【server protection】Intranet servers are not allowed to access the Internet, how sophos central delivers policies and soft version updates?

Question

Hi team, 
 Our customer's intranet has dozens of Windows servers. According to the requirements of the security department, the intranet servers are not allowed to access the Internet. So, I would like to know how sophos central delivers policies and updates to them? 
 Can we deploy a server on the intranet as a proxy, communicate with sophos central through the proxy server, and act as an agent between the real server and sophos central to solve this problem?

Qoosh · Answer

Hi Hongbo , 
 While it is not possible to entirely air-gap your devices from the internet, we suggest using a Message Relay/Update Cache for this purpose. By deploying a Message Relay and Update Cache on your environment, one server will act as the proxy for Communication to Sophos Central, the server will also host update packages for the rest of the devices on the network. 
 The following techvid on the topic help explain this in further detail. - Sophos Central: Configure Update Caches and Message Relays 
 In this setup, one server on the local network will need to have access to the internet. Others on the network will connect locally to this internet-connected Server for updating and Communication.

【server protection】Intranet servers are not allowed to access the Internet, how sophos central delivers policies and soft version updates?

Top Replies