Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 3010 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall block with reason Heartbeat but User and Computers have green HB

LHerzog

We have a firewall rule allowing access to an internal server. Source and Destination HB must be green, also the rule has "Block clients with no heartbeat" enabled. The rule exists unchanged for years but recently we noticed users complaining that they have no access to the server.

One example from exterday: User logged in at ~ 8:20 AM (6:20Z), had an authentication session on the firewall, the computer had a heartbeatstatus of green according to Livelog and status code of 1 in heartbeatd.log. The same applies for the destination server. It has a stable HB status all the time, livelogs and heartbeatd.log proved that.

Beginning at 10:59 (8:59Z) the user tried to access the server and failed due to HB block. Other

At 14:10 (12:10Z) the issue "healed" magically and the user could access.

At that time there were no changes in HB status of source and destination, nor user authentication.

We could not give adequate answers to the user. Can someone here?

No other user had issues accessing that server at that time.

SFOS is 19.5.2

User Authentication:

Source HB:

Dst HB:

Central device status:

HB log src client:

[2023-08-14 06:20:53.388Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <3> -> <2>
[2023-08-14 06:20:53.388Z] INFO EndpointStorage.cpp[13165]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>
[2023-08-14 06:20:53.531Z] INFO ModuleStatus.cpp[13165]:137 processMessageStatus - Status request received from endpoint: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73 (xxx.xxx.xxx.9) health: 1
[2023-08-14 06:21:01.061Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <2> -> <5>
[2023-08-14 06:21:02.483Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <5> -> <1>
[2023-08-14 06:21:02.483Z] INFO EndpointStorage.cpp[13165]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>
[2023-08-14 06:21:02.678Z] INFO EpStateListBroker.cpp[13165]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73(xxx.xxx.xxx.9)
[2023-08-14 06:21:02.692Z] INFO ModuleStatus.cpp[13165]:137 processMessageStatus - Status request received from endpoint: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73 (xxx.xxx.xxx.9) health: 1
[2023-08-14 10:53:01.384Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <1> -> <5>
[2023-08-14 10:53:02.562Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <5> -> <1>
[2023-08-14 10:53:02.705Z] INFO EpStateListBroker.cpp[13165]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73(xxx.xxx.xxx.9)
[2023-08-14 10:53:02.753Z] INFO ModuleStatus.cpp[13165]:137 processMessageStatus - Status request received from endpoint: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73 (xxx.xxx.xxx.9) health: 1
[2023-08-14 12:53:01.586Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <1> -> <5>
[2023-08-14 12:53:02.787Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <5> -> <1>
[2023-08-14 12:53:02.928Z] INFO EpStateListBroker.cpp[13165]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73(xxx.xxx.xxx.9)
[2023-08-14 12:53:02.947Z] INFO ModuleStatus.cpp[13165]:137 processMessageStatus - Status request received from endpoint: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73 (xxx.xxx.xxx.9) health: 1
[2023-08-14 16:53:01.990Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <1> -> <5>
[2023-08-14 16:53:03.193Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73>: <5> -> <1>
[2023-08-14 16:53:03.343Z] INFO EpStateListBroker.cpp[13165]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73(xxx.xxx.xxx.9)
[2023-08-14 16:53:03.359Z] INFO ModuleStatus.cpp[13165]:137 processMessageStatus - Status request received from endpoint: 2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxbc73 (xxx.xxx.xxx.9) health: 1

HB log dst server:

[2023-07-05 06:50:18.136Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b>: <1> -> <5>
[2023-07-05 06:50:50.337Z] INFO EndpointStorage.cpp[9271]:119 endpoint_connectivity_cb - Connectivity changed for <022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b>: <5> -> <1>
[2023-07-05 06:50:50.338Z] INFO EpStateListBroker.cpp[9271]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b(xxx.xxx.xxx.24)
[2023-07-05 06:50:50.421Z] INFO ModuleStatus.cpp[9271]:137 processMessageStatus - Status request received from endpoint: 022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b (xxx.xxx.xxx.24) health: 1
[2023-08-10 18:39:22.984Z] INFO EndpointStorage.cpp[13165]:80 new_endpoint_cb - Storing new Endpoint with uuid: <022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b>
[2023-08-10 18:39:22.984Z] INFO EndpointStorage.cpp[13165]:119 endpoint_connectivity_cb - Connectivity changed for <022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b>: <0> -> <1>
[2023-08-10 18:39:22.984Z] INFO EndpointStorage.cpp[13165]:151 endpoint_maclist_cb - Mac list gets replaced for uuid <022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b>
[2023-08-10 18:39:23.042Z] INFO EpStateListBroker.cpp[13165]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: 022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b(xxx.xxx.xxx.24)
[2023-08-10 18:39:23.042Z] INFO ModuleStatus.cpp[13165]:137 processMessageStatus - Status request received from endpoint: 022xxxxxxxxxxxxxxxxxxxxxxxxxxxb20b (xxx.xxx.xxx.24) health: 1

local HB log src client:

