Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 18108 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP address or range for Sophos Updates?

wardm

Hello, first post. We are in the process of deploying Sophos Endpoint to our Active Directory domain. In addition we have 5 computers in a workgroup that act as time clocks. I have installed the standalone AV on the first one and supplied the credentials for the software to update directly to Sophos. Because these computers are in public areas and connected to the internet, we have the firewall locked down so only traffic to the timeclock servers is permitted.

Long story short the standalone computers will not update Sophos AV over the internet. Viewing the firewall traffic, I can see the computer trying to update to 192.204.11.48. I added an exception for http traffic to that IP address and now the workstation updates to Sophos just fine. My concern is there may be more than one update server or the IP address for Sophos may change. Is there a documented range of server update IP range of IP addresses I can define on my firewall? Thank you. mark

:15185


This thread was automatically locked due to age.
Parents
  • 0

    Hello mark,

    can't say how often the actual addresses change so you'd probably have to check the resolution from time to time. Names are dci|d1|d2.sophosupd.com|net (where .com and .net should resolve to the same addresses). Do you monitor these machines in any way? You can periodically check for the last update time and status (DWORD Result, 0 means success) with a script as shown here and in case of a failure send an alert (email is rather simple but there are many ways).

    Christian

    :15191
Reply
  • 0

    Hello mark,

    can't say how often the actual addresses change so you'd probably have to check the resolution from time to time. Names are dci|d1|d2.sophosupd.com|net (where .com and .net should resolve to the same addresses). Do you monitor these machines in any way? You can periodically check for the last update time and status (DWORD Result, 0 means success) with a script as shown here and in case of a failure send an alert (email is rather simple but there are many ways).

    Christian

    :15191
Children
No Data