Sophos Internet

Posted : admin | On 01-05-2021

The Download Client page contains links to download all the clients you might need.

Sophos Review
How Good Is Sophos Security
Sophos Antivirus

Sophos Group plc is a British security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily focused on providing security software to 100- to 5,000-seat organizations. The WAN Link Manager feature can handle multiple Active internet gateways and multiple Backup internet gateways. The following section is covered: What to do; Applies to the following Sophos products and versions Sophos Firewall What to do. Go to Network Interfaces to configure two WAN interfaces with different internet gateways.

Our Free Home Use XG Firewall is a fully equipped software version of the Sophos XG firewall, available at no cost for home users – no strings attached. Features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more.

The Device provides various options for user authentication. All the users are authenticated before they are provided with access to network resources. User authentication can be performed using a local database, Active Directory, LDAP, RADIUS, TACACS, eDirectory, NTLM or a combination of these. The Device also supports Single Sign On (SSO) for transparent authentication, whereby Windows credentials can be used to authenticate and a user has to sign in only once to access network resources. SSO can be used in Active Directory and Citrix or Terminal Services environments.

Sophos Review

You can authenticate with Device using Captive Portal, Authentication Clients for Windows, Linux, Macintosh, Android and iOS platforms or Single Sign On (SSO).

You can download the following clients from this page:

Single Sign-On

Available only for Administrators.

Sophos Transparent Authentication Suite - Enables transparent authentication whereby Windows credentials can be used to authenticate and a user has to sign in only once to access network resources. This does NOT require a client installed on the user’s machine.

Sophos Authentication for Thin Client - Enables transparent authentication for users in Citrix or Terminal Services environment whereby network credentials can be used to authenticate and a user has to sign in only once to access network resources. This does NOT require a client installed on the user’s machine.

Authentication Clients

Available for all users.

Download for Windows

Enables users using a Windows operating system to log on to the Device to access network resources and the Internet as per the policies configured in the Device.

Download for MAC OS X

Enables users using a system with Macintosh OS X onwards to log on to the Device to access network resources and the Internet as per the policies configured in the Device.

Download for Linux 32

Enables users using a 32-bit Linux operating system to log on to the Device to access network resources and the Internet as per the policies configured in the Device.

Download for Linux 64

Enables users using a 64-bit Linux operating system to log on to the Device to access network resources and the Internet as per the policies configured in the Device.

Download certificate for iOS 12 and earlier and Android client

Download the digital certificate to be installed inside Sophos Network Agent to ensure a safe connection to the firewall.

How Good Is Sophos Security

Note Authentication Clients for iOS/Android can be downloaded from the respective App Store/Play Store. Downloading the client with Google Chrome on Android does not work. Users either have to use a different browser or install the Default Certificate Authority (CA) provided by the Admin as a trusted authority in Google Chrome. Alternatively, users can press long on the download link and select the option “Save Link”.

Install client certificate in iOS 13 and later

Download the default CA first. Then click the link to install the client certificate. In the iOS Trust Store, manually turn on trust for the certificate. For more information, see knowledge base article 123755.

Configuration of CISCO^TM VPN Client for Apple iOS

Available only if Cisco VPN Client is enabled and allowed for logged-in user.

CISCO^TM VPN Client is software developed by CISCO to establish encrypted VPN tunnels with highly secure remote connectivity for remote workers. Click Install to install the SF-related configuration for Cisco VPN Client in your iOS Device. Import this configuration into the Client so that it can communicate with the SF Device.

SPX Add-in

This feature is available only with a valid Email Protection subscription

This feature is available in Sophos Firewall Models XG105 and above, Cyberoam Models CR25iNG and above, and all Sophos UTM Models.

Click Download Sophos Outlook Add-in to download and install the SPX Add-in. The SPX Add-in simplifies the encryption of messages that contain sensitive or confidential information leaving the organization. The Add-in integrates seamlessly with the user’s Microsoft Outlook software, making it easy for users to encrypt messages through Sophos Firewall Email Protection.

Follow the steps given below to install the Add-in in Outlook:

Unzip the files to a temporary folder.
For an interactive install, run setup.exe (users will be prompted for input).
For an unattended install, the prerequisites are:
- Windows XP, Windows Vista, Windows 7, Windows 8 (both 32 and 64-bit) versions are supported.
- Microsoft Outlook 2007 SP3, 2010 or 2013 (both 32 and 64-bit) versions are supported.
- Microsoft .NET Framework 4 Client Profile.
- Microsoft Visual Studio 2010 Tools for Office Runtime 4.0.
Now, please run the installer with the following parameters: msiexec /qr /i SophosOutlookAddInSetupUTM.msi T=1 EC=3 C=1 I=1.

The Internet Key Exchange is the protocol used to set up a security association (SA) in IPsec. The firewall supports IKE as defined in RFC 2409.

The key exchange is comprised of the following phases:

Authentication (phase 1). During phase 1, the peers authenticate themselves using a preshared key or digital certificate. A secure, authenticated communication channel is created using the Diffie–Hellman algorithm to generate a shared secret key to encrypt further communications. This negotiation results in session keys and a security association.
Key exchange (phase 2). In phase 2, the peers use the security channel established in phase 1 to negotiate an IPsec security association. The keying material for this association is created using the IKE phase 1 keys or by performing a new key exchange according to the PFS settings. This association encrypts the actual user data that is passed between the peers.

Diffie–Hellman key exchange

The Diffie–Hellman key exchange is a method of securely exchanging cryptographic keys over an insecure channel. The Diffie–Hellman algorithm was created to prevent secure encrypted keys from being attacked over the internet during transmission. Using the Diffie–Hellman key exchange with an authentication algorithm ensures protection against spoofing and man-in-the-middle attacks.

Perfect Forward Secrecy

Sophos Antivirus

Perfect Forward Secrecy (PFS) is a method for deriving phase 2 keys independent from and unrelated to the preceding keys. When you specify PFS, a new key will be generated for every negotiation and a new DH key exchange is included. PFS offers improved security as it requires a network intruder to crack an additional key.