Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 41 subscribers
  • Views 3789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

E-Mail notification for missing Heartbeat

Pascal_Ammersbach

Hey there,

i have the exact same issue like already written here:

https://community.sophos.com/sophos-xg-firewall/f/discussions/121599/a-computer-is-no-longer-sending-security-heartbeats-to-sophos-firewall

But sadly i cannot view the screenshots provided. Can anyone give me the option to disable the alarm for that specific issue? Heartbeat is missing, mostly because of instable Wi-Fi connection or something else. Its actually not relevant for us so we do not want any E-Mail notification from Sophos Central.

In Sophos Central you can configure email alert frequency by severity/produkt/category but i cannot find that thing to disable it.

I hope you can help me with this.

Thank you in advance!



This thread was automatically locked due to age.
Parents
  • +1

    Since MR5, you can configure the missing heartbeat delay. 

    https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-xg-firewall-v18-mr5--build-586-is-now-available

    • Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status

    console> system synchronized-security
    delay-missing-heartbeat-detection      suppress-missing-heartbeat-to-central
    console> system synchronized-security delay-missing-heartbeat-detection show
    60
    console> system synchronized-security suppress-missing-heartbeat-to-central show
    0  

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    So, i configured the following:

    console> system synchronized-security suppress-missing-heartbeat-to-central

    verified that 

    console> system synchronized-security suppress-missing-heartbeat-to-central show

    returns "0".

    I will report in a few days if the notifications are now turned off.

    Thank you in advance!

  • +1 in reply to Pascal_Ammersbach

    0 means "zero delay". It stands for Seconds until XG will report a missing heartbeat.

    Just to be sure, what this actually means: 

    If you shutdown a client or a service etc. the Heartbeat service will be closed on the client. XG will notice this and expects no traffic anymore. But in some race condition, the client still sends traffic while shutting down. 

    This causes Missing heartbeat alerts.

    You can activate a suppression in seconds to increase the threshold until this message will be generated. For example: You can try to set the value to 60 sec. This means, XG will ignore 60 secs long traffic, even if the heartbeat traffic is stopped. (PS: Only the generation of alerts, the protection feature is still enabled). 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    Thank you for the detailed explanation. I will report the results in 1 or 2 days.

    Current setting:

    console> system synchronized-security suppress-missing-heartbeat-to-central set seconds 60

    verify:

    console> system synchronized-security suppress-missing-heartbeat-to-central show

    should return "60"

    console> system synchronized-security delay-missing-heartbeat-detection show

    Still returns unchanged "60".

  • +1 in reply to Pascal_Ammersbach

    Yes, 60 is the Default Value for this. You can increase it to 120 or you can increase the other threshhold for Alerts send to Central from 0 to 60. 

    __________________________________________________________________________________________________________________

  • +1 in reply to Pascal_Ammersbach

    It's been 2 days now, and we have not received any more of these annyoing notifications. Guess the Problem ist solved now :) Thank you all!

  • 0 in reply to Pascal_Ammersbach

    I have no such command in CLI "system synchronized-security" - anyone know why? There are airgap, appliance_access, and so on, but no synchronized-security :-(

Reply Children
Unfiltered HTML