Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-exclusions

SSL / TLS exclusions required for registration with Sophos Central

Sophos Switch devices try to register with Sophos Central the first time they start.

For this purpose, they contact, among others, the following FQDNs:

  • sophos.jfrog.io
  • jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com

When the connection to sophos.jfrog.io is blocked, the switch can't register itself with Sophos Central.

When the connection to jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com is blocked, the switch can't verify that the latest firmware is installed.

When the switch can't access either of these URLs the following log entry is shown on the Sophos switch:

  • DOWNLOADER error Failed to download the package. HTTP: 000

To add exclusions in Sophos Firewall, do as follows:

  1. Connect to your Sophos firewall.
  2. Open the log viewer.
  3. Select SSL/TLS inspection from the module drop-down menu.
  4. Use the search field to look for the two FQDNs mentioned above.
  5. In the Manage column of the log viewer (if it doesn't appear, use the bottom scrollbar to move to the right), click Exclude.
  6. Select Exclude for each FQDN.

Non-Sophos Firewall OS devices

Refer to your firewall's documentation on how to exclude traffic from inspection.