This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Heartbeat Error

Can someone explain why having Security Heartbeat Enabled on the firewall AND central wireless is a problem? I keep getting the following error:

"Security Heartbeat with Endpoint is enabled for both Firewall and Central Wireless". I am trying to determine which should I use if I cannot use both.

Thank you,

Wilk4013



This thread was automatically locked due to age.
  • Hi Wilk4013,

    When you have an AP managed by Sophos Central, the traffic from endpoints under the AP do not go to the XG.  Since the XG is not getting health status information from the endpoints, it cannot enforce Security Heartbeat.

  • Hi MEric,

    Please excuse my lack of experience with the Sophos Central manged AP. I see all of the traffic from my managed endpoint in my firewall logs so it is my observation that the "traffic" is being seen by the XG. Is it that the specific Heartbeat or endpoint health status traffic is not passed thru to the XG from the APX320 when the APX320 has security heartbeat turned on?

    Thanks

    Wilk4013

  • https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/SecurityHearbeat.html

     

    The endpoint tries to reach a Public IP with Port 8347. 

    The first instance in this setup will pick up the communication and start to talk to the Endpoint. 

     

    If you enable heartbeat on your APX, it will pickup the Heartbeat communication for all Clients and enable the Heartbeat to the APX. 

    Therefore the communication will not reach XG Firewall and you will not have a Heartbeat on XG. 

     

    That is simply the indication in Central, it warns you, that HB will not be forwarded to XG in those cases. 

    If you want to have the other XG Features like Synchronized App Control etc. you need to disable Heartbeat on the APX.

    __________________________________________________________________________________________________________________

  • LuCar Toni,

    Thank you very much. Just what I needed.

  • Hello,

    This will be fixed in the upcoming central wireless release v2.3 where the admin will be given an option to choose the terminating point of the sync sec heartbeat. You can choose the heartbeat from the endpoint to be sent to XG while that of the UEM's can terminate on central.

    Regards,

    Tejas