False trigger or a potential threat?

Question

hello, 
 
 it's been a while but recently I encountered the same trigger, Endpoints are not sending hearbeats signal anymore to the firewall. 
 no documentation on how to work around this issue. 
 
 any idea? 
 thank you.

Yogalakshmi · Answer

Hi Maroun Moussallem , 
 Good day! 
 Thanks for reaching out to the Sophos Community Forum. 
 This can happen if the option to block clients with no heartbeat is turned on in your firewall rule and the internal/external DNS is configured as the primary DNS on the firewall. This primary DNS will not be resolved, as the client is blocked from resolving it when the firewall rule blocks clients with no heartbeat. 
 
 Make sure that all your endpoints have access to the network to get the new certificate from Sophos Central. 
 Temporarily turn off Block clients with no heartbeat in the firewall rule if the internal DNS resolution fails. Turn it on once the endpoints are updated. 
 
 Please refer to this article for more information.