This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security heartbeat notification

hi, we are having this message each time we just connected the laptop to the network "A computer is no longer sending security heartbeat signals to the Sophos Firewall but is still sending network traffic. The computer may be compromised." but the status of the endpoint is green and all seemed to be operational

Could someone help how to resolve this, or do we have to configure something on the XG firewall?

Thanks



This thread was automatically locked due to age.
Parents
  • This will be a timing issue. The computer spins up and sends traffic (Packet A) but the heartbeat hasn't completed yet (Packet B). Therefore, the firewall drops Packet A and then gets Packet B and switches things to green - so Packet C is allowed.

    Sleep mode can cause this and reboots. 

    One thing to check is what your firewall traffic rules are - each rule can have a heartbeat setting - do you have it set to have both requiring a heartbeat plus a specific level of heartbeat? I usually don't suggest this - just choose one. So, either the rule requires any heartbeat or it requires a certain level of heartbeat (this includes the previous element so having both is a bit redundant). 

    Hope this helps.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • This will be a timing issue. The computer spins up and sends traffic (Packet A) but the heartbeat hasn't completed yet (Packet B). Therefore, the firewall drops Packet A and then gets Packet B and switches things to green - so Packet C is allowed.

    Sleep mode can cause this and reboots. 

    One thing to check is what your firewall traffic rules are - each rule can have a heartbeat setting - do you have it set to have both requiring a heartbeat plus a specific level of heartbeat? I usually don't suggest this - just choose one. So, either the rule requires any heartbeat or it requires a certain level of heartbeat (this includes the previous element so having both is a bit redundant). 

    Hope this helps.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data