Thread Info
  • State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 1314 views
  • Users 0 members are here
Options
Suggested

False trigger or a potential threat?

Maroun Moussallem

hello,

it's been a while but recently I encountered the same trigger, Endpoints are not sending hearbeats signal anymore to the firewall.

no documentation on how to work around this issue.

any idea?

thank you.



Added Tags
[edited by: GlennSen at 11:56 AM (GMT -7) on 3 Oct 2024]
  • 0

    Hi  ,

    Good day!

    Thanks for reaching out to the Sophos Community Forum.  

    This can happen if the option to block clients with no heartbeat is turned on in your firewall rule and the internal/external DNS is configured as the primary DNS on the firewall. This primary DNS will not be resolved, as the client is blocked from resolving it when the firewall rule blocks clients with no heartbeat.

    • Make sure that all your endpoints have access to the network to get the new certificate from Sophos Central.
    • Temporarily turn off Block clients with no heartbeat in the firewall rule if the internal DNS resolution fails. Turn it on once the endpoints are updated.

    Please refer to this article for more information.

    Yogalakshmi
    Sophos Digital Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    hi  ,

    Thank you for your support,

    Idk if I described my issue well, an email that I received recently, on the computer nothing looks strange after investigating, sophos is saying that it might be compromised.

    Please check the below,

    Sophos Central Event Details

    What happened: A computer is no longer sending security heartbeat signals to the Sophos Firewall but is still sending network traffic. The computer may be compromised.

    How severe it is: High

    What Sophos has done so far: The Sophos Firewall may have restricted the computer’s network access (depending on the policy your company set).

    What you need to do: Contact the Sophos Firewall administrator to find out more.

     

Unfiltered HTML