When using Sophos Remote Management System (RMS) with firewalls, use the information in this article to learn about the ports or programs which need access to the network. The requirements are different for workstations and for the Sophos Anti-Virus management server.
Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control
Sophos Control Center
Sophos Anti-Virus for Windows 2000+
Note: All listed ports are TCP.
RMS on the workstation
If your firewall allows you to grant access to particular programs (for example, the Windows XP firewall in Service Pack 2), these are the programs concerned
- for Windows NT/2000/XP/2003, RouterNT.exe (C:\Program Files\Sophos\Remote Management System\RouterNT.exe)
- for Windows 95/98/Me, Router9.exe (C:\Program Files\Sophos\Remote Management System\Router9.exe).
Note: The .exe file extension may not be visible.
If your firewall does not allow you to grant access to individual programs, you should open the following ports in your firewall:
You may find it useful to open port 8192 temporarily for testing purposes.
The three ports mentioned above also need to be available to service local connections by the Sophos Agent service. Sometimes, e.g. when connecting to the network using VPN software, a local firewall may prevent the local Sophos Agent service from accessing ports 8192 and 8194 on the local Sophos message router. The computer's status may then be reported incorrectly to the console. In those circumstances you might need to open ports 8192 and 8194 for local connections.
RMS on the server
You will need to open the following ports in any firewall on the server you use as the Sophos Anti-Virus management server: