Skip to content



  • One separate Windows server for each Sophos Mobile server node.
  • All nodes must be on the same network.
  • One Microsoft SQL or MySQL database server or cluster.
  • Sophos UTM or Apache Reverse Proxy (mod_proxy) for load balancing. Load balancer must support permanent session cookies and official SSL/TLS web server certificates.

For detailed information about the installation requirements see the Sophos Mobile release notes.


For an example of a three-node Sophos Mobile cluster, see “Architecture examples” in the Sophos Mobile server deployment guide.

For multicast communication between the individual Sophos Mobile server nodes, optionally a separate network can be used. The network interface to be used can be selected during cluster configuration, as described in Set up the first node. It may also be a VLAN.


If you want to operate a second Sophos Mobile cluster for test purposes, a separate network is needed.

Ports and protocols

The following table shows the required ports and protocols for communication between the individual nodes of a Sophos Mobile server cluster.

Protocol Ports Destination
TCP 7600, 8181, 57600 <Incoming>
TCP 7600, 8181, 57600 <Outgoing>
UDP 45700 <Incoming>

Server certificates

When you set up Sophos Mobile, you configure an SSL/TLS web server certificate that allows the Sophos Mobile Control app to establish a secure connection to the Sophos Mobile server. We recommend that you use a certificate that is issued by a globally trusted certificate authority (CA). In a clustered environment with several Sophos Mobile server nodes behind a load balancer, this might not be practical. You might want to use a self-signed certificate instead.