Skip to content

Download client

You can download the authentication clients and server CA certificates for your endpoints. You can also download the SPX email encryption client.

When you sign in to the authentication clients, you're signed directly into the network.

The client authentication agent supports the following operating systems:

  • Windows 10 and later
  • Linux: Ubuntu 16.4 and later
  • macOS Catalina (10.15) and later

Authentication clients and server CAs for computers

You can download and install the authentication clients and server CAs on Windows, macOS, and Linux. The downloaded file contains the authentication client and the authentication server CA. Authentication clients use the CA to establish a TLS connection with the firewall for user authentication. Click on your operating system for download and installation instructions.

To download and install Client Authentication Agent on Windows, do as follows:

  1. Sign in to the User Portal.
  2. Go to Download client > Authentication clients.
  3. Click Download for Windows.
  4. Locate and run client_auth_agent.exe on your computer.
  5. Click Next.
  6. Choose an installation location.
  7. Choose a start menu folder.
  8. Click Install.
  9. Click Finish to close the installer and launch Client Authentication Agent.

To download and install Client Authentication Agent on macOS, do as follows:

  1. Sign in to the User Portal.
  2. Go to Download client > Authentication clients.
  3. Click Download for macOS.
  4. Locate and open Client+Authentication+Agent.dmg on your computer.
  5. Drag each icon to it's respective folder to complete the installation.
  6. Quit the installer.
  7. Go to Applications and launch Client Authentication Agent.

To download and install Client Authentication Agent on Linux, do as follows:

  1. Sign in to the User Portal.
  2. Go to Download client > Authentication clients.
  3. Click one of the following:

    • Download for Linux 32
    • Download for Linux 64
  4. Locate caa_x32.tar.gz or caa_x64.tar.gz on your computer.

  5. Run the following command to extract the archive into your home directory, replacing <FILENAME> with the name of the file you downloaded.

    sudo tar -xzvf <FILENAME> -p -C $HOME
    

    You should see the following directories and files in your home directory:

    /.caa/
    /.caa/ca-cert.pem
    /.caa/caa.conf
    /.caa/README
    /bin/
    /bin/caa
    
  6. Type the following command to move /bin/caa to /usr/local/bin.

    sudo mv ~/bin/caa /usr/local/bin
    

    Note

    You can run /bin/caa from any directory you choose so long as you add that directory to $PATH.

  7. Open /caa/caa.conf in a text editor. You should see the following details:

    Copernicus host: 1.2.3.4
    Username: USERNAME
    Password: PASSWORD
    
  8. Replace 1.2.3.4 with the IP address of the firewall.

  9. Replace USERNAME with your username and PASSWORD with your password.

    Note

    Your plain text password is encrypted the first time you run the agent.

  10. Save the file.

  11. Run caa to start Client Authentication Agent.

    Note

    The /.caa/README file contains options you can use with the caa command.

When you sign in to the client, you're signed directly into the network through the firewall.

Authentication server CA for Android and iOS devices

Sophos Network Agent is an authentication client. It enables Sophos Firewall to authenticate local network users using mobile devices running Android and iOS devices.

Warning

Sophos Network Agent reached End of Life (EOL) on September 1, 2023.

Download certificate for iOS 12 and earlier and Android client: If you have an Android or iOS 12 and earlier device, download and install this authentication server CA certificate on your mobile device. For more information about how to do this, see Use Sophos Network Agent for iOS 12 and Android devices.

Install client certificate in iOS 13 and later: This installer contains the authentication server CA certificate for iOS 13 and later devices. Do as follows:

  1. If your administrator has shared a signing CA certificate with you, install the signing CA (Default CA) on your mobile device and turn on trust for the CA. For more information about how to do this, see Use Sophos Network Agent for iOS 13 devices.

  2. Click the link on the user portal to import the authentication server CA for authentication directly to your iOS 13 device.

The client authentication agent supports the following operating systems:

  • iOS 8.0 and later
  • Android 4.1 and later

SPX add-in

This feature is available only with a valid Email Protection subscription

This feature is available in Sophos Firewall Models XG 105 and later and all Sophos UTM Models.

Click Download Sophos Outlook Add-in to download and install the SPX add-in. The SPX add-in simplifies the encryption of messages that contain sensitive or confidential information leaving the organization. The add-in integrates seamlessly with the user's Microsoft Outlook software, making it easy for users to encrypt messages through Sophos Firewall Email Protection.

Do as follows to install the add-in in Microsoft Outlook:

  1. Unzip the files to a temporary folder.
  2. For an interactive install, run setup.exe (users will be prompted for input).
  3. For an unattended install, run the installer with the following parameters:

    msiexec /qr /i SophosOutlookAddInSetup.msi T=1 EC=3 C=1 I=1