2023-08-14T06:16:59.579Z [ 5208: 5212] A Starting Heartbeat version 1.17.3508
2023-08-14T06:16:59.579Z [ 5208: 5212] A -------------------------------------------------------------------------------
---------------------
2023-08-14T06:17:02.690Z [ 5208: 6600] A Updating state due to policy change
2023-08-14T06:17:02.702Z [ 5208: 6600] A Updated status, certificates to add: 0, certificates to remove: 0
2023-08-14T06:17:21.114Z [ 5208: 6596] A Connection failed.
2023-08-14T06:19:02.701Z [ 5208: 6584] A Inactive Interfaces changed.
2023-08-14T06:20:02.734Z [ 5208: 6584] A Inactive Interfaces changed.
2023-08-14T06:20:02.734Z [ 5208: 6584] A Active Interfaces:
2023-08-14T06:20:32.702Z [ 5208: 6584] A Inactive Interfaces changed.
2023-08-14T06:20:32.702Z [ 5208: 6584] A Active Interfaces:
        MAC: C0:3E:BA:21:12:F1 - INET: xxx.xxx.xxx.78 - INET6: xxxxx::655, xxxxx:9146
2023-08-14T06:20:54.977Z [ 5208: 6596] A Connection succeeded.
2023-08-14T06:20:54.977Z [ 5208: 6596] A Connected to 'edxxxxxdxxxxxxxxxxxxxxxxxxxxxx3f1b' at IP address 52.5.76.173 on port 8347
2023-08-14T06:20:54.977Z [ 5208: 6596] A Sending network status
2023-08-14T06:20:54.977Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T06:20:55.185Z [ 5208: 6596] A Sending endpoint state list request
2023-08-14T06:20:55.185Z [ 5208: 6596] A Sending login status.
2023-08-14T06:20:55.185Z [ 5208: 6596] A User: xxxxxxxxusername
2023-08-14T06:20:55.185Z [ 5208: 6596] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-08-14T06:21:02.706Z [ 5208: 6584] A Inactive Interfaces changed.
2023-08-14T06:21:02.706Z [ 5208: 6584] A Active Interfaces:
        MAC: 00:FF:08:55:1A:70 - INET: xxx.xxx.xxx.9 - INET6: xxxxxxxxxxxxxx
        MAC: C0:3E:BA:21:12:F1 - INET: xxx.xxx.xxx.78 - INET6: xxxxx::655, xxxxx:9146
2023-08-14T06:21:02.706Z [ 5208: 6596] A Sending network status
2023-08-14T06:21:02.706Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T06:21:02.810Z [ 5208: 6596] A Connection closed (network error).
2023-08-14T06:21:04.100Z [ 5208: 6596] A Connection succeeded.
2023-08-14T06:21:04.100Z [ 5208: 6596] A Connected to 'edxxxxxdxxxxxxxxxxxxxxxxxxxxxx3f1b' at IP address 52.5.76.173 on port 8347
2023-08-14T06:21:04.100Z [ 5208: 6596] A Sending network status
2023-08-14T06:21:04.101Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T06:21:04.298Z [ 5208: 6596] A Received request to enable enhanced application control
2023-08-14T06:21:04.298Z [ 5208: 6596] A Sending endpoint state list request
2023-08-14T06:21:04.298Z [ 5208: 6596] A Sending login status.
2023-08-14T06:21:04.298Z [ 5208: 6596] A User: xxxxxxxxusername
2023-08-14T06:21:04.298Z [ 5208: 6596] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-08-14T06:21:04.378Z [ 5208: 6596] A Received response to endpoint state list request, size: 1
2023-08-14T06:27:21.164Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:27:36.084Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:38:50.823Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:39:05.826Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:39:13.829Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........
2023-08-14T06:39:34.169Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:39:49.172Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:55:51.426Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:56:06.429Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:57:37.185Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:57:52.188Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:58:46.321Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T06:59:01.284Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:03:44.035Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:03:59.034Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:05:39.442Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:06:01.601Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:11:58.429Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files.......
2023-08-14T07:49:40.579Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:50:01.957Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T07:59:41.845Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:00:30.976Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:02:45.276Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:03:00.275Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:07:36.120Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:07:57.815Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:08:12.699Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:12:11.330Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:12:26.201Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:17:46.835Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:18:11.488Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:20:52.238Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:21:41.686Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:23:12.445Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:33:46.487Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:34:01.492Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:37:03.261Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:37:25.337Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:40:00.837Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files.......
2023-08-14T08:40:00.851Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files.......
2023-08-14T08:57:37.393Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T08:57:52.394Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:18:27.765Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:19:03.210Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:33:11.452Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:33:26.452Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:35:01.394Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:36:37.615Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:36:52.616Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:43:36.875Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:47:22.136Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T09:47:37.133Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:00:24.754Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:00:44.917Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:03:09.195Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:13:35.231Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:13:50.233Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:20:07.836Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:22:16.439Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:25:24.425Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:45:25.996Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:48:23.459Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:53:01.431Z [ 5208: 6584] A Active Interfaces:
