I had a question about Sophos Heartbeat issue. I am attaching the network diagram. In short, there is a central firewall (XG) and all the branch firewalls (XG) are connected via MPLS as a WAN ( they get their internet from the central firewall ) . All branches and the central firewall all have endpoints which are installed with the CIXA ( only one central account for all the firewalls and branches ). We have synchronized each of the branch firewalls with the single central account. My question is, is it possible to see ALL the branch endpoints to send their heartbeat status to the central firewall ONLY. We dont mind de-registering the branch office firewalls for synchronized security. Is this possible ?
Hi Kandarp Desai1 Unfortunately, it is not possible because of MPLS as WAN so end machine will not send actual IP but they will forward that WAN interface IP.It can work if MPLS is configured as LAN/DMZ zone and traffic should not be NAT. We require a direct connection from an endpoint to magic IP of XG firewall 18.104.22.168.
KeyurCommunity Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
Thanks for the helpful reply.