The Sophos Central client requires an internet connection to install. But there is an easy way for a Sophos Central offline installation.
If you are using Sophos Central for your endpoints, you might have noticed that the installer requires an internet connection to successfully install. This is a nasty requirement especially when you are separating your deployment environment from your other networks and the internet.
The good news: Sophos is providing an easy way to let your clients install Sophos without an internet connection.
Step 1: Cache/Relay server
The first step is to install a Cache/Relay server. This will basically install a small service in your server(s) which allows your clients to download updates from them instead of the Sophos Central cloud. Additionally it allows clients to communicate with the Central cloud using this server as a relay. This means that your relay server(s) need internet access to the Central cloud, but your clients communicate internally only.
To install the cache servers, open the “Manage Update Caches and Message Relays” view: https://central.sophos.com/manage/config/settings/update-caches-message-relays.
Here you will get a list of all your servers. Already existing update caches will have their statistics shown next to the name and IP.
To install a new cache, select the server and click on the button “Set Up Cache/Relay”. This will start the installation. Note that this may take a few minutes plus more time to download the updates from Sophos Central.
Step 2: Installation of the client
After you have installed the cache/relay server, you can download the installer for your operating system.
To use your message relay(s), you need to know the IP of the server(s) plus the port of the relay service (Default is port 8190).
The parameter is –messagerelays= plus the IPs comma separated with the port specified.
The command line with 2 relay servers with the IPs 10.1.2.3 and 10.1.2.4 and the default port would be:
There are additional parameters available. For a complete list, check the Sophos Central documentation.