: Create a forward-zone for anydesk.com that points to a non-existent internal IP, as suggested by experts in the Sophos Community .
Configuring on Sophos UTM requires balancing easy remote access with strong network security. Because AnyDesk uses a dynamic global network of relay servers, it often triggers "Default Drop" rules or SSL inspection blocks. Essential Setup: Allowing AnyDesk Traffic
For organizations that prohibit remote support tools, you can effectively disable AnyDesk by: anydesk sophos utm
To ensure a stable connection, you must whitelist AnyDesk's communication channels within the Sophos UTM environment.
To ensure AnyDesk functions correctly through a Sophos UTM or Sophos Firewall, you must account for its unique behavior: it primarily uses direct IP connections rather than URLs, which often causes it to be blocked by Deep Packet Inspection (DPI) and SSL/TLS scanning. Sophos Community +1 Scenario 1: Allowing AnyDesk Traffic If AnyDesk is being blocked by your Sophos appliance, it is likely due to the firewall's inability to verify AnyDesk's proprietary certificates or its frequent use of relay IPs. Sophos Community +1 Bypass SSL/TLS Inspection : Create a forward-zone for anydesk
: Fallback ports if the primary port is blocked.
By default, AnyDesk uses port (TCP) for direct connections. In a naive setup, an administrator might simply open port 7070 on the firewall and forward it to a target machine. Sophos Community +1 Bypass SSL/TLS Inspection : Fallback
Best for: Small offices with static IP addresses.
Regardless of which connection method you choose, adherence to security protocols is mandatory: