The following list of frequently asked questions about Sophos Email Security Appliances is updated with answers from Sophos support engineers.

 

1. What are Sophos Email Security Appliances?

Sophos Email Security Appliances are enterprise-class SMTP gateway security appliances. The are designed to deliver effective and reliable protection against email-borne threats, including viruses, spam, spyware, Trojans, phishing and other harmful inbound or outbound email. Compact and easy to manage, they feature a hardened operating system with optimized software, automatic updates, a highly functional user interface and preset policy options.
There are two models: ES4000, for organizations with up to 80,000 messages per hour, and ES1000, for organizations with up to 20,000 messages per hour.

 

2. How do I evaluate Sophos Email Security Appliances?

You can request a 14 or 30 day evaluation - contact Foursys.

 

3. What is the turnaround time for evaluation appliances and replacement components?

You should receive a ready-to-test evaluation unit within 48 hours of Sophos receiving an approved request. Replacement components (ES4000 only) or replacement units under warranty will ship within 24 hours after Sophos receives failure notification (plus any shipping/custom delays beyond our control).

 

4. What is the pricing and licensing structure?

Our structure is very straightforward. There is one price for the hardware, and a separate per user/per year price for licenses and support. For complete pricing and licensing information, contact Foursys.

 

1. What network infrastructure do the appliances require?

Both models are built on a compact 1U design requiring only one slot in a standard server rack. The ES4000 has two power supplies, whereas the ES1000 only has one.

 

2. What are the hardware specifications?

 

 

3. How is email protected by Sophos?

Threat protection is delivered by SophosLabs, our global network of threat analysis centres. We collect the data, operate the labs 24/7, own the technology and deliver the service. This integrated approach to security provides a unique ability to respond to today's multi-vector attacks.

 

4. What anti-spam measures do these appliances use?

These appliances feature a multi-layered approach to spam detection, utilising a range of techniques that are automatically balanced for optimum performance and minimum latency. These techniques include reputation filtering, Behavioral Genotype, heuristics, checksum-based spam identities and URI (Uniform Resource Identifier) filtering. This "cocktail" methodology covers a wider range of spam characteristics, making it harder for spammers to evade our filters and yielding a higher catch rate, with far fewer false positives. In an independent test conducted in December 2005 by Veritest, Sophos had a spam catch rate of 98.9%.

 

5. What software is installed on them?

Thy feature the following software components, which are fully optimised, controlled and automatically updated by Sophos:

6. Do customers need UNIX experience to use these appliances?

No UNIX experience is required. The operating system is hardened and locked down for optimum performance. There is no need for command line access, as all administrative functions are easily accessed through the web-based management console.

 

7. Do they support directory services?

Yes. Both models automatically detect common LDAP settings and configurations, enabling policy enforcement and authentication by user. They synchronise with LDAP to ensure that email continues to flow if the LDAP server fails, and notifies the administrator of a failure via email and on the system status page of the management console. SMTP recipient validation is used in the absence of LDAP authentication.

 

1. How are the appliances configured?

Configuration is performed using the QuickStart guide shipped with every appliance, and a simple wizard-based setup accessed via a web browser.

From first boot-up of the appliance, customers will have instant gateway protection that is fully optimised, with built-in redundancy - the easiest, fastest and safest deployment available on the market today.

 

2. If customers evaluate an appliance, will they have to re-install it for regular service?

No. The appliances include built-in evaluation modes, which enable an easy switch from evaluation to pilot, and fully operational modes.

 

3. How do upgrades and updates work?

Sophos Email Security Appliances automatically apply threat definition updates and software upgrades. Customers choosing to install non-critical software upgrades manually with be notified of their availability, and will receive timely notifications of any delays. All software upgrades will be automatically installed after 7 days.

 

1. How does an IT administrator manage the appliances?

Sophos Email Security Appliances feature a finely tuned management console that is accessible from any modern web browser.

 

2. Is there command line access?

No. The adminstrative functions are performed through the web-based management console, so no command line access is required.

 

3. What kind of policy control is included?

Sophos Email Security Appliances are based on our award-winning product, PureMessage, incorporating best practice default policy settings and a range of other optional settings. These capabilities reduce time spent on setting policy, and enhance the ease of use.

 

4. How are the components integrated?

We own and control all mission-critical security components, right down to the operating system and MTA. These components are completely integrated and fully optimised, offering higher capacity and more reliable performance than the multiple applications from different vendors patched together on most competitive appliances.

 

5. Can someone without administrative privileges quarantine infected files?

No. However, any file found to contain a virus is immediately blocked, thereby preventing access and any further infection. The administrator is then informed.

