Why is this endpoint reporting Heartbeat Status Red to our XG Firewall this morning? Status "At Risk"!
As result the user cannot access most applications.
XG Showing this:
Central is showing this:
XG Log:
XG430_WP02_SFOS 18.0.5 MR-5-Build586# grep "xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx" /log/heartbeatd.log 2021-06-14 09:28:19 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <3> -> <1> 2021-06-14 09:28:19 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.40) 2021-06-14 09:28:25 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.40) health: 3 2021-06-14 09:32:00 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>, Application path :C:\134program files (x86)\134mozilla firefox\134firefox.exe 2021-06-14 09:32:50 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <1> -> <5> 2021-06-14 09:32:53 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <5> -> <1> 2021-06-14 09:32:53 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.40) 2021-06-14 09:32:55 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.40) health: 3 2021-06-14 09:37:01 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>, Application path :C:\134program files (x86)\134mozilla firefox\134firefox.exe 2021-06-14 10:02:23 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <1> -> <3> 2021-06-14 10:02:31 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <3> -> <1> 2021-06-14 10:02:31 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.15) 2021-06-14 10:02:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.15) health: 3 2021-06-14 10:13:31 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <1> -> <3> 2021-06-14 10:13:34 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <3> -> <1> 2021-06-14 10:13:35 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.10) 2021-06-14 10:13:44 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.10) health: 3
Hi LHerzog,
I have the same behaviour on some Lenovo notebooks. Do you have a solution yet?I just had a 90 minute support session with Sophos support. Result: Client/Firewall/Central communication OK. I was advised to reinstall Central on the client and then report back to support.
Best
M
Hello, Dr Brezner no solution found so far.
I opened the case with XG team, now they moved it over to the Intercept X Team, because they believe the change is from the Endpoint. This is what I think too.
They requested the following:
Could you please send a fresh SDU logs from the Endpoint/Server and please enable remote assistance to Sophos Central.
I'm currently collecting this information.
We noticed it on Dell Notebooks and a MS Surface. All with some native or USB-C Docks. Partially connected to LAN and WiFi at the same time (may be some issue).
we were discussing a similar issue here as well: community.sophos.com/.../sophos-heartbeat---red-in-xg-but-green-in-central
Sounds good. We have more and more clients with this problem. All the described work arounds did not help or only in the short term.
Hello everyone, we have the same problem with some clients. Particularly with DELL laptops. I hope the SOPHOS team can fix this issue shortly.
check, if they have energy option S0 active. The probably do.
cmd: powercfg /a
If so this may be set to e.g. S3 as workaround until end of Semptember until the new Version of Core Agent 2.19.7 is released.
Thanks LHerzog, we are going to test it while we wait for the new agent version.
Hey Sophos, i've been told that Core Agent 2.19.7 will get pushed by Sept. 28th at the latest. So now we have 30th and I'm still at 2.19.6.
Is this delay expected?
EMEA / Central Europe Region
Hello LHerzog,
It looks like this release has been pushed back once again. Some issues were found with legacy operating systems, which have since been resolved. The next release is scheduled to be completed as of October 14th.
thanks for this update Qoosh
So the first tests make me confident!
do you have the new Core agent? We're still missing it.