How to connect the Sophos UTM to the Sophos SMC Server

  • Article ID: 120898
  • Rating:
  • 3 customers rated this article 3.7 out of 6
  • Updated: 27 Feb 2015

This article provides basic steps to connect the Sophos UTM to a Sophos SMC Server

Applies to the following Sophos product(s) and version(s)
Sophos UTM Software Appliance v9.202
Sophos Mobile Control 4.0

What To Do

To successfully connect the UTM to SMC proceed as follows:


  • Log on to the SMC Web-Console as Super Administrator
    • Goto "Settings" | "System Setup" | "Network Access Control"
    • Select "Sophos UTM" from the drop down box and click "Save"
  • Log on to the SMC Web-Console as Administrator of your Tenant
    • Goto "Administrators"
    • Create a new Administrator used for the connection

In case you use a Self Signed Certificate on your local SMC Server do one of the following:

  • Log on to your SMC Server (Windows)
    • Navigate to %mdm_home%\tools\Wizard\certs
    • Copy the file "ca_cert.crt" to a shared location


  • Browse your SMC Server via https (Detailed steps may vary depending on the used browser)
    • Display the Certificate used
    • Open the Root Certificate
    • Copy this Certificate to a shared location

These steps only need to be done once as a super administrator and not for every tenant.


  • Log on to your UTM Web-WebAdmin
    • In case you use a Self Signed Certificate on your local SMC Server:
      • Goto "Webserver Protection" | "Certificate Management"| "Certificate Authority"
      • Click "Import CA"
      • Enter a Name and upload the Certificate stored in a step above
    • Goto: "Management" | "Sophos Mobile Control" | "General"
    • Enable this feature
    • Enter the Servername, Tenant, Username and Password
      • Please note: Do not use the IP if you are running UTM version 9.203. You'll need to use the DNS name of the SMC Server instead.
    • Select the uploaded CA Certificate if needed
    • Click "Apply"

You can now test the connection by pressing the "Test SMC settings" Button.

Note: in order for the UTM to block access for a non-compliant device, the 'Deny network access' boxes must be checked in the SMC configuration, under Compliance Rules. 

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent