This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security heartbeat notification

hi, we are having this message each time we just connected the laptop to the network "A computer is no longer sending security heartbeat signals to the Sophos Firewall but is still sending network traffic. The computer may be compromised." but the status of the endpoint is green and all seemed to be operational

Could someone help how to resolve this, or do we have to configure something on the XG firewall?

Thanks



This thread was automatically locked due to age.
  • Hi

    Under Alerts, are you seeing any specific error for this particular machine? On the endpoint machine could you please check if all the Sophos services are running fine? 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Could it be something to do with the sleep settings - maybe "Networking connectivity in Standby".  Could it be that the computer is capable of sending network traffic which hits the XG but the network, as far as the Network Threat Protection service goes it can't send network information.  Maybe have a look at the Power Options of the Laptop.

  • Hi, 

    I have checked all the services are running fine. i have this message for all laptops connected to the network in the morning everyday.

  • This will be a timing issue. The computer spins up and sends traffic (Packet A) but the heartbeat hasn't completed yet (Packet B). Therefore, the firewall drops Packet A and then gets Packet B and switches things to green - so Packet C is allowed.

    Sleep mode can cause this and reboots. 

    One thing to check is what your firewall traffic rules are - each rule can have a heartbeat setting - do you have it set to have both requiring a heartbeat plus a specific level of heartbeat? I usually don't suggest this - just choose one. So, either the rule requires any heartbeat or it requires a certain level of heartbeat (this includes the previous element so having both is a bit redundant). 

    Hope this helps.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.