Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Heartbeat - Red in XG but green in Central

Hello,

we have continuous problem with the heartbeat for some users. 

The endpoint is green and fine but in central it's red. 

Here the last log during the problem (heartbeat log)

a 2021-06-23T06:45:27.764Z [5880:8000] - Received request to enable enhanced application control
a 2021-06-23T06:45:27.771Z [5880:8000] - Sending login status.
a 2021-06-23T06:45:28.098Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T06:45:28.138Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T06:45:41.410Z [5880:8000] - Sending health status: {"admin":1, "health":1, "service":1, "threat":1}
a 2021-06-23T07:15:11.868Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T10:22:33.571Z [5880:7476] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:33.572Z [5880:7476] - Stopped Heartbeat
a 2021-06-23T10:22:33.572Z [5880:7476] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:37.665Z [19648:19496] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:37.666Z [19648:19496] - Starting Heartbeat version 1.11.194.0
a 2021-06-23T10:22:37.666Z [19648:19496] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:38.124Z [19648:16596] - Connection succeeded.
a 2021-06-23T10:22:38.125Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T10:22:38.140Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T10:22:38.400Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T10:22:38.400Z [19648:16596] - Sending login status.
a 2021-06-23T10:22:52.077Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T10:51:43.762Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T11:31:11.576Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T12:44:45.877Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-06-23T13:58:12.169Z [19648:16596] - Connection closed (network error).
a 2021-06-23T13:58:13.181Z [19648:16596] - Connection failed.
a 2021-06-23T14:08:02.495Z [19648:16596] - Connection succeeded.
a 2021-06-23T14:08:02.496Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T14:08:02.510Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T14:08:02.738Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T14:08:02.741Z [19648:16596] - Sending login status.
a 2021-06-23T14:08:03.244Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T14:08:13.160Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T14:54:57.625Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T14:54:57.655Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T15:31:08.146Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:15.057Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:37.141Z [19648:16596] - Connection failed.
a 2021-06-23T15:31:52.423Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:52.423Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:52.438Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:52.450Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:53.728Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:53.729Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:53.747Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:53.761Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:55.000Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:55.000Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:55.015Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:55.145Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T15:31:55.146Z [19648:16596] - Sending login status.
a 2021-06-23T15:32:03.612Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T17:38:13.918Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
a 2021-06-23T21:41:06.153Z [19648:16596] - Connection closed (network error).
a 2021-06-24T06:29:22.504Z [19648:16596] - Connection failed.
a 2021-06-24T06:31:26.179Z [19648:16596] - Connection succeeded.
a 2021-06-24T06:31:26.179Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-24T06:31:26.193Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.21 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-24T06:31:26.483Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-24T06:31:26.483Z [19648:16596] - Sending login status.
a 2021-06-24T06:31:27.846Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-24T06:32:03.946Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-24T06:32:03.995Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-24T06:32:33.202Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-06-24T06:35:38.958Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe

We already contact the Sophos support... 1 month to have the reply from the support. You can imagin that we trying different ways to solve the problem, a momentary solution is re install Sophos but it's not for always.

Thank you !



This thread was automatically locked due to age.
Parents
  • AS you can see, the heartbeat status switching every minutes ! In central it's green fixed... 

  • that's the very same for us. and on the XG it's always flapping between 1 and 3 in heartbeat.log. Maybe this is happening when the computers are idle. It only happens for a small percentage of devices but I want to know why they appear risky to XG.

    I will mention your case number in my support case. Currently they want me to re-register the XG into central because they cannot put fwcm-heartbeatd.log into debug. See my post community.sophos.com/.../logging-heartbeat-vs-fwcm-heartbeatd-500-opcode-failed

  • Sophos uses a WAN IP for Heartbeat to keep sure, it always hits the Firewall (default gateway). 52.5. 76.173 See: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/SecurityHearbeat.html#:~:text=Communication%20channel,76.173%20on%20port%208347.

    Its actually not the a AWS Ressource, instead its the firewall, acting like this IP. 

    __________________________________________________________________________________________________________________

  • Now for unknown reason it's green... i don't change anything... pff

  • I guess, the user started using the machine at 9:55

  • getting an other machine at risk after the timing changes made above so maybe useless.

    2021-06-29 16:44:52 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <3>
    2021-06-30 10:37:48 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <3> -> <1>
    2021-06-30 10:37:48 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:37:49 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:38:09 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:38:30 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:38:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:39:18 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:39:19 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
    2021-06-30 10:39:19 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:39:19 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:39:20 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:39:20 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:39:30 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:39:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:40:30 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:40:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:41:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:41:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:41:49 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:41:50 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
    2021-06-30 10:41:50 INFO EndpointStorage.cpp[17627]:132 endpoint_maclist_cb - Mac list gets replaced for uuid <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>
    2021-06-30 10:41:50 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:41:55 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:41:55 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:42:04 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:42:20 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:42:22 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
    2021-06-30 10:42:22 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:42:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:42:35 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:43:27 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:43:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:43:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:44:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:44:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:45:31 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:45:35 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 3
    2021-06-30 10:46:28 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:47:11 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
    2021-06-30 10:47:11 INFO EndpointStorage.cpp[17627]:132 endpoint_maclist_cb - Mac list gets replaced for uuid <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>
    2021-06-30 10:47:11 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:47:25 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:47:41 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:47:43 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
    2021-06-30 10:47:43 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:47:53 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
    2021-06-30 10:47:55 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    2021-06-30 10:49:13 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:49:14 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>
    2021-06-30 10:49:14 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx(xxx.xxx.xxx.93)
    2021-06-30 10:49:25 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx (xxx.xxx.xxx.93) health: 1
    

    and again I can see the strange HB status of 5

    2021-06-30 10:42:20 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <1> -> <5>
    2021-06-30 10:42:22 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxx-e49a-42ea-add5-xxxxxxxxxxxx>: <5> -> <1>

    I asked about it here https://community.sophos.com/sophos-xg-firewall/f/discussions/128368/heartbeat-connectivity-change-codes

    and  wrote about some kind of TLS teardown. Whatever this may be.

  • Can you check the time of the clients? Maybe its to off to the time set on XG. 

    __________________________________________________________________________________________________________________

  • What's TLS teardown?! Seems not to be the same problem for me

  • Can you check the time of the clients?

    will try to get that information.

  • so about what happened on that client. This are the events:

    29.06.2021 16:43:54    Kernel-Power    42    (64) Entering Hibernate

    30.06.2021 10:37:29    Kernel-General    1    (5)  Leaving Hibernate and setting clock. 2021‎-‎06‎-‎29T14:43:56.883120300Z in ‎2021‎-‎06‎-‎30T08:37:29.500000000Z . System time synchronized with the hardware clock.

    30.06.2021 10:37:39    Time-Service    37    Time Sync from NTP Server

    30.06.2021 10:41:43    Time-Service    37    Time Sync from NTP Server

    30.06.2021 10:46:28    EventLog    6006    System Shutdown

    30.06.2021 10:46:44    Kernel-General    13  Shutdown at 2021‎-‎06‎-‎30T08:46:44.068562200 (Hardwareclock)

    30.06.2021 10:47:09    EventLog    6005    System Start. Uptime 13 seconds.

    30.06.2021 10:47:21    Time-Service    37    Time Sync from NTP Server

  • is your firewall enabled for central management or only connected with disabled management?

    ours is unmanaged, but this is what we want.

  • Central Management is enabled. 

Reply Children
No Data