        MAC: 00:FF:08:55:1A:70 - INET: xxx.xxx.xxx.9 - INET6: xxxxxxxxxxxxxx
        MAC: C0:3E:BA:21:12:F1 - INET: xxx.xxx.xxx.78 - INET6: xxxxx:xxxxxxxxxxx4fe3, xxxxx:xxxxxxxxxxxxxx:e249, xxxxx::655, xxxxx:9146
2023-08-14T10:53:01.431Z [ 5208: 6596] A Sending network status
2023-08-14T10:53:01.432Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T10:53:01.448Z [ 5208: 6596] A Connection closed (network error).
2023-08-14T10:53:02.589Z [ 5208: 6596] A Connection succeeded.
2023-08-14T10:53:02.589Z [ 5208: 6596] A Connected to 'edxxxxxdxxxxxxxxxxxxxxxxxxxxxx3f1b' at IP address 52.5.76.173 on port 8347
2023-08-14T10:53:02.590Z [ 5208: 6596] A Sending network status
2023-08-14T10:53:02.590Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T10:53:02.754Z [ 5208: 6596] A Received request to enable enhanced application control
2023-08-14T10:53:02.754Z [ 5208: 6596] A Sending endpoint state list request
2023-08-14T10:53:02.755Z [ 5208: 6596] A Sending login status.
2023-08-14T10:53:02.755Z [ 5208: 6596] A User: xxxxxxxxusername
2023-08-14T10:53:02.755Z [ 5208: 6596] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-08-14T10:53:02.783Z [ 5208: 6596] A Received response to endpoint state list request, size: 1
2023-08-14T10:53:15.096Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........
2023-08-14T10:53:15.113Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........
2023-08-14T10:56:15.559Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T10:56:30.562Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T11:01:05.792Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T11:01:26.561Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T11:05:51.031Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T11:06:14.044Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T11:12:10.061Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files.......
2023-08-14T11:12:10.081Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files.......
2023-08-14T11:25:41.537Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T11:25:56.537Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:03:28.030Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:04:41.802Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:40:27.403Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:40:42.404Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:48:44.957Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:48:59.957Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:53:01.575Z [ 5208: 6584] A Active Interfaces:
        MAC: 00:FF:08:55:1A:70 - INET: xxx.xxx.xxx.9 - INET6: xxxxxxxxxxxxxx
        MAC: C0:3E:BA:21:12:F1 - INET: xxx.xxx.xxx.78 - INET6: xxxxx::655, xxxxx:9146
2023-08-14T12:53:01.575Z [ 5208: 6596] A Sending network status
2023-08-14T12:53:01.575Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T12:53:01.592Z [ 5208: 6596] A Connection closed (network error).
2023-08-14T12:53:02.753Z [ 5208: 6596] A Connection succeeded.
2023-08-14T12:53:02.753Z [ 5208: 6596] A Connected to 'edxxxxxdxxxxxxxxxxxxxxxxxxxxxx3f1b' at IP address 52.5.76.173 on port 8347
2023-08-14T12:53:02.753Z [ 5208: 6596] A Sending network status
2023-08-14T12:53:02.753Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T12:53:02.916Z [ 5208: 6596] A Received request to enable enhanced application control
2023-08-14T12:53:02.916Z [ 5208: 6596] A Sending endpoint state list request
2023-08-14T12:53:02.916Z [ 5208: 6596] A Sending login status.
2023-08-14T12:53:02.916Z [ 5208: 6596] A User: xxxxxxxxusername
2023-08-14T12:53:02.916Z [ 5208: 6596] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-08-14T12:53:02.953Z [ 5208: 6596] A Received response to endpoint state list request, size: 1
2023-08-14T12:53:15.783Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........
2023-08-14T12:53:15.800Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........
2023-08-14T12:59:08.028Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:59:23.017Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T12:59:38.064Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T13:32:39.944Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T13:32:54.948Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T13:44:53.025Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T13:45:08.030Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T14:47:06.531Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T14:47:21.494Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T15:03:12.165Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T15:03:27.166Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T15:27:21.129Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T15:27:36.130Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T15:50:19.477Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T15:50:34.795Z [ 5208: 6596] A Received notification of endpoint state changes, size: 1
2023-08-14T16:53:01.873Z [ 5208: 6584] A Active Interfaces:
        MAC: 00:FF:08:55:1A:70 - INET: xxx.xxx.xxx.9 - INET6: xxxxxxxxxxxxxx
        MAC: C0:3E:BA:21:12:F1 - INET: xxx.xxx.xxx.78 - INET6: xxxxx:xxxxxxxxxxx4fe3, xxxxx:xxxxxxxxxxxxxx:e249, xxxxx::655, xxxxx:9146
2023-08-14T16:53:01.873Z [ 5208: 6596] A Sending network status
2023-08-14T16:53:01.873Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T16:53:01.889Z [ 5208: 6596] A Connection closed (network error).
2023-08-14T16:53:03.056Z [ 5208: 6596] A Connection succeeded.
2023-08-14T16:53:03.056Z [ 5208: 6596] A Connected to 'edxxxxxdxxxxxxxxxxxxxxxxxxxxxx3f1b' at IP address 52.5.76.173 on port 8347
2023-08-14T16:53:03.057Z [ 5208: 6596] A Sending network status
2023-08-14T16:53:03.057Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
2023-08-14T16:53:03.227Z [ 5208: 6596] A Received request to enable enhanced application control
2023-08-14T16:53:03.227Z [ 5208: 6596] A Sending endpoint state list request
2023-08-14T16:53:03.227Z [ 5208: 6596] A Sending login status.
2023-08-14T16:53:03.227Z [ 5208: 6596] A User: xxxxxxxxusername
2023-08-14T16:53:03.227Z [ 5208: 6596] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-08-14T16:53:03.258Z [ 5208: 6596] A Received response to endpoint state list request, size: 1
2023-08-14T16:53:17.046Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........
2023-08-14T16:53:17.063Z [ 5208: 6596] A Received request to disable enhanced application control for C:\program files\.........

