Proxy support for Sophos Products

  • Artikel-ID: 119263
  • Bewertung:
  • Der Artikel wurde von 5 Kunden mit 2.8 von 6 bewertet
  • Aktualisiert: 13 Mai 2016

Overview

This article provides information on how to allow Sophos products to work as intended on a system that uses a proxy server.

Known to apply to the following Sophos product(s) and version(s)
UTM Managed Endpoint (Windows 2000+)
Sophos Home
Sophos Cloud Managed Endpoint
Sophos Cloud

The following sections are covered:

 

How to allow Sophos products to use the proxy server settings in Windows

Sophos Central users will need to configure the Windows Endpoints and Servers listed in Sophos Central Admin. There are no special steps other than configuring them to use the proxy server settings.

 

For systems that can access Internet Explorer

  1. Follow the instructions in the Microsoft article Change proxy server settings in Internet Explorer.
  1. Click Start and type Command Prompt in the search field. Right-click Command Prompt and then click Run as Administrator.
  1. In Command Prompt, type netsh winhttp import proxy source =ie and then press Enter.
  1. Click Start and type services.msc in the search field. Right-click services.msc and then click Run as Administrator.
  1. In Services, click Sophos AutoUpdate and then click Restart. Repeat this action for Sophos MCS Agent and Sophos MCS Client.

 

For systems that cannot access Internet Explorer

  1. Click Start and type Command Prompt in the search field. Right-click Command Prompt and then click Run as Administrator.

  2. In Command Prompt, type the following commands based on the architecture of your system and then press Enter. 
    Note: proxy server address: proxy port would be your proxy configuration e.g. proxy.example.microsoft.com:80
System architecture Command(s) to enter
32-bit netsh winhttp set proxy proxy-server="http=proxy server address:proxy port;https=proxy server address:proxy port"
64-bit
  1. C:

  2. cd C:\Windows\SysWOW64

  3. netsh winhttp set proxy proxy-server="http=proxy server address:proxy port;https=proxy server address:proxy port"
  1. Click Start and type services.msc in the search field. Right-click services.msc and then click Run as Administrator.
  1. In Services, click Sophos AutoUpdate and then click Restart. Repeat this action for Sophos MCS Agent and Sophos MCS Client.

 

What to do if your proxy server requires authentication

Note: Systems using transparent proxy servers may also need to be configured with this method.

  1. Identify the server address that Sophos Management Communication System uses to securely communicate with Sophos Central.
  • Open the config.xml file located at:

Operating System
Location
Windows 2000/XP/2003 C:\Documents and Settings\All Users\Application Data\Sophos\Management Communication System\Endpoint\Config\
Windows Vista, 7, 8/8.1, 10
C:\ProgramData\Sophos\Management Communication System\Endpoint\Config\

Note: This may require the Show hidden files option to be turned on in Windows.

  • The server address will look similar to:

https://mcs-amzn-eu-west-1-b844.upe.p.hmr.sophos.com/

  1. Add the server address and the following addresses to the allow list of your proxy server:

    *.sophos.com
    *.sophosupd.com
    *.sophosupd.net
    *.sophosxl.net
    ocsp2.globalsign.com
    crl.globalsign.com

 

How to allow Sophos products to use the proxy server settings in OS X

  1. Follow the instructions in the Apple article OS X Yosemite: Enter proxy server settings. This also works for OS X El Capitan.

  2. Identify the server address that Sophos Management Communication System uses to securely communicate with Sophos Central.
  • Press Command+Shift+G to bring up a Go to Folder window.
  • Type /Library/Preferences/ and hit Enter.
  • Open com.sophos.mcs.plist and search for <key>SMEMcsServerUrl</key>.
  • The <string> underneath it is the server address. It will look similar to:

    https://mcs-amzn-eu-west-1-b844.upe.p.hmr.sophos.com/

  1. Add the following domains and the server address to the Bypass proxy settings for these Hosts & Domains field, as detailed in the article above.

    *.sophos.com
    *.sophosupd.com
    *.sophosupd.net
    *.sophosxl.net
    ocsp2.globalsign.com
    crl.globalsign.com

 

How to allow Sophos products to use the proxy server settings in Linux

  1. Open the command line by pressing Ctrl+Alt+T.

  2. Enter the following commands to configure your proxy server for http/ftp traffic.

export http_proxy=http://proxy server address:proxy port

export ftp_proxy=http://proxy server address:proxy port

If your proxy server requires authentication, type:

export http_proxy=http://username:password@:proxy server address:proxy port

To have this applied every time you log in, place these lines in your .bashrc in your home (~) directory.

export http_proxy=http://proxy server address:proxy port

export ftp_proxy=http://proxy server address:proxy port

 

Further steps for Sophos Enterprise Console

For Sophos Enterprise Console, you may need to take additional steps to allow proper communication between the proxy server and the endpoint. See 'Timeout while attempting to connect to the specified address. There may be a problem with the network.'

 

Related information

 

Feedback and contact

If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

 
Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend

Anmerkungen