Skip to content

Client downloads

Use these settings to download the clients and components that support single sign-on, transparent authentication, and email encryption.

You can use transparent clientless authentication through STAS and SATC or authentication through the clients installed on users' endpoints.

Single sign-on

Sophos Transparent Authentication Suite (STAS): Enables transparent authentication whereby Windows credentials can be used to authenticate and the user is required to log on once only to access network resources. This does not require a client on the user’s machine.

Sophos Authentication for Thin Client (SATC): Enables transparent authentication for users in Citrix or Terminal Services environments whereby network credentials can be used to authenticate and the user is required to log on once only. This does not require a client on the user’s machine. SATC supports only TCP connections, not UDP connections.

Authentication client and server CA with Windows Installer

If you use Windows Installer, users must install the following client authentication agent and server CA on their computers. You can download these files and share them with users. Alternatively, users can download these from the user portal and install them on their endpoints.

The authentication client uses the server CA to establish a TLS connection with Sophos Firewall for user authentication. When users sign in to the client, they're signed directly into the network through Sophos Firewall.

Download MSI: Download and share the MSI authentication client (client authentication agent) with users.

Download CA for MSI: Download the CA certificate and share it with users.

Note

If you reset Sophos Firewall to factory configuration, it reconfigures the CA certificate. Users must reinstall the CA certificate.

Authentication clients and server CAs for computers

Download and install one of the following on users' computers based on the operating system. The downloaded file contains the authentication client and the authentication server CA. Authentication clients use the CA to establish a TLS connection with Sophos Firewall for user authentication. When users sign in to the client, they're signed directly into the network through Sophos Firewall.

  • Download for Windows
  • Download for MAC OS X
  • Download for Linux (32 bit)
  • Download for Linux (64 bit)

Note

If you reset Sophos Firewall to factory configuration, it reconfigures the CA certificate. Users must download and reinstall the client and server CA.

Authentication server CA for Android and iOS devices

Sophos Network Agent is an authentication client. It enables Sophos Firewall to authenticate local network users using mobile devices running Android and iOS devices.

Users must first download Sophos Network Agent from the Play Store or the App Store depending on their device. They must then import the authentication server CA into the client to establish a TLS connection with Sophos Firewall for user authentication. When users sign in to the client, they're signed directly into the network through Sophos Firewall.

Download certificate for iOS 12 and earlier and Android client: Users with Android or iOS 12 and earlier devices must install this authentication server CA certificate on their mobile devices. You can download this CA and share it with users. Alternatively, users can download it from the user portal. To know more, see Use Sophos Network Agent for iOS 12 and Android devices.

Install client certificate in iOS 13 and later: This installer contains the authentication server CA certificate for iOS 13 and later devices. You can't download it and share it with users. The following steps are needed:

  1. Install the signing CA on users' devices. To import the authentication server CA for user authentication, Sophos Network Agent establishes a TLS connection with Sophos Firewall. To establish this connection, the client needs the signing CA certificate installed on the mobile device.

    If you're using a public CA for Sophos Firewall, iOS 13 and later devices allow the client to import the authentication server CA directly, and you can skip this step.

    However, if you're using a locally signed certificate for Sophos Firewall, you must set the certificate as the firewall certificate and share the signing CA (Default CA) with users. For more information about how to do this, see Use Sophos Network Agent for iOS 13 devices.

  2. Users must import the authentication server CA for authentication. To enable Sophos Firewall to authenticate users, the Sophos Network Agent needs the authentication server CA installed. For iOS 13 and later devices, Sophos Network Agent directly imports this CA certificate through the user portal. So, users must download the CA directly to their mobile device from the user portal.

Note

If you reset Sophos Firewall to factory configuration, it reconfigures the CA certificate. Users must reinstall the CA certificates.

SPX Add-In

The SPX add-in allows users to encrypt outgoing messages using Sophos Email Protection directly from Microsoft Outlook.

For an interactive installation, run setup.exe.

For an unattended installation, run the installer as follows:

msiexec /qr /i SophosOutlookAddInSetupUTM.msi T=1 EC=3 C=1 I=1

Unattended installations require the following:

  • Windows XP, Windows Vista, Windows 7, or Windows 8 (both 32 and 64-bit)
  • Microsoft Outlook 2007 SP3, 2010 or 2013 (both 32 and 64-bit)
  • Microsoft .NET Framework 4 Client Profile
  • Microsoft Visual Studio 2010 Tools for Office Runtime 4.0

More resources

Back to top