local HB log dst server:

2023-08-13T11:21:55.860Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T02:47:23.517Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T02:47:39.122Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:15:43.056Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:15:58.056Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:26:39.568Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:26:54.570Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:42:13.238Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:42:28.242Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:46:10.631Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:46:25.635Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:55:02.597Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T05:55:29.965Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:27:20.028Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:27:35.028Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:38:50.826Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:39:05.830Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:39:34.172Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:39:49.173Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:55:51.437Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:56:06.441Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:57:37.192Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:57:52.195Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:58:46.284Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T06:59:01.287Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:03:44.036Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:03:59.035Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:05:39.445Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:06:01.605Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:49:40.617Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:50:01.995Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T07:59:41.893Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:00:31.025Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:02:45.326Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:03:00.326Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:07:36.139Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:07:57.717Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:08:12.722Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:09:03.370Z [ 2184: 4160] A Applying new heartbeat policy, RevId: 7de809843bc44fe045c46c82ee723534a21bc5d0b21a5de6953409b4e4affa94
2023-08-14T08:09:03.373Z [ 2184: 2732] A Reporting new heartbeat status: <?xml version='1.0' encoding='UTF-8'?><status version="1.17.1361"><CompRes Res='Same' RevID='7de809843bc44fe045c46c82ee723534a21bc5d0b21a5de6953409b4e4affa94' policyType='27'/></status>
2023-08-14T08:09:51.679Z [ 2184: 4160] A Applying new heartbeat policy, RevId: 422502d211488e4abd6985485574e288ac2bf75eddf738d86c429d8914367ff9
2023-08-14T08:09:51.682Z [ 2184: 2732] A Reporting new heartbeat status: <?xml version='1.0' encoding='UTF-8'?><status version="1.17.1361"><CompRes Res='Same' RevID='422502d211488e4abd6985485574e288ac2bf75eddf738d86c429d8914367ff9' policyType='27'/></status>
2023-08-14T08:10:15.342Z [ 2184: 4160] A Applying new heartbeat policy, RevId: 7de809843bc44fe045c46c82ee723534a21bc5d0b21a5de6953409b4e4affa94
2023-08-14T08:10:15.346Z [ 2184: 2732] A Reporting new heartbeat status: <?xml version='1.0' encoding='UTF-8'?><status version="1.17.1361"><CompRes Res='Same' RevID='7de809843bc44fe045c46c82ee723534a21bc5d0b21a5de6953409b4e4affa94' policyType='27'/></status>
2023-08-14T08:12:11.221Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:12:26.219Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:17:46.848Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:18:11.503Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:20:52.255Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:21:41.702Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:23:12.458Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:33:46.498Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:34:01.502Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:37:03.261Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:37:25.337Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:57:37.408Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T08:57:52.408Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:18:27.775Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:19:03.220Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:33:11.470Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:33:26.470Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:35:01.416Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:36:37.634Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:36:52.670Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:43:36.905Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:47:22.164Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T09:47:37.161Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:00:24.773Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:00:44.936Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:03:09.215Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:13:35.260Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:13:50.263Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:20:07.872Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:22:16.469Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:25:24.453Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:45:26.018Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:48:23.486Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:56:15.587Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T10:56:30.588Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T11:01:05.817Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T11:01:26.586Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T11:05:51.053Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T11:06:14.067Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T11:25:41.569Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T11:25:56.569Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:03:28.091Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:04:41.858Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:40:27.422Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:40:42.423Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:48:44.990Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:48:59.992Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:59:08.072Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:59:23.065Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T12:59:38.069Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T13:32:39.978Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T13:32:54.982Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T13:44:53.050Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T13:45:08.053Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T14:47:06.510Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T14:47:21.513Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T15:03:12.218Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T15:03:27.219Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T15:27:21.200Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T15:27:36.201Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T15:50:19.523Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T15:50:34.842Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T18:06:35.601Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T18:14:49.748Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T18:53:54.824Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T19:06:21.586Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T19:43:31.488Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T19:45:57.710Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T19:46:12.709Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T19:55:30.424Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:03:00.148Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:03:15.148Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:04:02.016Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:04:17.017Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:15:52.269Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:16:07.270Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:27:54.853Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:28:09.856Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:30:12.748Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:45:23.701Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:45:38.704Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:59:24.323Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T20:59:39.326Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:03:10.966Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:03:25.968Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:12:18.701Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:12:33.704Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:19:26.259Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:19:41.261Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:51:10.155Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:51:25.157Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:58:07.879Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T21:58:22.882Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:12:11.227Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:12:26.231Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:17:01.613Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:18:59.724Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:19:14.723Z [ 2184: 2448] A Received notification of endpoint state changes, size: 2
2023-08-14T22:19:29.725Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:31:56.312Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:32:11.312Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:39:38.693Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:41:38.918Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:44:03.016Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:44:18.017Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:51:07.017Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T22:51:22.017Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:03:22.870Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:03:37.872Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:12:59.190Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:13:14.194Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:17:42.518Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:17:57.519Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:28:49.890Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:29:04.890Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:35:51.266Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:36:06.266Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:41:35.699Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:41:50.700Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:48:49.461Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:49:04.463Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-14T23:56:39.749Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-15T00:02:53.400Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1
2023-08-15T00:03:08.403Z [ 2184: 2448] A Received notification of endpoint state changes, size: 1



