Since the Upgrade of our XG 5 days ago which was parallel with the Sophos Central Updates during the weekend, I can see some very old red heartbeat sessions
I blieve this is a bug. In fact I wonder if it is really possible that there is a heartbeatsession older than the last reboot of XG.
The IP Addresses reported on XG belong to other machines today but in central we have two computers appearing with that IP and one has a very old timestamp
The issue has been resolved by a HA failover.
This has been caused by Network maintenance my colleagues did tonight.
So no more zombie HB sessions today.
The primary node has changed.
would Support be able to remove this zombie HB session?
Heartbeat is sometimes trick in terms of this, if you have a dynamic network. Means: The firewall expects a heartbeat from this IP, but maybe there is a IOT Device take over this IP and uses this to communicate? Are those IPs free or currently in use?
it is not IOT devices taking over the IP. Normal computers, having their own heartbeat.
We've just notified this after a XG node crash and / or firmware update. maybe this is a stale HB connection that a previously primary peer had, became passive node and is now back active node and revived this zombie HB session from it's hb cache?
Eventually a host failover could fix it, but don't want to do that whithout forced to do so.
This example is generating the issue every day at the same time:
I checked the IP and it is not active.
also this IP is currently not listed anywhere in Central:
opened a support case for this so others can refer to it if they might have this, too.