Skip to content
Last update: 2021-10-15

Default services

Sophos Firewall communicates with these default hostnames, IP addresses, and ports.

Component URL Ports Description
Wing primary.wing.sophosxl.net

peak.wing.sophosxl.net
80

443

6060

6061
Web proxy categorization.
nsxld 4.sophosxl.net 443 Web categorization in version 17 and later.
DDNS checkip.cyberoam.com 80 Dynamic DNS check IP service.
Up2Date u2d.sophos.com

ap-southeast-1.u2d.sophos.com

eu-west-1.u2d.sophos.com

eu-central-1.u2d.sophos.com

ap-northeast-1.u2d.sophos.com

us-west-2.u2d.sophos.com

us-east-1.u2d.sophos.com
443 Up2Date checks for new updates of SFOS firmware, AP and RED firmware, ATP, Sophos and Avira antivirus, authentication clients, IPS and application signatures, SSL VPN clients, and WAF.
Commtouch AS iprep%d.t.ctmail.com

resolver%d.ast.ctmail.com
80

443
Anti-spam scanner.
Commtouch AV (for Small Boxes) oem.avdl.ctmail.com 80 Additional antivirus scanner.
Heartbeat utm.cloud.sophos.com

dzr-utm-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com
80

443
For Sophos Security Heartbeat.
RED red.astaro.com

red-prov-eu.astaro.com

red-prov-as.astaro.com

red-prov-us.astaro.com
TCP & UDP 3400 (RED 10)

TCP 3400, UDP 3410 (All others)
Provisioning server for RED devices.
Licensing eu-prod-utm.soa.sophos.com/api/device/1/applianceactivation

eu-prod-utm.soa.sophos.com/api/device/1/accountregistration

eu-prod-utm.soa.sophos.com/api/device/2/license

eu-prod-utm.soa.sophos.com/api/device/1/subscription

eu-prod-csr.soa.sophos.com/api/certificate/1/signing

eu-prod-utm.soa.sophos.com/api/device/1/appliance
443 License synchronization and activation.
SAR report sarreport.sophos.com 443 SAR (Suspicious Activity Report) server.
SCFM us-e1.cfm.sophos.com/

eu-w1.q.cfm.sophos.com/

eu-w1.d.cfm.sophos.com/
443 Sophos Central Firewall Manager.
APU dispatch.apu.sophos.com

eu1.apu.sophos.com

eu2.apu.sophos.com
22 Support access proxy.
Sandbox sandbox.sophos.com

eu.sandbox.sophos.com

us.sandbox.sophos.com

apac.sandbox.sophos.com
443 Zero-day protection sandboxing technology.
NTP pool.ntp.org 123 Network time protocol.
Telemetry sftelemetry.sophos.com 443 Telemetry data.
Sophos Central dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com

utm.cloud.sophos.com/api/utm
443 Synchronized Application Control. Manage your Sophos Firewall devices centrally through Sophos Central.
Central management us-e1.cfm.sophos.com 443 Central firewall management.
Firewall management in Sophos Central *.sophos.com TCP 22, 443 Allow access to dynamic hostnames matching *.sophos.com.

More resources

Back to top