Thread Info
  • Replies 9 replies
  • Subscribers 3 subscribers
  • Views 15444 views
  • Users 0 members are here
Options
Suggested

Security Heartbeat not working

manlius-ny

I'm running a fresh installation in a VMWare environment.  A Windows 8.1 and Windows Server 2012R2 device are both behind the firewall.  Both of these devices are running Sophos Central Endpoint\Server protection and heartbeat is active.  The firewall is registered in the same Central account as the devices.

On the endpoint I'm getting the following in the heartbeat.log file:

2017-09-13T18:54:24.215Z [ 2756] INFO RequestSender::SendRequest Sending login request.
2017-09-13T18:54:24.215Z [ 2756] INFO RequestSender::SendRequest Sending network request. Active Interfaces: MAC: D4:BE:D9:11:40:97 - INET: 10.10.11.100 - INET6:
2017-09-13T18:54:24.215Z [ 2756] INFO RequestSender::SendRequest Sending status request. Current status is -> health: Good(1) service: Good(1) threat: Good(1)
2017-09-13T19:00:28.361Z [ 2756] INFO RetryCalculator::Notify Connection closed (network error).
2017-09-13T19:00:50.404Z [ 2756] INFO RetryCalculator::Notify Connection failed.
2017-09-13T19:00:50.404Z [ 2756] INFO RetryCalculator::Notify Connection re-establish delay value is now 15 seconds
2017-09-13T19:02:17.696Z [ 2756] INFO RetryCalculator::Notify Connection succeeded.
2017-09-13T19:02:17.696Z [ 2756] INFO RetryCalculator::Notify Connection re-establish delay value is now 1 seconds

Nothing is showing up in the heartbeat log on the firewall.

Security Heartbeat is working fine on all of my other XG devices.

Any ideas what might be causing this behavior with v17 Beta 1?

Parents

  • Also, it might be a different issue but I suspect it is connected--Synchronized Application Control is not discovering any Applications in use by the devices behind the firewall.

  • in reply to manlius-ny

    Hello manlius-ny,

    how old is your Sophos Central account? I had the same problem and due to an expired internal Sophos Central account certificate.

    Another condition for the correct operation of Security Heartbeat and Synchronized Application Control is participation in Early Access Programs, specifically Intercept X New Features. Then Security Heartbeat and Synchronized Application work reliably. 

    Regards

    alda

Reply
  • in reply to manlius-ny

    Hello manlius-ny,

    how old is your Sophos Central account? I had the same problem and due to an expired internal Sophos Central account certificate.

    Another condition for the correct operation of Security Heartbeat and Synchronized Application Control is participation in Early Access Programs, specifically Intercept X New Features. Then Security Heartbeat and Synchronized Application work reliably. 

    Regards

    alda

Children
  • in reply to alda

    Alda, thanks for the reply.  Other XG firewalls in the same central account register HB without issue.  The expired internal cert would affect all firewalls, so that likely isn't the issue.  I've got the Intercept X EAP active on the Windows 8.1 client behind this particular firewall.

     

    Keep this ideas coming--I'd like to get this solved.

  • in reply to manlius-ny

    Hello manlius-ny,

    ok, its solved. Did you registered your XG v17 firewall with the main Sophos Central account  ( with which your Sophos Central account was created ) to your Sophos Central account and do you see this XG Firewall in the Global Setting - Registered Firewall Appliances as Active?

    Sorry, there are several conditions that need to be met to make Security Heartbeat and Synchronized Application Control fully functional.

    Regards

    alda

     

    P.S. What version do you see in Sophos Central Client under About? You must have Core Agent 11.6.1 and Sophos Intercept X 3.7.0. At least.

Unfiltered HTML