Understanding Mode and Model Differences

The Sophos Web Appliance is available in a variety of models, each capable of providing web browsing security and control features for different numbers of end users.

Larger and multi-location organizations can use multiple web appliances grouped together by a common management appliance to provide web security and control support for their various locales and a large number of end users. Management appliances centralize control of policy and configuration data and consolidate reports. In order to group two or more appliances together, you must purchase a Sophos Management Appliance.

Sophos web appliances can operate in standalone or joined mode. The management appliance (purchased separately) can be joined to one or more web appliances for centralized management. The user interface options differ, depending on whether it is a standalone web appliance, a joined web appliance, or a management appliance.

  • Standalone Web Appliance: The default mode for a web appliance. It can be joined to a Sophos Management Appliance with Central Management options.
  • Joined Web Appliance: A standalone web appliance that has been joined to a Sophos Management Appliance with Central Management options.
  • Sophos Management Appliance: An appliance with the dedicated purpose of central management. When joined to other appliances, it is used for centralized reporting as well as centralization of configuration and policy data.

Modes and Models in the Documentation

The administrative user interface varies slightly, depending on the mode or if you are managing grouped appliances from a management appliance.

Many administrative interface pages described in this documentation are not available on a joined web appliance; the functionality is shifted to the management appliance so that you can configure settings for multiple appliances from a single location.

The Reports and Search tabs are grayed out, and most of the Configuration tab’s options seen on the sidebar of a management appliance or standalone appliance do not appear on a joined web appliance. The documentation notes all instances where options are available but differ from one appliance mode to another.

Throughout the documentation, you will see notes containing this “grouped appliance” icon. These notes describe which user interface options are available for which modes and models.

The availability of pages of the administrative web interface are outlined in the table below.

Administrative web interface page(s) Standalone Web Appliance Joined Web Appliance Sophos Management Appliance
Dashboard Yes Yes, but no report links Yes; additional Select View option to see only information for a specific appliance; for All appliances option, numbers are totals or averages
Configuration Landing Page Yes no post-installation tasks; the only quick task is Configure Central Management Yes
Accounts > Administrators Yes Yes, but accounts are for the local system only Yes
Accounts > Notification Pages Yes None Yes
Group Policy Yes Policy Test only Yes
Global Policy Yes Only General Options page, which has only "Cache settings" Yes; the General Options page has no "Cache settings"
System > Updates Yes Status info & Update button only Yes
System > Backup Yes None Yes; added Report data backup option
System > Restore Yes None Yes
System > Alerts & Monitoring Yes Syslog only Yes
System > Active Directory Yes Yes; no LDAP access options (LDAP data is downloaded from the management appliance) Yes
System > Time Zone Yes Yes Yes
System > Central Management (each unique) Join management appliance Revert to standalone Set "Join" options
Network > Network Interface Yes Yes Yes; no Deployment mode menu, no Configure button
Network > Hostname Yes Yes Yes; no DNS search suffixes or Accept authentication from downstream ISA/TMG servers options
Network > Network Connectivity Yes Yes Yes
Network > Diagnostic Tools Yes Yes Yes
Reports Yes None Yes; per appliance reports available for Volume, Latency and Throughput
Searches Yes None Yes
System Status Yes Yes Yes; a Remove button is available in the web appliance view on the management appliance for breaking the connection with that appliance