Skip to content

Block compromised IP addresses

This feature currently only applies to Windows devices that are in the "New Endpoint Protection Features" or "New Server Protection Features" Early Access Program.

You can prevent your devices from communicating with compromised IP addresses that you specify. Doing this helps stop threats from spreading to or between devices in your organization.

You can block both external and internal IP addresses or IP address ranges.

Note

Make sure you don't block devices that are important for your business operations or security, such as critical servers or devices with update caches or message relays.

Block IP addresses

You must be a Sophos Central administrator to block IP addresses. Helpdesk users can't use this feature.

  1. Go to My Products > General Settings.
  2. Under General, click Block compromised IP addresses.
  3. Check that Block communications with specified IP addresses is turned on, and click Add.

    "Add" button for adding new IP address.

  4. In Block compromised IP addresses, enter an Address. This can be an IPv4 or IPv6 address or a CIDR range.

    You can add up to 500 addresses or ranges, or a mixture of both. You must add each address or range individually.

    If you prefer, you can add up to 100 addresses or ranges at the same time by using the Sophos API. See Endpoint API.

  5. In Expiry, specify when the block will expire. The default is 7 days, but you can choose 30 days or set no expiry time.

  6. (Optional) Add a Comment to remind you why you blocked the IP address.
  7. Click Confirm.

    You can now add more addresses. When you've finished, go to the next step.

  8. In the upper right of the page, click Save.

Unblock IP addresses

  1. Go to My Products > General Settings.
  2. Under General, click Block compromised IP addresses.
  3. Select addresses or address ranges that are currently blocked and click Delete.

    Addresses selected for deletion.

  4. In the upper right of the page, click Save.