contents of the CloudInstaller log located in C:\ProgramData\Sophos\CloudInstaller\logs\

  • In reply to MEric:

    Hi,

     

    I've already insert those exclusion whithout success.

    The problem is not Sophos but the firewall. Seems that the destinations that I've opened is not enough to install Intercept X.

    However now I ask to my customer to tell me what he see on "C:\ProgramData\Sophos\CloudInstaller\logs\"

     

    SophosCloudInstaller_20200122_081419.log
    Started C:\Users\ADMINI~1\AppData\Local\Temp\sfl-d4e7a181\Setup.exe
    2020-01-22T08:14:19.0300353Z INFO : Stage 1 command-line options:
    2020-01-22T08:14:19.0300353Z INFO : ---
    2020-01-22T08:14:19.0300353Z INFO : Quiet mode on: 0
    2020-01-22T08:14:19.0300353Z INFO : Automatic Proxy detection disabled: 0
    2020-01-22T08:14:19.0300353Z INFO : No feedback mode on: 0
    2020-01-22T08:14:19.0300353Z INFO : Dump feedback enabled: 0
    2020-01-22T08:14:19.0300353Z INFO : Bypass competitor removal: 0
    2020-01-22T08:14:19.0300353Z INFO : Using CRT catalog file path: --
    2020-01-22T08:14:19.0300353Z INFO : Only register endpoint with Central: 0
    2020-01-22T08:14:19.0300353Z INFO : Log messages between endpoint and Central: 0
    2020-01-22T08:14:19.0300353Z INFO : Log command-line passed to executables: 0
    2020-01-22T08:14:19.0300353Z INFO : Using custom server that hosts the installer stage2 filename : --
    2020-01-22T08:14:19.0300353Z INFO : Using cloud group: --
    2020-01-22T08:14:19.0300353Z INFO : Overriding computer name: --
    2020-01-22T08:14:19.0300353Z INFO : Overriding computer description: --
    2020-01-22T08:14:19.0300353Z INFO : Overriding domain name: --
    2020-01-22T08:14:19.0300353Z INFO : Language will be set to: --
    2020-01-22T08:14:19.0300353Z INFO : Using message relays: --
    2020-01-22T08:14:19.0300353Z INFO : Proxy address: --
    2020-01-22T08:14:19.0300353Z INFO : Proxy user name: --
    2020-01-22T08:14:19.0300353Z INFO : Using custom customer token: --
    2020-01-22T08:14:19.0456501Z INFO : Using specified products: --
    2020-01-22T08:14:19.0456501Z INFO : Using certificates from the MCS app data folder.: 0
    2020-01-22T08:14:19.0456501Z INFO : Using custom customer ID.: --
    2020-01-22T08:14:19.0456501Z INFO : Using specified user ID.: --
    2020-01-22T08:14:19.0456501Z INFO : Using local install source.: --
    2020-01-22T08:14:19.0456501Z INFO : ---
    2020-01-22T08:14:19.3045082Z INFO : Sending HTTP 'POST' request to: api/download/stage2-details/f14b606f-acdd-4bb5-815c-fd032ee39fcf
    2020-01-22T08:14:19.3200200Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2020-01-22T08:14:19.3200200Z INFO : Attempting to connect using proxy '' of type 'Empty Proxy'.
    2020-01-22T08:14:19.3200200Z INFO : Set security protocol: 00000800
    2020-01-22T08:14:19.3200200Z INFO : Opening connection to dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com
    2020-01-22T08:14:19.3200200Z INFO : Request content size: 31
    2020-01-22T08:14:26.2843333Z ERROR : WinHttpSendRequest failed with error 12029
    2020-01-22T08:14:26.2843333Z INFO : Failed to connect using proxy '' with error: WinHttpSendRequest failed
    2020-01-22T08:14:26.2843333Z INFO : Cleaning up extracted files
    

  • In reply to Mario Rossi5:

    Hi  

    Please check this article and see if it helps. If you try to download and install from other network source is it successful? 

  • In reply to Mario Rossi5:

    Hi Mario,

    Try excluding 'dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com' as well as it looks like that is where the installer is getting caught up in the logs.  Make sure there's no HTTPS scanning that's occurring this this site.

  • In reply to MEric:

    Hi,

     

    my customer tried to launch this command:

     

    sophosSetup.exe --proxyaddress=X.X.X.X:port

    via powershell and then the client installed the software

  • In reply to Mario Rossi5:

    Hi there,

    Glad to know that issue has been resolved for you. Feel free to reach out to us for any further concerns.