 

6. How can administrators review and manage policy, reports and logs?

The most important day-to-day tasks and reports are directly available to administators via the web-based managment console dashboard. The dashboard provides easy control of the email gateway and an instant view of system performance, with advanced monitoring and reporting of mail traffic trends and protection status.

 

7. What kind of reporting is provided?

The web-based management console offers easily accessible, function and quick contextual reporting designed for specific audiences in the organisation (e.g. CIO, CTO, CEO). The appliances can convert statistics into intelligent reports that not only tell customers what's happening, but how it affects their organisation and what it really means for their email network security.

 

8. Can the administrator use external applications to run custom reports?

No. The administrator can only use the reports included with the management console to view system data. However, many reports do allow the administrator to set parameters.

 

1. What is the peak load performance?

The ES4000 easily handles up to 80,000 messages per hour, while the ES1000 can handle approximately 20,000 messages per hour. Both models are designed specifically for enterprise-class performance. Robust hardware, optimised anti-spam and anti-virus scanning and reputation filtering enable them to handle high message volume and unusual traffic surges.

 

2. How does the quarantine work?

Both models feature an on-board quarantine, eliminating the need for additional storage capacity on other servers and reducing the total cost of ownership. They also provide the administrator with powerful message forensics, including the ability to track messages, both in logs and in the quarantine. This greatly reduces the time spent dealing with lost-message inquiries and frees administrators for more critical business tasks.

 

3. How does the quarantine backup work?

The appliances are configured by the administrator to back up the quarantine to a network location of their choice via FTP (File Transfer Protocol). As soon as the disk usage reaches 85% (quarantine plus logs), data is automatically backed up to restore disk usage to no more than 70%. This feature ensures that they never run out of onboard storage space.

 

4. What types of alert are sent to Sophos support?

The system checks to make sure each licensed appliance is using the most up-to-date protection, and alerts the administrator and Sophos support in the event of a software anomaly or hadware component failure to ensure the quickest resolution possible. No information about mail flow or message content is passed on to Sophos.

 

5. How is system health monitored?

Sophos Email Security Appliances monitor their own health and protection status, and also features remote monitoring technology that lets Sophos track the appliance's connection status. (See What technologies are used to support the appliances?). Administrators have instant visibility of hardware health and protection status through the management console. In the event of hardware disruption, or protection becoming out of date, Sophos is alerted and the administrator is sent an email alert.

 

1. How is Sophos Email Security Appliances supported?

We provide the industry's best technical support exclusively for enterprises, with 24/7 assistance on the hardware, operating system, and all software components. We will respond directly to every support request, regardless of its nature.

Sophos Email Security Appliances are equipped with advanced monitoring and on-demand remote assistance technologies that deliver a new and truly superior customer support experience. These technologies ensure that every installed appliance is kept fully up to date and at its operational peak, with minimal administrative involvement.

 

2. What technologies are used to support the appliances?

Using advanced embedded technology, the appliances communicate with Sophos Support every five minutes, automatically receiving anti-virus and anti-spam updates and reporting on connection status. If a failure condition is detected, such as an out-of-date anti-spam engine or a failing hard drive, we will proactively initiate the appropriate support procedures, often before the customer even realises that there is a problem.

 

3. What if further assistance is required?

Administrators can initiate a reverse-tunnel SSH (Secure Shell) connection directly to Sophos Support. Open for four hours, this connection grants Sophos engineers remote access to the appliance for quicker issue resolution. Sophos Support does not have any access to the appliance unless it is initiated by the customer. The SSH connection can be renewed by the administrator if required.

 

4. How does Sophos maintain security during remote assistance sessions?

Unless initiated by the customer, Sophos Support does not have any access to the appliance. Acceptance of the remove connection request is fully logged (request source, time, date, location etc.) together with all Sophos Support keystrokes and mouse clicks. The SSH connection automatically closes after four hours.

 

5. Can remote monitoring be disabled?

Yes. Although remote monitoring ensures greater uptime and proactive support in the event of a disruption in performance, the administrator can disable this function.

 

6. What kind of support is included during evaluation?

Sophos will provide online and telephone support to assist customers with all aspects of the appliance throughout the evaluation period, as required.

 

7. Are support contacts different, depending on the issue?

No. Unlike our competitors, Sophos provides a single source for updates and support of software and hardware. Customers only need to make one call for support relating to spam, viruses, spyware, filtering, operating system and hardware.

 

8. What is the warranty on Sophos Email Security Appliances?

Each appliance comes with a hardware advance replacement warranty of up to three years, provided an active software licence agreement is in place to help your customers keep their networks up and running, even in the event of hardware failure.

 

If a hardware component or entire appliance requires replacement at any time during the warranty period, Sophos will cover the costs of the new appliance and delivery. The customer is responsible for the cost of returning the failed unit/component.