Hello, we performed a firewall migration from an XG450 model to the XGS4500 model last weekend. The firewalls are in a HA configuration. The migration process worked seamlessly. The primary firewall is working with no issue, all services started. To…

I could not figure out the details about traffic matching critera and further filtering within firewall rules. Can someone clarify what will happen if you select "Match known users" and "Block clients with no heartbeat"? Will the rule block no heartbeat…

Our firewall rules with block clients with no HB and green HB only enabled, blocked this client today during the HB status on the firewall was reported as green. I cannot see a reason - any idea? I don't like to create special rules for this client. The…

Heartbeat is always a bit tricky here. As we have several rules with block clients with no HB, the impact off technical heartbeat issues is always high. Endpoints have the latest official Client versions from Central. Currently 2024.2.3.4.0 For…

Hello, I've recieved a request from a client asking to change the message from this notification whenever a user that is connected to the cabled network and changes to the Wi-Fi network. I'm not sure if the message is being sent by the Firewall…

We have remote users to connect to a Sophos SSLVPN. We then create the following filewall rule between them and the servers to ensure that they have Sophos AV installed and that there are no issues on either side. Unfortunately, when we do this, no-one…

Hi, i'm actually setting up Sophos Heartbeat on a Sophos XG135 (Cluster). We're using Sophos Intercept X and Sophos Connect (SSL-VPN) on our clients. My setup with heartbeat used in firewall rules at our HQ seems to work without any issues; but i…

Is there any way to create a policy so hosts that are not in compliance cannot access the internal network? Example: If the host does not have AV and CrowdStrike installed and active, access to the internal network or VPN is not allowed, therefore,…

We have a rule that is configured with heartbeat like this: A device had heartbeat days ago but currently has no heartbeat. XG430_WP02_SFOS 19.5.3 MR-3-Build652 HA-Primary# ipset -L hb_green |grep 172.16.xxx.xxx XG430_WP02_SFOS 19.5.3 MR-3-Build652…

Hi, We have two firewalls configured on same central account. What we would like to do is connect sophos end points and send HB on firstl firewall but if somehow they first firewall goes down the users will connect on the second firewall through IPSEC…

We notice strange Heartbeat issues this week when users of one department started desk sharing. Users have indiividual notebooks with Intercept-X. The Network is connected to XG firewall SFOS 19.0.1. DHCP Server on the Network. XG gets the Heartbeat…

I have an XGS 3100 firewall. In the Control Center, I see Connected Remote Users and Liove Users. Everyone in the former group appears in the Live group, but the Live Users group contains one or more "Heartbeat" users. I don't know why they are there…

We have a client currently that is only connected with LAN. The client is reporting network changes the the firewall every few minutes and generates a new HB session. Causing many interruptins for the user. The client computer remains connected to the…

How to remove a non-existing endpoint from Sophos Firewall Control Center which shows the endpoint with "missing hearbeat" state 175 days ago. The endpoint was decomissioned and Sophos endpoint uninstalled and removed from Sophos Central about 6 months…

is that something to worry about in the heartbeatd.log? This is logged quite frequently on our SFOS 19.0.1 box [2023-03-16 14:18:04.039Z] INFO EndpointStorage.cpp[32722]:110 endpoint_connectivity_cb - Connectivity changed for <xxxxxxxxxxxxxxxxxxx…

Hello, we have noticed a strange issue with Security Heartbeat. Devices often only gain access to the network several minutes after booting. The Heartbeat.log on the endpoint says that the connection initially failed. The heartbeatd.log on the firewall…

First this seems to be a client issue, because I'm not getting reports of others being affected, but I have seen this happen with different clients over time with Sophos and the only resolution I've found so far has been to restart the computer. I'd…

Hi Community, we have problems with missing heartbeats. following scenario: Branch office connected via IPsec to main branch, both XG. In the main branch there are resources that can only be reached with a heartbeat. Since a few weeks the clients…

Some of our endpoints are blocked because of missing heartbeat. The heartbeat.log from the endpoint: 2022-05-30T12:56:17.558Z [ 3812: 4508] A ---------------------------------------------------------------------------------------------------- 2022…

Hello I recently (today) activated the Sophos Central management of my home computer based firewall. Oddly - now I happen to notice that the heartbeat feature is no longer available to me. (Says license expired for the Intercept X. Perhaps I'm missing…

Hello community, we are using VMware Horizon VDI to realize HomeOffice for our collegues mainly to virtual machines. We have configured Sophos Heartbeat to realize user based firewall rules. This works great for us from VDI machines and workstations…

Hi, I found this old thread and would like to know if this has somehow changed. https://community.sophos.com/sophos-xg-firewall/f/discussions/125923/can-heartbeat-information-be-shared-across-firewalls My idea is to share HB accross multiple sites…

Hi folks, my CM account appears to have a configuration issue regarding heartbeat, so the question is how do I refresh the account or delete it so that I can start a new account (home use)? Ian

Hi, I have been receiving e-mails from Sophos advising one or more of my XGs does not have current version. So, today I decided to investigate further. 1/. a brand new XG115w with the latest version of the software according to the notice still has…

Hello, is there any way how to tell Heartbeat function to use AD username format? By default its using "local" username format and every Heartbeat try ends up as failed. Strange is that some common users like "lunches (obedy)", "office dept" etc.…