Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=managed-risk-ips

Allow regional IP ranges for external vulnerability scans

The Managed Risk service uses cloud-based vulnerability scanners to scan your internet-facing assets and report any vulnerabilities.

To make sure the scanners can connect to assets and access as much data as possible, we request that you add the IP ranges for your Sophos Central account region to your firewall's allow list.

Find the IP ranges

To find the IP ranges to allow, do as follows:

  1. Look for the "Welcome to Sophos Managed Risk Service" email that we sent you or your authorized contacts when you subscribed to the service.

    The email tells you the region you need to allow.

    Note

    If you can't find the email, go to Threat Analysis Center > Cases and look for the welcome case we created. That case includes a message that shows the region.

  2. Go to Tenable's list of cloud-based scanners, also called "cloud sensors". See Cloud Sensors.

    In the list, find the IP ranges that correspond to your region.

Now add the IP ranges to your firewall's allow list.