Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 49 replies
  • Subscribers 43 subscribers
  • Views 6514 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Heartbeat - Red in XG but green in Central

Julian Cast

Hello,

we have continuous problem with the heartbeat for some users. 

The endpoint is green and fine but in central it's red. 

Here the last log during the problem (heartbeat log)

a 2021-06-23T06:45:27.764Z [5880:8000] - Received request to enable enhanced application control
a 2021-06-23T06:45:27.771Z [5880:8000] - Sending login status.
a 2021-06-23T06:45:28.098Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T06:45:28.138Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T06:45:41.410Z [5880:8000] - Sending health status: {"admin":1, "health":1, "service":1, "threat":1}
a 2021-06-23T07:15:11.868Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T10:22:33.571Z [5880:7476] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:33.572Z [5880:7476] - Stopped Heartbeat
a 2021-06-23T10:22:33.572Z [5880:7476] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:37.665Z [19648:19496] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:37.666Z [19648:19496] - Starting Heartbeat version 1.11.194.0
a 2021-06-23T10:22:37.666Z [19648:19496] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:38.124Z [19648:16596] - Connection succeeded.
a 2021-06-23T10:22:38.125Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T10:22:38.140Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T10:22:38.400Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T10:22:38.400Z [19648:16596] - Sending login status.
a 2021-06-23T10:22:52.077Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T10:51:43.762Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T11:31:11.576Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T12:44:45.877Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-06-23T13:58:12.169Z [19648:16596] - Connection closed (network error).
a 2021-06-23T13:58:13.181Z [19648:16596] - Connection failed.
a 2021-06-23T14:08:02.495Z [19648:16596] - Connection succeeded.
a 2021-06-23T14:08:02.496Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T14:08:02.510Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T14:08:02.738Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T14:08:02.741Z [19648:16596] - Sending login status.
a 2021-06-23T14:08:03.244Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T14:08:13.160Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T14:54:57.625Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T14:54:57.655Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T15:31:08.146Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:15.057Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:37.141Z [19648:16596] - Connection failed.
a 2021-06-23T15:31:52.423Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:52.423Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:52.438Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:52.450Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:53.728Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:53.729Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:53.747Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:53.761Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:55.000Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:55.000Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:55.015Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:55.145Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T15:31:55.146Z [19648:16596] - Sending login status.
a 2021-06-23T15:32:03.612Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T17:38:13.918Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
a 2021-06-23T21:41:06.153Z [19648:16596] - Connection closed (network error).
a 2021-06-24T06:29:22.504Z [19648:16596] - Connection failed.
a 2021-06-24T06:31:26.179Z [19648:16596] - Connection succeeded.
a 2021-06-24T06:31:26.179Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-24T06:31:26.193Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.21 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-24T06:31:26.483Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-24T06:31:26.483Z [19648:16596] - Sending login status.
a 2021-06-24T06:31:27.846Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-24T06:32:03.946Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-24T06:32:03.995Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-24T06:32:33.202Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-06-24T06:35:38.958Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe

We already contact the Sophos support... 1 month to have the reply from the support. You can imagin that we trying different ways to solve the problem, a momentary solution is re install Sophos but it's not for always.

Thank you !



This thread was automatically locked due to age.
Parents
  • 0

    AS you can see, the heartbeat status switching every minutes ! In central it's green fixed... 

  • 0 in reply to Julian Cast

    that's the very same for us. and on the XG it's always flapping between 1 and 3 in heartbeat.log. Maybe this is happening when the computers are idle. It only happens for a small percentage of devices but I want to know why they appear risky to XG.

    I will mention your case number in my support case. Currently they want me to re-register the XG into central because they cannot put fwcm-heartbeatd.log into debug. See my post community.sophos.com/.../logging-heartbeat-vs-fwcm-heartbeatd-500-opcode-failed

  • 0 in reply to Julian Cast

    Sophos uses a WAN IP for Heartbeat to keep sure, it always hits the Firewall (default gateway). 52.5. 76.173 See: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/SecurityHearbeat.html#:~:text=Communication%20channel,76.173%20on%20port%208347.

