Skip to content

Update Caches and Message Relays๐Ÿ”—

Sophos Endpoint Agent enables you to optimize update delivery and communication with Sophos Central by using Update Caches and Message Relays. This guide explains what they are, how they work, and how you can set them up to improve bandwidth usage and connectivity in your environment.

Overview๐Ÿ”—

  • Update Cache: Allows computers to get agent updates from a local cache on your network, reducing bandwidth consumption.
  • Message Relay: Enables computers that canโ€™t contact Sophos Central directly to communicate through a relay on your network.

How Update Caches and Message Relays Work๐Ÿ”—

When you configure an Update Cache or Message Relay in your environment, it does the following:

  1. Installs the Sophos caching software (and relay software, if selected).
  2. Fetches updates from Sophos Central and stores them in the local cache.
  3. Automatically configures computers in your network to update from the cache and use the relay if needed.

You can also manually assign computers to use a specific cache or relay.

Note

Using Update Caches does not affect how often or when computers are updated.

Supported Operating Systems๐Ÿ”—

Devices Where You Can Set Up Update Caches and Message Relays๐Ÿ”—

  • Update Caches:
    • Windows Server 2008 R2 or later
    • Windows 10 (update caches only)
  • Message Relays:
    • Windows Server 2008 R2 or later

Tip

For both update caches and message relays, use Windows Server 2016 or later for best performance.

Devices That Can Use Caches and Relays๐Ÿ”—

  • Caches: Windows 7 and later (including servers)
  • Relays: Windows 7 and later (including servers)

Restrictions๐Ÿ”—

  • You can only set up a message relay on a server that also has an update cache.
  • You canโ€™t set up message relays on Windows 10.

Prerequisites๐Ÿ”—

Before setting up an update cache or message relay, ensure the following:

  • The device meets the operating system requirements.
  • At least 5 GB of free disk space is available.
  • Port 8191 is open to computers updating from the cache.
  • Port 8190 is open to computers using the relay.
  • Windows Firewall is automatically configured by the installer.

Note

If you use the Reject Network Connections feature in Sophos Firewall, it could prevent a cache from delivering updates.

Setting Up an Update Cache or Message Relay๐Ÿ”—

You can set up a cache and a relay together, a cache only, or add a relay to an existing cache.

To Set Up a Cache or Relay:๐Ÿ”—

  1. Navigate to My Products โ†’ General Settings in Sophos Central.

  2. Select Manage Update Caches and Message Relays under the General category.

    General Settings โ†’ Manage Update Caches and Message Relays

  3. In the filter above the table, select Cache Capable Servers or Cache Capable Computers to see suitable devices.

    Note

    To set up a relay on a server that already has a cache, select Devices with Update Cache.

  4. Select the devices where you want to set up a cache or relay.

  5. Click Set Up Cache.

If you select servers, the button appears as Set Up Cache/Relay.

Set Up Cache/Relay

Sophos Central automatically configures computers in your network to use the cache or relay. You can also manually assign computers to a specific cache or relay.

Tip

To ensure new computers get the latest Sophos Agent agent from a cache, set up your caches before deploying.

Assigning Computers to a Specific Cache or Relay๐Ÿ”—

You can manually assign computers to use a particular cache or relay if needed.

  1. Navigate to My Products โ†’ General Settings and select Manage Update Caches and Message Relays.
  2. Find the device where the cache or relay is installed.
  3. Select the link showing the number of computers in the Using Cache or Using Relay row.
  4. Select Manual Assignment.
  5. Select the computers to assign.
  6. Press Save.

Viewing Cache and Relay Usage๐Ÿ”—

To see which computers use update caches or message relays:

  1. Navigate to My Products โ†’ General Settings and select Manage Update Caches and Message Relays.

  2. In the device list, you can:

    • View which devices have update caches and message relays.
    • See the number of computers using each cache or relay.
    • Review update cache activity.

  3. Select a device to see detailed information on the computers using its update cache or message relay.

Removing an Update Cache or Message Relay๐Ÿ”—

Important

If you want to remove a cache that has computers manually assigned to it, reassign those computers first.

When you remove a cache or relay, Sophos Central does the following:

  • Uninstalls caching software and removes cached updates.
  • Closes port 8191 (cache) and, if applicable, port 8190 (relay) in Windows Firewall.
  • Uninstalls relay software if present.
  • Reconfigures affected computers to use another cache or relay if available, or to connect directly to Sophos Central.

If all caches or relays are removed, computers update and communicate directly with Sophos Central.

To Remove a Cache or Relay:๐Ÿ”—

  1. Go to My Products โ†’ General Settings and select Manage Update Caches and Message Relays.
  2. In the filter above the table, select Devices with Update Cache or Servers with Message Relay.
  3. Select the device(s) you want to remove.

  4. Select Remove Cache.

    Note

    If you selected a server, the button appears as Remove Cache/Relay.