Hi together,
to use Intercept X with heartbeat firewall policies sucessfully, we have to be able to ensure, that once a network device with endpoint protection connects to the network, the first thing that happens is, that the endpoint protection client sends a heartbeat signal, so that the firewall is aware of the devices green status and firewall policies that allow traffic, start matching.
In the following thread I am already discussing such a dependency in regards of SSL-VPN connections, where it clearly leads to issues, that the heartbeat signal sometimes takes minutes to be sent.
So simple question is: How can I trigger such a heartbeat signal manually? We need to find something like a scripted solution that fires upon any network changes on the devices maybe ideas from this post will help us: https://serverfault.com/questions/26056/how-can-i-run-a-script-when-my-network-connection-changes
I would indeed expect, that Endpoint Protection does this on its very own with Intercept-X in mind but as you can see in the other thread, it does not or at least too late.
If triggering reliable heartbeats on any network change is not possible, it pretty much renders the whole heartbeat/intercept-x concept unusable imho
because it will result in very unpredictable networking issues, when our 3000 devices randomly need to wait a few minutes to get access to the company network. Starting with missing network drives, continue messing with database connections of applications that would be executed before a heartbeat was sent (unlucky user) and leading to an incident hell, that noone wants to introduce in their network.
How is this system considered to be used in general? Anyone with a successful implementation out there? Would love to have a fruitful conversation around this topic.
Kind regards,
David
This thread was automatically locked due to age.