    Its actually not the a AWS Ressource, instead its the firewall, acting like this IP. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Now for unknown reason it's green... i don't change anything... pff

  • 0 in reply to Julian Cast

    I guess, the user started using the machine at 9:55

  • 0 in reply to LHerzog

    getting an other machine at risk after the timing changes made above so maybe useless.

    2021-06-29 16:44:52 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <3>
2021-06-30 10:37:48 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <3> -> <1>
2021-06-30 10:37:48 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:37:49 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:38:09 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:38:30 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:38:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:39:18 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
2021-06-30 10:39:19 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
2021-06-30 10:39:19 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:39:19 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:39:20 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:39:20 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:39:30 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:39:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:40:30 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:40:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:41:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:41:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:41:49 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
2021-06-30 10:41:50 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
2021-06-30 10:41:50 INFO EndpointStorage.cpp[17627]:132 endpoint_maclist_cb - Mac list gets replaced for uuid <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>
2021-06-30 10:41:50 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:41:55 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:41:55 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:42:04 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:42:20 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
2021-06-30 10:42:22 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
2021-06-30 10:42:22 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:42:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:42:35 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:43:27 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:43:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:43:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:44:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:44:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:45:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:45:35 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
2021-06-30 10:46:28 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
2021-06-30 10:47:11 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
2021-06-30 10:47:11 INFO EndpointStorage.cpp[17627]:132 endpoint_maclist_cb - Mac list gets replaced for uuid <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>
2021-06-30 10:47:11 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:47:25 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:47:41 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
2021-06-30 10:47:43 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
2021-06-30 10:47:43 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:47:53 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
2021-06-30 10:47:55 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
2021-06-30 10:49:13 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
2021-06-30 10:49:14 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
2021-06-30 10:49:14 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
2021-06-30 10:49:25 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1

    and again I can see the strange HB status of 5

    2021-06-30 10:42:20 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:42:22 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>

    I asked about it here https://community.sophos.com/sophos-xg-firewall/f/discussions/128368/heartbeat-connectivity-change-codes

    and  wrote about some kind of TLS teardown. Whatever this may be.

  • 0 in reply to LHerzog

    Can you check the time of the clients? Maybe its to off to the time set on XG. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LHerzog

    What's TLS teardown?! Seems not to be the same problem for me

  • 0 in reply to LuCar Toni
    LuCar Toni said:
    Can you check the time of the clients?

    will try to get that information.

  • 0 in reply to LHerzog

    so about what happened on that client. This are the events:

    29.06.2021 16:43:54    Kernel-Power    42    (64) Entering Hibernate

    30.06.2021 10:37:29    Kernel-General    1    (5)  Leaving Hibernate and setting clock. 2021‎-‎06‎-‎29T14:43:56.883120300Z in ‎2021‎-‎06‎-‎30T08:37:29.500000000Z . System time synchronized with the hardware clock.

    30.06.2021 10:37:39    Time-Service    37    Time Sync from NTP Server

    30.06.2021 10:41:43    Time-Service    37    Time Sync from NTP Server

    30.06.2021 10:46:28    EventLog    6006    System Shutdown

    30.06.2021 10:46:44    Kernel-General    13  Shutdown at 2021‎-‎06‎-‎30T08:46:44.068562200 (Hardwareclock)

    30.06.2021 10:47:09    EventLog    6005    System Start. Uptime 13 seconds.

    30.06.2021 10:47:21    Time-Service    37    Time Sync from NTP Server

  • 0 in reply to LHerzog

    is your firewall enabled for central management or only connected with disabled management?

    ours is unmanaged, but this is what we want.

  • 0 in reply to LHerzog

    Central Management is enabled. 

Reply Children
No Data
Unfiltered HTML