Security Heartbeat could not sync from Sophos central

Below is the list of actions that were taken

  • Network connection is Endpoint > Sophos Firewall > PEPLink (Load balancer) > ISP
  • The customer advises that there’s no blocking in the PEPlink device
  • Heartbeat service is running
  • The test machine is using the IP address from the internal firewall
  • Core agent is installed in the test machine
  • Magic IP (52.5.76.173) is unreachable from the endpoint device via ICMP or via port 8347
  • Run packet capture and see one-way traffic
  • This is also the same with tcpdump
  • Enable the test firewall rule but still the same
  • Hbtrust.log shows the message user devices list is empty and nothing to fetch from Central
  • No error in heartbeat.log
  • Restarted the heartbeat but still the same
  • The firewall does not show any endpoint certificate (epcert)
  • The XML file from the endpoint does not show the endpoint certificate


Added tags
[edited by: GlennSen at 5:29 AM (GMT -8) on 27 Jan 2023]