Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Howto combine 'Match known users' and 'Block clients with no heartbeat'

I could not figure out the details about traffic matching critera and further filtering within firewall rules.

Can someone clarify what will happen if you select "Match known users" and "Block clients with no heartbeat"?
Will the rule block no heartbeat traffic only for selected users or will also block traffic for users authenticated but not selected?

So will user and heartbeat-selection match as AND or as OR?

I'd like to create a rule at top, allowing very few users wide access, but only if they're authenticated AND have heartbeat.
As source, destination and service will match way more devices and users, i don't want to block them using "Block clients with no heartbeat" in first rule.

Or would the correct way to achieve this require Green minimum heartbeat instead using "Block clients with no heartbeat"?



Added TAGs
[edited by: Raphael Alganes at 10:49 AM (GMT -7) on 15 Oct 2024]
Parents
  • Hi  ,

    Thank you for reaching out to the community, Sophos Firewall communicates with the Sophos Central IP address, 52.5.76.173, on port 8347 for heartbeat communication.

    So you can create a rule action accordingly.  "Block Clients without Heartbeat" = NAC with Sophos Endpoint.

    Green/Yellow/No Restriction Minimum = In Case you clients only with a certain HB status in your network communicating. 

    You need only one rule. Its not a selection criteria, instead only a on top control feature for your desired network.

    You want only HB Clients to communicate through XG? Select the checkbox, XG will block everything else, what does not have a Endpoint installed. 

    You want only green HB Clients talking to WAN? Select green as minimum requirement and block everything without. 

    You have a mixed setup, some clients with EP, some without in one network. Dont select to block Clients without and use HB only if available. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi  ,

    Thank you for reaching out to the community, Sophos Firewall communicates with the Sophos Central IP address, 52.5.76.173, on port 8347 for heartbeat communication.

    So you can create a rule action accordingly.  "Block Clients without Heartbeat" = NAC with Sophos Endpoint.

    Green/Yellow/No Restriction Minimum = In Case you clients only with a certain HB status in your network communicating. 

    You need only one rule. Its not a selection criteria, instead only a on top control feature for your desired network.

    You want only HB Clients to communicate through XG? Select the checkbox, XG will block everything else, what does not have a Endpoint installed. 

    You want only green HB Clients talking to WAN? Select green as minimum requirement and block everything without. 

    You have a mixed setup, some clients with EP, some without in one network. Dont select to block Clients without and use HB only if available. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children