We are a reseller and we purchased a Sophos Switch for testing, and for demo use... when we got it, it would not provision via the cloud. Searched the present documentation, the community search engine, etc. and found no information regarding what the switch required for provisioning in terms of reaching Central and other provisioning resources required. I suggest that Sophos add this information in a KB article, or in the switch online docs themselves... with a firewall in between the switch that uses strict rules and TLS inspection (in the case a Sophos UTM), it would not provision without firewall configuration changes -- curious as to if these exceptions below might be "baked in" on the XG/S platform at some point...
My business is located in the USA, East Coast... and here's what I found was needed to get the unit to provision...
- Enable NTP protocol
- Skip inspection (TLS/SSL) and allow traffic for:
- sophos.jfrog.io (no idea what service these guys are offering for Sophos -- perhaps some automation?)
- central.sophos.com
- jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com
- This might differ based on where you are at in the world (maybe -- I would hope so) -- this appears to be where the firmware updates come from, possibly
Just curious if anyone else has run into this.
BTW, pretty impressed with the features at the price point these are offered at -- can't wait to see more of the settings make their way into the cloud console...
Added TAGs
[edited by: Raphael Alganes at 2:12 PM (GMT -8) on 11 Jan 2024]