Manage Update Caches and Message Relays
Sophos Update Cache enables your computers to get their Sophos Central updates from a cache on your network.
Getting Sophos Central updates from a cache on your network saves bandwidth, as updates are downloaded only once, by the device with the cache.
You can also enable computers to communicate with Sophos Central through a message relay on your network (for example, if they can't contact Sophos directly).
This help page tells you how caches and relays work and how you set them up.
How caches and relays work
When you set up a cache (and optionally a relay), Sophos Central does as follows:
- Installs Sophos caching software (and relay software).
- Fetches updates from Sophos and puts them in a cache.
-
Automatically configures computers in your network to update from a cache (and use a relay).
You can also assign computers to use a specific cache or relay.
Using caches doesn't affect how often or when computers are updated.
Computers where you can set up caches and relays
You can set up update caches and message relays on Windows Server 2008 R2 or later.
Note
Although Windows Server 2008 R2 is supported, we recommend you use Windows 2016 or later when you set up both update caches and message relays.
You can use Windows 10 if you want to set up update caches only.
Restrictions
- You can only set up a message relay on a server that also has an update cache.
- You can't set up message relays on Windows 10.
Computers that can use caches and relays
Computers can use caches or relays as follows:
- Windows 7 and later (including servers), Macs, and Linux computers can get updates from a cache.
- Windows 7 and later (including servers) and Linux computers can use a relay.
Set up a cache/relay
You can set up a cache and a relay at the same time or a cache only. You can also set up a relay on a server that already has a cache.
Before you start, ensure that:
- If you want to set up update caches only, the device must run Windows 10 or later or Windows Server 2008 R2 or later.
- If you want to set up message relays only, the device must run Windows Server 2008 R2 or later.
- If you want to set up both update caches and message relays, we recommend the device runs Windows 2016 or later, although Windows Server 2008 R2 is also supported.
- The device has at least 5GB free disk space.
-
Port 8191 is available and accessible to computers that will update from the cache (and port 8190 for computers that will use a relay).
The installers will open ports 8191 and 8190 in Windows Firewall. When you uninstall an update cache or message relay, the ports are closed again.
Note
Computers can get the latest Sophos agent from a cache the first time you run the Sophos installer on them. You need to set up your caches before installation. If you have computers that can't connect to Sophos directly, you also need to set up message relays.
Note
If you use the Reject network connections feature (for Sophos Firewall customers), it could prevent a cache from delivering updates. To avoid this, see Reject network connections.
To set up a cache or a relay:
- Go to My Products > General Settings and click Manage Update Caches and Message Relays.
-
You see a list of your devices. In the filter above the table, click the drop-down arrow and select Cache Capable Servers or Cache Capable Computers to see which devices are suitable for a cache or relay.
If you want to set up a relay on a server that already has a cache, select Devices with Update Cache
-
Select the devices where you want to set up a cache or relay.
-
Click Set Up Cache.
This button shows as Set Up Cache/Relay if you select servers.
Sophos Central automatically configures computers in your network to use a cache or relay. You can also manually assign computers to use a specific cache or relay.
Assign computers to a cache/relay
You can manually assign computers to use a specific cache or relay.
- Go to My Products > General Settings and click Manage Update Caches and Message Relays.
- Look for the device on which the cache or relay is installed. Then click the link displaying the number of computers in the Using Cache row or the Using Relay row.
- Click Manual assignment.
- Select the computers.
- Click Save.
See which computers use caches and relays
To see which computers update from caches or use relays, do as follows:
- Go to My Products > General Settings and click Manage Update Caches and Message Relays.
-
In the list of your devices, you can do as follows:
- View which devices have update caches and message relays.
- See how many computers are using those caches and relays.
- See the update caches' activity.
- Click a device to see the details of the computers using its update cache or message relay.
Remove a cache/relay
Note
If you want to remove a cache that has computers manually assigned to it, you must reassign them first.
When you remove a cache, Sophos Central does as follows:
- Uninstalls caching software, removes the cache of downloaded updates, and closes port 8191 in Windows Firewall.
- Uninstalls the message relay software (if installed) and closes port 8190 in Windows Firewall.
- Reconfigures computers that update from this cache to update from another update cache, if you have one.
- Reconfigures computers that use the relay to use another message relay, if you have one.
If you remove all your caches, computers will update directly from Sophos.
If you remove all your message relays, computers will communicate directly with Sophos Central.
To remove a cache or relay:
- Go to My Products > General Settings and click Manage Update Caches and Message Relays.
-
In the filter above the table, click the drop-down arrow and select Devices with Update Cache to see which devices have a cache set up.
You can also select Servers with Message Relay to see which servers have a message relay set up.
-
Select the device or devices you want to remove a cache or relay from.
-
Click Remove Cache.
If you selected a server, this button shows as Remove Cache/Relay.