Hello, we performed a firewall migration from an XG450 model to the XGS4500 model last weekend. The firewalls are in a HA configuration. The migration process worked seamlessly. The primary firewall is working with no issue, all services started. To…

I could not figure out the details about traffic matching critera and further filtering within firewall rules. Can someone clarify what will happen if you select "Match known users" and "Block clients with no heartbeat"? Will the rule block no heartbeat…

Our firewall rules with block clients with no HB and green HB only enabled, blocked this client today during the HB status on the firewall was reported as green. I cannot see a reason - any idea? I don't like to create special rules for this client. The…

Heartbeat is always a bit tricky here. As we have several rules with block clients with no HB, the impact off technical heartbeat issues is always high. Endpoints have the latest official Client versions from Central. Currently 2024.2.3.4.0 For…

We have several Sophos Firewalls, and most of them are showing correct Synchronized Security information in Sophos Central. For Example: Two of these firewalls above aren't showing any data about Applications or endpoints. I've checked the firewalls…

Hello, I've recieved a request from a client asking to change the message from this notification whenever a user that is connected to the cabled network and changes to the Wi-Fi network. I'm not sure if the message is being sent by the Firewall…

We have remote users to connect to a Sophos SSLVPN. We then create the following filewall rule between them and the servers to ensure that they have Sophos AV installed and that there are no issues on either side. Unfortunately, when we do this, no-one…

Hi, i'm actually setting up Sophos Heartbeat on a Sophos XG135 (Cluster). We're using Sophos Intercept X and Sophos Connect (SSL-VPN) on our clients. My setup with heartbeat used in firewall rules at our HQ seems to work without any issues; but i…

Hallo in die Runde, entschuldigt die evtl. etwas einfache Frage. Ich möchte gern der den LAN-Netzwerkverkehr eines Nutzers blocken, wenn sein Heartbeat nicht "grün" ist. Ich habe bereits Regeln angelegt, für den Verkehr zwischen LAN und VPN / RED…

Is there any way to create a policy so hosts that are not in compliance cannot access the internal network? Example: If the host does not have AV and CrowdStrike installed and active, access to the internal network or VPN is not allowed, therefore,…

We have a rule that is configured with heartbeat like this: A device had heartbeat days ago but currently has no heartbeat. XG430_WP02_SFOS 19.5.3 MR-3-Build652 HA-Primary# ipset -L hb_green |grep 172.16.xxx.xxx XG430_WP02_SFOS 19.5.3 MR-3-Build652…

Hello, I regitered my Sophos in Sophos Central and tried to activate Security Hearbeat. But I get following message: (sorry thats in german) Security Heartbeat ist aufgrund der Lizenzen nicht verfügbar. Überprüfen Sie Ihre Lizenzen. Wenden Sie sich…

We notice strange Heartbeat issues this week when users of one department started desk sharing. Users have indiividual notebooks with Intercept-X. The Network is connected to XG firewall SFOS 19.0.1. DHCP Server on the Network. XG gets the Heartbeat…

We have a client currently that is only connected with LAN. The client is reporting network changes the the firewall every few minutes and generates a new HB session. Causing many interruptins for the user. The client computer remains connected to the…

How to remove a non-existing endpoint from Sophos Firewall Control Center which shows the endpoint with "missing hearbeat" state 175 days ago. The endpoint was decomissioned and Sophos endpoint uninstalled and removed from Sophos Central about 6 months…

is that something to worry about in the heartbeatd.log? This is logged quite frequently on our SFOS 19.0.1 box [2023-03-16 14:18:04.039Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxxxxxxxxx…

Sophos XG 19.5.0 GA When choosing Applications->Synchronized Application Control on the side menu, a warning pops up about enabling Synchronized application control. There is a bug that caused the window to not be sized properly.

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Hi Community, After restoring the backup on the HA enabled appliance…

Hi, after I changed port type from dhcp (using firewall behind ips router) to pppoe (using fw to establish connection). I cannot register with Sophos Central using email and OTP or enable Red service. Internet works but quite slow (will open another…

Is it possible to use Sophos Intercept X with XG Home?

Hi Community, we have problems with missing heartbeats. following scenario: Branch office connected via IPsec to main branch, both XG. In the main branch there are resources that can only be reached with a heartbeat. Since a few weeks the clients…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…

Hello, is there any way how to tell Heartbeat function to use AD username format? By default its using "local" username format and every Heartbeat try ends up as failed. Strange is that some common users like "lunches (obedy)", "office dept" etc.…

Hi, I have a quick question about Security Heartbeat. Imagine, you have a FW rule on your XG with Security Heartbeat enabled: green source, green destination No user authentication required on that rule. Now, someone not belonging to your company…

I have recently noticed that all our servers with Intercept X Advanced for Server do not show the 'user' details in the logs and any user based firewall rules fail (obviously). This is with a user logged in via Remote Desktop. These are domain joined…