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Vishal_R

    I have added the client logs above   Thanks for your input.

    I have read about that fix   but without knowing the issue details, it indicates the client would be removed from IPSET hb_green and that would  remove the client here:

    The client was listed there, confirmed that yesterday. screenshot from is today:

Children
  • 0 in reply to LHerzog

    Did the issue start here? 
    2023-08-14T10:53:01.431Z [ 5208: 6584] A Active Interfaces:
    MAC: 00:FF:08:55:1A:70 - INET: xxx.xxx.xxx.9 - INET6: xxxxxxxxxxxxxx
    MAC: C0:3E:BA:21:12:F1 - INET: xxx.xxx.xxx.78 - INET6: xxxxx:xxxxxxxxxxx4fe3, xxxxx:xxxxxxxxxxxxxx:e249, xxxxx::655, xxxxx:9146
    2023-08-14T10:53:01.431Z [ 5208: 6596] A Sending network status
    2023-08-14T10:53:01.432Z [ 5208: 6596] A The network status has changed, the Firewall may disconnect.
    2023-08-14T10:53:01.448Z [ 5208: 6596] A Connection closed (network error).
    2023-08-14T10:53:02.589Z [ 5208: 6596] A Connection succeeded.

    Because your Drops are not indicating, when it started. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    No, that log part is after the issue happened. probably lunch break.

    "Beginning at 10:59 (8:59Z) the user tried to access the server and failed due to HB block."

    That is where the user first tried to access and continued to test the application until 11:14 which always failed.

    After lunch it was tested again and worked at 14:10.

Unfiltered HTML