Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 45 replies
  • Answers 1 answer
  • Subscribers 44 subscribers
  • Views 8900 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Heartbeat using wrong username

Jakub Kavka

Hello,

is there any way how to tell Heartbeat function to use AD username format? By default its using "local" username format and every Heartbeat try ends up as failed.

Strange is that some common users like "lunches (obedy)", "office dept" etc. use AD format by default and then Heartbeat successfully logs in.

Another strange thing is altought HB fails to log in, there are no missing HB and all HB are green..

thanks



This thread was automatically locked due to age.
  • +1 in reply to Jakub Kavka

    Heartbeat is not User Authentication. Heartbeat is "Service of Endpoint is ok". The endpoint is doing his part and send the authentication. The firewall is just not able to authenticate. This is not a reason to change the heartbeat. 

    You can fix this on the firewall. You can create another AD Server on the firewall and using the other Domain name. By doing this approach, the firewall will be able to authenticate with the other domain name, which is likely missing currently. 

    SFOS blocks the creation of another AD server with the same IP. So to have the option to create another AD Server on SFOS with the same IP, create a FQDN Host on the firewall, call it "AD1" and point to the AD Server IP. You can use in Authentication - Server this AD1 and create it with the "other domain name". This should resolve your issue. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    yea, sAMAccountName is really in this format. Now the question is, how to handle this situation. Dont really want to change this variable in AD, it might breake some other service outside of Sophos stuff.

    And why is Hearthbeat green, when almost every user failing to log in with HB?

  • 0

    Heartbeat (on endpoint) does a checkup on the format of your username. It checks, if the SAMAccountname and Domain name differentes from the UPN. If case, it is different, it sends only the SAMAccountname to the Firewall. Then the firewall will match it against all AD Servers. Check your AD and this particular user. You find under Advanced View the SAMAccountname. 

    __________________________________________________________________________________________________________________

  • 0

    Hi,

    please advise XG version (software) you are running?
    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML