Sophos Endpoint – Saving Internet Bandwidth Using Update Cache and a Message Relay

Sophos Update Cache enables devices to get their Sophos updates from a cache server in the network, as well as directly from Sophos. This saves bandwidth because updates are downloaded only once, by the server.

A Message Relay enables your devices to communicate all policy and reporting data via a central server. This can be used if you do not have internet facing devices, as all traffic will go via the Message Relay. A Message Relay augments the Update Cache capability, allowing an Update Cache server to be used as a Message Relay in addition to serving updates.

The Update Cache does not:

  • Replace or override Sophos Central as an available update location.
  • Work in the same way as an air gap setup. Devices still require access to Sophos Central to function.

Note: An Update Cache set up as a Message Relay can take out the requirement for direct access to Sophos Central.

The prerequisites for an Update Cache and a Message Relay

  • Server Standard Protection license
  • Requirements for an Update Cache server:
    • Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2, Windows 2016 and Windows 2019 x64
    • The server has at least 5GB free disk space.
    • TCP Port 8191 is available and accessible to devices that will update from the cache.
      • The Update Cache installer will open port 8191 in Windows Firewall. Once the Update Cache is uninstalled, the port is closed again.
    • DNS must be working to resolve the Update Cache servers IP address from the hostname.
  • Requirements for a Message Relay server:
    • Windows 2008 R2, Windows 2012, Windows 2012 R2, Windows 2016 and Windows 2019 x64.
    • The server has at least 5GB free disk space.
    • TCP Port 8190 is available and accessible to devices that will use the Message Relay.
    • Is configured as an Update Cache.
    • DNS must be working to resolve the Message Relay servers IP address from the hostname.
  • Devices updating from an Update Cache and communicating via a Message Relay must have:
    • Windows 7 and later (including server operating systems)
    • Linux distributions supported by Sophos Anti-Virus for Linux or Sophos Linux Security
    • Mac version 9.7.4
      • Mac version 9.7.4 only supports updating from an Update Cache. Support for Message Relay will be available in a future release.

First of all, you must install Sophos Endpoint to Server, I’m using Windows Server 2008 R2 for my environment, e.g. name of server is SPUDC

 

image

Then Log in to the Sophos Central Dashboard then go to Global Settings > Manage Update Caches and Message Relays

Select Cache Capable Servers under the drop-down list. This shows the servers suitable to be an Update Cache and Message Relay:

image

Note: If there is already an Update Cache on one of the managed servers, select Servers without Update Cache to hide them from the list.

image

Click on the server that you want to set up as the Update Cache, then click Set Up Cache/Relay.

In this tutorial I will install both Update Cache and Message Relay.

2018 - shot2

After Installing Cache and Message Relay status are Active

image

From now on, you will be able to deploy Sophos Endpoint to the client without Internet abuse.

Can I check if any devices are updating from an Update Cache or communicating via a Message Relay?

image

Go to Devices, click some devices then check Update Cache and Message Relay Status must be SPUDC

image

P/S: The Update Cache and Message Relay server (I called SPUDC) need to be reboot in a schedule.

Hope it helps. Thank you for reading.

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
0 Comment authors
Recent comment authors
  Subscribe  
newest oldest most voted
Notify of