Our Sophos Management Server is installed behind a Palo Alto firewall, which is used to centrally update and manage all internal Sophos clients.
After new installation of this Sophos Management Server, we found update from Internet always failed. The Palo Alto firewall rule was configured to use FQDN addresses as destination. Based on Sophos support site,
“The Sophos Update Manager (SUM) server uses port 80 (http) and requires access to the following eight addresses: