Skip to content

Default services

Sophos Firewall communicates with these default hostnames, IP addresses, and ports.

Component URL Ports Description
nsxld 4.sophosxl.net 443 Web categorization and IP reputation.
DDNS checkip.cyberoam.com 80 Dynamic DNS check IP service.
Up2Date

u2d.sophos.com

ap-southeast-1.u2d.sophos.com

eu-west-1.u2d.sophos.com

eu-central-1.u2d.sophos.com

ap-northeast-1.u2d.sophos.com

us-west-2.u2d.sophos.com

us-east-1.u2d.sophos.com

d30ncyzaneb4q0.cloudfront.net

d3tusa5dvomhzy.cloudfront.net

xg-up2date-patterns.sophosupd.com

xg-up2date-firmwares.sophosupd.com

443 Up2Date checks for new updates of SFOS firmware, AP and RED firmware, ATP, Sophos and Avira antivirus, authentication clients, IPS and application signatures, SSL VPN clients, and WAF.
Commtouch AV (for Small Boxes) oem.avdl.ctmail.com 80 Additional antivirus scanner.
Heartbeat

utm.cloud.sophos.com

dzr-utm-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com

80

443

For Sophos Security Heartbeat.
RED

red.astaro.com

red-prov-eu.astaro.com

red-prov-as.astaro.com

red-prov-us.astaro.com

TCP 3400, UDP 3410 Provisioning server for RED devices.
Licensing

eu-prod-utm.soa.sophos.com/api/device/1/applianceactivation

eu-prod-utm.soa.sophos.com/api/device/1/accountregistration

eu-prod-utm.soa.sophos.com/api/device/2/license

eu-prod-utm.soa.sophos.com/api/device/1/subscription

eu-prod-csr.soa.sophos.com/api/certificate/1/signing

eu-prod-utm.soa.sophos.com/api/device/1/appliance

443 License synchronization and activation.
SAR report sarreport.sophos.com 443 Security Audit Report (SAR) server.
APU

dispatch.apu.sophos.com

eu1.apu.sophos.com

eu2.apu.sophos.com

22 Support access proxy.
Sandbox

sandbox.sophos.com

eu.sandbox.sophos.com

us.sandbox.sophos.com

apac.sandbox.sophos.com

443 Zero-day protection sandboxing technology.
NTP pool.ntp.org 123 Network time protocol.
Telemetry sftelemetry.sophos.com 443 Telemetry data.
Sophos Central

dzr-utm-amzn-us-west-2-fa88.upe.p.hmr.sophos.com

utm.cloud.sophos.com/api/utm

443 Synchronized Application Control. Manage your Sophos Firewall devices centrally through Sophos Central.
Firewall management in Sophos Central *.sophos.com TCP 22, 443 Allow access to dynamic hostnames matching *.sophos.com.
Central Firewall Reporting (CFR)

tf-presigned-url-eu-central-1-prod-firewall-bucket.s3.eu-central-1.amazonaws.com

tf-presigned-url-eu-west-1-prod-firewall-bucket.s3.eu-west-1.amazonaws.com

tf-presigned-url-us-west-2-prod-firewall-bucket.s3.us-west-2.amazonaws.com

tf-presigned-url-us-east-2-prod-firewall-bucket.s3.us-east-2.amazonaws.com

tf-presigned-url-ap-south-1-prod-firewall-bucket.s3.ap-south-1.amazonaws.com

tf-presigned-url-ap-northeast-1-prod-firewall-bucket.s3.ap-northeast-1.amazonaws.com

tf-presigned-url-ca-central-1-prod-firewall-bucket.s3.ca-central-1.amazonaws.com

tf-presigned-url-sa-east-1-prod-firewall-bucket.s3.sa-east-1.amazonaws.com

tf-presigned-url-ap-southeast-2-prod-firewall-bucket.s3.ap-southeast-2.amazonaws.com

443 Send the firewall reports and logs to Sophos Central.
Sophos Central Firewall backup

cloud-prod-eu-central-1-firewall-backup.s3.eu-central-1.amazonaws.com

cloud-prod-eu-west-1-firewall-backup.s3.eu-west-1.amazonaws.com

cloud-prod-us-east-2-firewall-backup.s3.us-east-2.amazonaws.com

cloud-prod-us-west-2-firewall-backup.s3.us-west-2.amazonaws.com

firewall-backup-stn100bom-20220430122926302800000001.s3.ap-south-1.amazonaws.com

firewall-backup-stn100gru-20220419140115774600000001.s3.sa-east-1.amazonaws.com

firewall-backup-stn100hnd-20220430122814948900000001.s3.ap-northeast-1.amazonaws.com

firewall-backup-stn100syd-20220430122831596300000001.s3.ap-southeast-2.amazonaws.com

firewall-backup-stn100yul-20220414141327508400000001.s3.ca-central-1.amazonaws.com

443 Back up and restore Sophos Firewall configurations from Sophos Central.

More resources