Getting Sophos Central/Endpoint into an air gap system

Hi all,

Was hoping to potentially get some tips for setting up an air gap connection with up to date Sophos anti-virus protection,

In the building currently we have a setup where we got a Sophos Central Console connecting to machines with Sophos Endpoint Agents (All with Internet access that communicate with the Console),

However, we have an air gap room which would be interesting to know if we can use the assets we already got with this other setup,

The question I got is, if I got some machines that don't have internet access (And never will) is there a way to do the following:

1) Install Endpoint Agent onto an air gap Windows 10 computer

2) Install Endpoint Agent onto an air gap Windows Server 2012 R2 server

Following the above two being possible:

3) Be able to get updates from the console/an endpoint (I expect to do this once a month or two) to copy over to these air gap devices to get updated Sophos protection

Thanks in advance for any answers,


Added TAGs
[edited by: Gladys at 5:35 AM (GMT -8) on 19 Dec 2022]
  • Thank you for reaching the community forum.

    Setting up a totally Isolated network for the central manage endpoint isn’t possible, but if you prefer, you can set up an update cache and message relay server.

    The configuration would be that the server only has internet access while the endpoint will grab the installation files/updates directly to the server.

    You may refer to this documentation.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community