Location roaming for laptops

Some laptop users may roam extensively or internationally within an organization. When location roaming is enabled (on an updating policy for roaming laptops), roaming laptops attempt to locate and update from the nearest update server location by querying other (fixed) endpoints on the local network they are connected to, minimizing update delays and bandwidth costs.

A roaming laptop gets update server locations and credentials by querying fixed computers on the same local network. If multiple locations are returned, the laptop determines which is nearest and uses that. If none work, the laptop uses the primary (then secondary) location(s) defined in its updating policy.

Note When fixed computers send update locations and credentials to the laptop, passwords are obscured both in transmission and storage. However, accounts set up for endpoints to read update server locations should always be as restrictive as possible, allowing only read-only access. See Specify where the software is placed.

If you want to know in more detail how location roaming works, see How does location roaming work?

Location roaming is only usable where:

  • There is a single common Sophos Enterprise Console for both roaming and fixed endpoints.
  • The fixed endpoints use the same software subscription as the roaming laptops.
  • There is a primary update location specified in the updating policy used by the roaming laptops.
  • Any third-party firewalls are configured to allow update location queries and responses. The port used is normally UDP port 51235 but is configurable; for details see Sophos knowledgebase article 110371.

You enable location roaming as part of specifying sources for updates. Location roaming should only be enabled on groups of machines that frequently move from office to office. For information on how to enable location roaming, see Change primary server credentials.

For frequently asked questions about location roaming, see Sophos knowledgebase article 112830.