Prerequisites:
- All required email servers are accessible. The EAS proxy installer will not configure
connections to servers that are not available.
- You are an administrator on the computer where you install the EAS proxy.
- You know the URL of the Sophos Mobile server.
See Determine the Sophos Mobile server URL.
Note The
Sophos Mobile server deployment guide contains schematic diagrams for the integration of the standalone EAS proxy
into your company’s infrastructure. We recommend that you read the information before performing the
installation and deployment of the standalone EAS proxy.
-
Run Sophos Mobile EAS Proxy Setup.exe to start the Sophos Mobile EAS Proxy - Setup Wizard.
-
On the Choose Install Location page, choose the destination
folder and click Install to start installation.
After the installation has been completed, the Sophos Mobile EAS
Proxy - Configuration Wizard is started automatically and guides you through the
configuration steps.
-
In the Sophos Mobile server configuration dialog, enter the URL
of the Sophos Mobile server the EAS proxy will connect to.
If required, select Use proxy server to configure a proxy
server that the EAS proxy uses to connect to the Sophos Mobile
server.
You should also select Use SSL for incoming connections (Clients to EAS
Proxy) to secure the communication between clients and the EAS proxy.
Optionally, select Use client certificates for
authentication if you want the clients to use a certificate in addition to the
EAS proxy credentials for authentication. This adds an additional layer of security to the
connection.
-
If you selected Use SSL for incoming connections (Clients to EAS
Proxy) before, the Configure server
certificate page is displayed. On this page you create or import a certificate for
the secure (HTTPS) access to the EAS proxy.
- If you do not have a trusted certificate yet, select Create
self-signed certificate.
- If you have a trusted certificate, click Import a certificate from
a trusted issuer and select one of the following options from the list:
- PKCS12 with certificate, private key and certificate chain
(intermediate and CA)
- Separate files for certificate, private key, intermediate
and CA certificate
-
On the next page, enter the relevant certificate information, depending on the type of certificate
that you selected.
Note For a self-signed certificate, you need to specify a server that is accessible from the client
devices.
-
If you selected Use client certificates for authentication
before, the SMC client authentication configuration page is
displayed. On this page, you select a certificate from a certification authority (CA), from which
the client certificates must be derived.
When a client tries to connect, the EAS proxy will check if the client certificate is derived from
the CA that you specify here.
-
On the EAS Proxy instance setup page, configure one or more EAS
proxy instances.
-
After entering the instance information, click Add to add the
instance to the Instances list.
For every proxy instance, the installer creates a certificate that you need to upload to the
Sophos Mobile server. After you have clicked Add, a message window opens, explaining how to upload the certificate.
-
In the message window, click OK.
This will open a dialog, showing the folder in which the certificate has been created.
Note You can also open the dialog by selecting the relevant instance and clicking the
Export config and upload to Sophos Mobile server link
on the EAS Proxy instance setup page.
-
Make a note of the certificate folder. You need this information when you upload the certificate to
Sophos Mobile.
- Optional
Click Add again to configure additional EAS proxy
instances.
-
When you have configured all required EAS proxy instances, click Next.
The server ports that you entered are tested and inbound rules for the Windows Firewall are
configured.
-
On the Allowed mail user agents page, you can specify mail user
agents (i.e. email client applications) that are allowed to connect to the EAS proxy. When a client
connects to the EAS proxy using an email application that is not specified, the request will be
rejected.
- Select Allow all mail user agents to configure no
restriction.
- Select Only allow the specified mail user agents and
then select a mail user agent from the list. Click Add to
add the entry to the list of allowed agents. Repeat this for all mail user agents that are
allowed to connect to the EAS proxy.
-
On the Sophos Mobile EAS Proxy - Configuration Wizard finished
page, click Finish to close the configuration wizard and
return to the setup wizard.
-
In the setup wizard, make sure that the Start Sophos Mobile EAS Proxy
server now check box is selected, then click Finish to complete the configuration and to start the Sophos Mobile EAS proxy for the first time.
To complete the EAS proxy configuration, upload the certificates that were created for every
proxy instance to Sophos Mobile:
-
Sign in to Sophos Central Admin and go to
Mobile.
-
On the menu sidebar, under SETTINGS, click , and then click the EAS proxy tab.
-
Under External, click Upload a file. Upload the certificate created during
configuration.
If you have set up more than one instance, repeat this for all instance
certificates.
-
Click Save.
-
In Windows, open the Services dialog and restart the
EASProxy service.
This completes the initial setup of the standalone EAS proxy.
Note Every day, the EAS proxy log entries are moved to a new file, using the naming pattern
EASProxy.log.yyyy-mm-dd. These daily log files are not deleted automatically
and thus may cause disk space issues over time. We recommend that you set up a process to move the log
files to a backup location.