rumors of Heartbeat disabled for Windows Server 2012 R2 - true?

Hi,

I just read this article: https://borncity.com/win/2022/11/15/windows-server-2012-r2-sophos-user-authentication-using-heartbeat-disabled-on-rds-servers/

saying a customer found out tha his Windows 2012 R2 Servers no longer send their heartbeat status to the XG/S Firewall after Sophos disabled that feature.

Sounds serious.

Can Sophos confirm that is true?

I cannot report this from our side - our 2012 R2 machines have heartbeat -  but the reason may be that the relevant updates have not yet been pushed by central in our region.

Looking forward to your answers on that thing.

edit:

I want to add: the blog post is a bit mixed up - writing of SATC, User authentication and heartbeat things. SATC has been replaced by Intercept-X - I know.



Added TAGs
[edited by: Qoosh at 11:59 PM (GMT -8) on 12 Dec 2022]
Parents
  • Hi LHerzog, as you suggested I think there is some confusion around some different technologies in that blog post.  

    SATC(Sophos Authentication for Thin Client), which enables the Sophos Firewall to authenticate users accessing a server or remote desktop, used to be available as a stand alone agent but is now included with Sophos Central Server Protection in Sophos Central.  As mentioned it is currently only supported on Windows Server 2016 and later.  We had previously provided access to a potential workaround approach for older operating systems via an Early Access (beta) program but as with all beta software and features provided by Sophos, capabilities provided via Early Access programs may be discontinued at any time and may not be made Generally Available (GA) and unfortunately that was the situation here.

    There is an alternative method in version 19 of the Firewall that doesn’t provide quite the same level of integration with the Firewall, but can at least identify individual users’ web traffic from Remote Desktop servers. This is a potential solution for customers looking to continue to run Server 2012 R2 until they get to upgrading.  The feature is “Per-connection authentication” and is documented here: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationConfigurePerConnectionAuth/index.html.  You can also find a tech on that topic here: https://techvids.sophos.com/watch/nPQbf634vyUSqHYCd8SDS7

    Security Heartbeat is an unrelated feature that allows endpoints and firewalls to share their health status with each other and as you suggest there are no issues with Windows Server 2012 R2.

    Hope that provides some clarity for you.

    Thanks,

    Kevin

Reply
  • Hi LHerzog, as you suggested I think there is some confusion around some different technologies in that blog post.  

    SATC(Sophos Authentication for Thin Client), which enables the Sophos Firewall to authenticate users accessing a server or remote desktop, used to be available as a stand alone agent but is now included with Sophos Central Server Protection in Sophos Central.  As mentioned it is currently only supported on Windows Server 2016 and later.  We had previously provided access to a potential workaround approach for older operating systems via an Early Access (beta) program but as with all beta software and features provided by Sophos, capabilities provided via Early Access programs may be discontinued at any time and may not be made Generally Available (GA) and unfortunately that was the situation here.

    There is an alternative method in version 19 of the Firewall that doesn’t provide quite the same level of integration with the Firewall, but can at least identify individual users’ web traffic from Remote Desktop servers. This is a potential solution for customers looking to continue to run Server 2012 R2 until they get to upgrading.  The feature is “Per-connection authentication” and is documented here: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationConfigurePerConnectionAuth/index.html.  You can also find a tech on that topic here: https://techvids.sophos.com/watch/nPQbf634vyUSqHYCd8SDS7

    Security Heartbeat is an unrelated feature that allows endpoints and firewalls to share their health status with each other and as you suggest there are no issues with Windows Server 2012 R2.

    Hope that provides some clarity for you.

    Thanks,

    Kevin

Children