This article applies to Sophos Home for macOS AND Windows
Sophos Home requires access to several servers for proper communication and functionality. This allows the program to process policies, requests, and updates, among other things.
Most home users will not need to worry about additional access to the above mentioned. However, customers running dedicated Firewalls/proxies (other than Windows/Mac native ones) may need to allow the below listed domains, as necessary :
If your firewall supports wildcard domains
If your proxy or firewall supports the use of wildcards, these listed addresses should be added to the allow list:
Click to see wildcard domains
*.sophos.com
*.sophosupd.com
*.sophosupd.net
*.sophosxl.net
ocsp2.globalsign.com
crl.globalsign.com
If your firewall does not support wildcard domains
If your proxy or firewall does not support the use of wildcards, the listed addresses should be added manually to the allow list.
First, identify the server address that the Sophos Management Communication System uses to securely communicate with Sophos Central:
Open the file SophosHomeCloudInstaller_XXXXXXXX_XXXXXX.log
located in the %temp%
folder
Search within the file for Lines that start with:Model::server value changed to:
Note: This should include a URL that looks similar tomcs2-cloudstation-us-east-1.prod.hydra.sophos.com
Add the server address and the following addresses to the allow list of the proxy server:
Click to see the full domains list
dci.sophosupd.com
d1.sophosupd.com
d2.sophosupd.com
d3.sophosupd.com
dci.sophosupd.net
d1.sophosupd.net
d2.sophosupd.net
d3.sophosupd.net
t1.sophosupd.com
sus.sophosupd.com
sdds3.sophosupd.com
sdds3.sophosupd.net
sdu-feedback.sophos.com
sophosxl.net
4.sophosxl.net
samples.sophosxl.net
ocsp.globalsign.com
ocsp2.globalsign.com
crl.globalsign.com
crl.globalsign.net
ocsp.digicert.com
crl3.digicert.com
crl4.digicert.com
Additional Information
If you are still encountering problems after allowing Sophos Home through your 3rd party firewall, please refer to this article for additional ports and domains: