Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=client-downloads

Client downloads

Use these settings to download the clients and components that support single sign-on, transparent authentication, and email encryption.

You can use transparent clientless authentication through STAS or authentication through the clients installed on users' endpoints.

Single sign-on

Sophos Transparent Authentication Suite (STAS): Enables transparent authentication whereby Windows credentials can be used to authenticate and the user is required to log on once only to access network resources. This does not require a client on the user’s machine.

Authentication clients

You must install the client authentication agent and server CA on all your endpoint computers. You can download these files and share them with users. Alternatively, users can download these from the user portal and install them on their endpoints. The client authentication agent communicates through IP address 1.2.3.4 and port 9922. When users sign in to the client, they're signed directly into the network through the firewall.

Select one of the following options:

  • Download MSI: Download and share the MSI authentication client (client authentication agent) with users. You can use this with Windows Installer to automate the installation.
  • Download CA for MSI: Download the CA certificate and share it with users. The authentication client uses the CA to establish a TLS connection with the firewall for user authentication.
  • Download for Windows: Download the client authentication agent installer for Windows. The installer contains the client authentication agent and the authentication server CA.
  • Download for macOS: Download the client authentication agent installer for macOS. The installer contains the client authentication agent and the authentication server CA.
  • Download for Linux 32: Download the client authentication agent installer for Linux 32-bit systems. The installer contains the client authentication agent and the authentication server CA.
  • Download for Linux 64: Download the client authentication agent installer for Linux 64-bit systems. The installer contains the client authentication agent and the authentication server CA.

Warning

If you reset the firewall to factory configuration, it reconfigures the CA certificate. Users must reinstall the CA certificate.

The client authentication agent supports the following operating systems:

  • Windows 10 and later
  • Linux: Ubuntu 16.4 and later
  • macOS Catalina (10.15) and later

SPX Add-In

The SPX add-in allows users to encrypt outgoing messages using Sophos Email Protection directly from Microsoft Outlook.

Note

SPX isn't available in XGS 87(w) firewalls.

For an interactive installation, run setup.exe.

For an unattended installation, run the installer as follows:

msiexec /qr /i SophosOutlookAddInSetupUTM.msi T=1 EC=3 C=1 I=1

Unattended installations require the following:

  • Windows XP, Windows Vista, Windows 7, or Windows 8 (both 32 and 64-bit)
  • Microsoft Outlook 2007 SP3, 2010 or 2013 (both 32 and 64-bit)
  • Microsoft .NET Framework 4 Client Profile
  • Microsoft Visual Studio 2010 Tools for Office Runtime 4.0

More resources