Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 41 subscribers
  • Views 1323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does ATP work if XG only used as an internet proxy?

Robert Russom

Hi all. Former WSA user that is now on XG for internet proxy usage. I know some XG features such as Security Heartbeat and Synchronized Application Control don't work unless the XG is the default gateway for the network, but what about ATP? No point in it logging traffic if it's not doing anything.

 

Thanks!



This thread was automatically locked due to age.
  • 0

    Synchronized Security Features work without Default Gateway.

    Simply redirect the "Heartbeat Magic IP" to XG, and XG will build up the communication Channel between all clients. 

    The Client will try to reach: 52.5.76.173 and port 8347. Thats the Magic IP. 

    If XG is not the Gateway, simply redirect this IP with this Port to XG. 

     

    ATP Should work in such Scenario. But why should there be Drops in ATP? Did you actually use something in ATP? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    At the end of a four support call to try and get synchronized security features working between the XG and Central, a developer was brought onto the call and the first words out of his mouth were "It doesn't work if the XG isn't the default gateway."

    You're saying I should put a NAT rule on my external firewall to redirect 52.5.76.173:8347 back to the XG? Is that going to affect my clients' heartbeat to Central?

     

    >"ATP Should work in such Scenario. But why should there be Drops in ATP? Did you actually use something in ATP? "

    Don't follow. I'm not seeing anything ATP related

  • 0 in reply to Robert Russom

    Lets wrap up:

     

    Endpoint talks to a XG Firewall via 52.5.76.173:8347. 

    The Endpoint can only talk to one XG at the time. 

    XG will intercept this connection. 

    So if you have another XG as Gateway, this will not work, but if the XG (as Web proxy) is your only XG, this should work. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Only one XG. The external firewall is an ASA.

    I'll definitely give it a try, thanks.

  • +1 in reply to Robert Russom

    Hi  

    I see this thread was asking about ATP yet you got answers on security heartbeat.

    In any case, in order to get effective ATP use of the XG, the XG should be used as the primary DNS server address for the workstations to use.

    ATP should work fine without the XG being the default gateway of the network, but will require the XG to be used as primary DNS address.  If this is not done, you will get ATP reports about your primary DNS server in use reaching out to known C2C servers.  Where the actual fact is that the client is doing DNS lookup of the URL and your DNS server is then forwarding the request out.  

    Update this thread if you managed to get it working.

    Thanks!

    KingChris
    Community Support | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to KingChris

    Thanks. I can't use the XG as a DNS server, so I'll just have to rely on Central Advanced features and my IPS to block C&C traffic and not worry about the XG's ATP. We didn't get the XG for that anyway, but would have used the feature, if available.

Unfiltered HTML