Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switches

Switches

You can manage your Sophos Switch hardware in Sophos Central.

Go to My Products > Switches to configure and manage Sophos Switch.

Domain requirements

Sophos Switch communicates with some domains to register with Sophos Central and for other functionality, such as configuration backups. You must allow these domains to manage your switches.

Registration domains

Sophos Switch contacts the following FQDNs to register with Sophos Central the first time it starts:

  • sophos.jfrog.io
  • jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com

When the connection to sophos.jfrog.io is blocked, the switch can't register with Sophos Central.

When the connection to jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com is blocked, the switch can't verify the latest firmware version.

When the switch can't access either of these URLs, you'll see the following log entry on the switch:

DOWNLOADER    error    Failed to download the package. HTTP: 000

Other domains

There are other FQDNs that you must allow for switch functionality in Sophos Central. Make sure you allow the following region-specific FQDNs:

  • tf-cswitch-backup-config-dump-eu-west-1-prod-bucket.s3.eu-west-1.amazonaws.com
  • tf-cswitch-backup-config-dump-eu-central-1-prod-bucket.s3.eu-central-1.amazonaws.com
  • tf-cswitch-backup-config-dump-us-east-2-prod-bucket.s3.us-east-2.amazonaws.com
  • tf-cswitch-backup-config-dump-us-west-2-prod-bucket.s3.us-west-2.amazonaws.com
  • tf-cswitch-backup-config-dump-ap-south-1-prod-bucket.s3.ap-south-1.amazonaws.com
  • tf-cswitch-backup-config-dump-ap-northeast-1-prod-bucket.s3.ap-northeast-1.amazonaws.com
  • tf-cswitch-backup-config-dump-ap-southeast-2-prod-bucket.s3.ap-southeast-2.amazonaws.com
  • tf-cswitch-backup-config-dump-sa-east-1-prod-bucket.s3.sa-east-1.amazonaws.com
  • tf-cswitch-backup-config-dump-ca-central-1-prod-bucket.s3.ca-central-1.amazonaws.com

Tip

You can use wildcards or a regular expression to allow the tf-cswitch-backup-config-dump prefix with the amazonaws.com domain.

Network requirements

Switches must be able to communicate with Sophos Central. You must have DHCP and DNS servers to provide an IP address to the access point and answer its IPv4 DNS requests. See Connecting the switch to a network.

When adding switches to your network with 2.5 Gbps, 5 Gbps, and 10 Gbps ports, we recommend that you review your existing network hardware and connections to make sure they can deliver those speeds. See Network cable design and component planning.

More resources