Sophos Firewall: v18.5 MR2: Feedback and experiences

Installed and all our workstation Heartbeats are missing (after rebooting workstations).

Quite an issue as heartbeats are required for all workstation connectivity. Had to physically connect to the XG to put a temporary access rule in.

Here is a KB about this state: https://support.sophos.com/support/s/article/KB-000043489?language=en_US

LuCar Toni can you clarify something for me?

Is it just DNS that has to be allowed (which is what the article says) or does internet access have to be explicitly allowed to?

As you know I have experienced this issue with the upgrade and before that, when I had to re-register my XG in Central. In our setup, as well as blocking access to DNS when there is no Heartbeat, we also block internet access when there is no Heartbeat. The article says you only need access to DNS, is that because there is a system firewall rule in XG which will bypass our rules to allow internet access to download the certificate? Or would we also need to allow internet access without a Heartbeat as well?

SFOS has a rule internally to allow traffic to Central to allow the pattern updates etc. So if there is a client, trying to reach Central, it is generally allowed. But this does not work, if the client cannot resolve the DNS record in the first place. So the client tries to resolve central.sophos.com, gets denied by the missing HB / RED Heartbeat, cannot resolve the DNS and stops working. If you allow the client to resolve DNS, it will be generally speaking allowed to communicate and restore the HB. 

Thanks for confirming this. On the two occasions I have had this issue, I also allowed internet access either first, or at the same time, as allowing DNS so I have never tried it with DNS only.

Thanks for confirming this. On the two occasions I have had this issue, I also allowed internet access either first, or at the same time, as allowing DNS so I have never tried it with DNS only.