Sophos Server

Posted on  by admin

Try Sophos Intercept X for Server Instead To provide you with the best possible protection and the latest technology, Sophos Intercept X for Server is available for trial. Sophos Server Protection managed on premises has entered the End of Sale/End of Life phase of the product lifecycle. Sophos Central Server: Could not contact server message on server operating systems; Sophos Update Manager: Timeout while attempting to connect to the specified address. There may be a problem with the network. Sophos Central: Domains and ports required for communication to and from Sophos Central Admin and the Sophos Central managed endpoint.

Ensuring that your endpoint and server protection is correctly configured is one of the most important things you can do for your organization’s security.

This article will give you some quick tips and links to resources so you can get the most out of your Sophos protection.

Sophos Server

Getting started

In Sophos Central policies are used to apply protection settings such as specific exploit preventions, application control, and peripheral control. Policies can apply to endpoints, servers, users or groups depending on how you want to set things up. How to create a policy.

Application Control

Controls which applications should be blocked. For example, uTorrent and Steam games.
Endpoint setup Server setup

Data Loss Prevention

Stops specific file types or content in a file from being transferred from a device. For example, stop files containing account numbers being sent from a device.
Endpoint setup Server setup

Windows Firewall

Blocks inbound connections from specific domains or networks. For example, stopping all private networks accessing a device.
Endpoint setup Server setup

Sophos ServerSophos Server

Peripheral Control

Controls what can be plugged into a device. For example, blocking USB sticks and optical drives.
Endpoint setup Server setup

Threat Protection

Sophos Server

Configures protection features. We strongly suggest always using Sophos recommended settings.
Endpoint setup Server setup

Update Management

Schedules updates to a specific time. For example, setting them after office hours.

Endpoint setup Server setup

Web Control

Stops users downloading risky files or accessing inappropriate websites. For example, block .exe file downloads.
Endpoint setup Server setup

File Integrity Monitoring (Server only)

Monitors important files and folders for signs of tampering. For example, critical Windows directories or key programs.
How to set one up.

Tamper Protection
Tamper protection stops unauthorized users and types of malware from uninstalling Sophos protection. You should always have it enabled. Learn more.

Do I need to log in and check for alerts?

Users often ask how often they should log in to check for alerts and actions. The good news is that Sophos Central automatically emails admins when there is an event requiring their attention. Here’s how to configure alerts.

Check your security posture with EDR

Endpoint Detection and Response (EDR) is a powerful tool to help you find threats across your network. It’s easy to get started by checking the list of the most suspicious potential threats for investigation in your organization.

We give you curated threat intelligence so you can quickly decide whether a potential threat needs taking care of. Watch the EDR how-to videos.

More information

When you configure XG Firewall as the DHCP server, it provides IP addresses and network parameters, such as the default gateway, subnet mask, DNS servers, and WINS servers to DHCP clients.


Sophos Server Requirements

In this scenario, we configure XG Firewall as the DHCP server to lease IP addresses to clients within the server's subnet. Do as follows:

  • Specify the DHCP server settings.
  • Add static IP addresses if required.
  • Start the DHCP server if required.
  • Check the IP addresses leased by the server.

Sophos Server Lockdown Feature

Specify the DHCP server settings

Sophos Server

Configure XG Firewall as the DHCP server to lease dynamic IP addresses directly to endpoint devices and a static IP address to a test server within the server's network.
  1. Go to Network > DHCP. Under Server, click Add.
  2. The following settings are an example. You must specify your network's settings:




    Port2 -

    Interface on which XG Firewall listens to DHCP requests.

    Dynamic IP lease to

    Static IP MAC mapping

    Hostname: TestServer

    MAC address: 2C:0E:3D:9C:CB:E4

    IP address:


    Interface IP address as the gateway for the clients.

    Use device's DNS settings

    DNS servers for the clients to contact.

  3. Click Save.