Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 1248 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Apple MAC active directory users not registering on XGS firewall

AlexanderPoettinger

A customer has a major number of Apple MAC OS computers.
The Devices are Active Directory joined, all have Sophos Endpoint Protection installed, the users log onte the computers with active directory credentials.

All the customer's locations have Sophos XGS firewalls with full Sophos Central connection activated.

All the Windows Clients/Users are beeing correctly registered as active users on the firewalls.

From the Apple MAC OS computers/users we cannot even see any log-on process on the firewalls logs.

The customer wants to implement user-based firewall rules
We need therfore to have the Apple MAC OS users register consistently on the firewall as active users.

How can we do this?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Do you see health status events in heartbeat.log for endpoint installed on MAC OS? This event indicated that the endpoint has sent health status to XG.

    Example log snippet:

    a 2019-10-23T18:39:41.780Z [4616:5628] - Sending login status.

    a 2019-10-23T18:39:51.211Z [4616:5628] - Sending health status: {"admin":1, "health":1, "service":1, "threat":1}

  • 0 in reply to FormerMember

    Good morning, I cannot find a "heartbeat.log" file under "/log" on the firewall(s).

    There is only a "heartbeatd.log" file there.

    There I can see as an example the following entry for a MAC OS client:

    [2021-10-14 10:06:47.939] INFO HBSession.cpp[8756]:502 logNewSession - New Session: [10.13.8.90]:46569 connected
    [2021-10-14 10:06:47.978] INFO EndpointStorage.cpp[8756]:114 endpoint_connectivity_cb - Connectivity changed for <14e242a0-0e3c-4f14-a84d-a854274bc262>: <5> -> <1>
    [2021-10-14 10:06:47.978] INFO ModuleSacFirst.cpp[8756]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=10.13.8.90)
    [2021-10-14 10:06:47.978] INFO ModuleStatus.cpp[8756]:138 processMessageStatus - Status request received from endpoint: 14e242a0-0e3c-4f14-a84d-a854274bc262 (10.13.8.90) health: 1

    Is it what you were looking for?

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

Reply
  • 0 in reply to FormerMember

    Good morning, I cannot find a "heartbeat.log" file under "/log" on the firewall(s).

    There is only a "heartbeatd.log" file there.

    There I can see as an example the following entry for a MAC OS client:

    [2021-10-14 10:06:47.939] INFO HBSession.cpp[8756]:502 logNewSession - New Session: [10.13.8.90]:46569 connected
    [2021-10-14 10:06:47.978] INFO EndpointStorage.cpp[8756]:114 endpoint_connectivity_cb - Connectivity changed for <14e242a0-0e3c-4f14-a84d-a854274bc262>: <5> -> <1>
    [2021-10-14 10:06:47.978] INFO ModuleSacFirst.cpp[8756]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=10.13.8.90)
    [2021-10-14 10:06:47.978] INFO ModuleStatus.cpp[8756]:138 processMessageStatus - Status request received from endpoint: 14e242a0-0e3c-4f14-a84d-a854274bc262 (10.13.8.90) health: 1

    Is it what you were looking for?

    Alexander Poettinger

    Sophos Certified Architect - XG
    Sophos Certified Technician - XG
    Sophos Certified Engineer - UTM

    xame gmbh
    Sophos Gold Partner

Children
No Data
Unfiltered HTML