This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Heartbeat reported on XG Firewall doesn't match status of Endpoint or Sophos Central

So we have a odd problem that has been happening randomly but until recently usually would clear itself pretty quickly but now isn't.  We have a XG310 firewall and Sophos Endpoint on all our clients.  On the firewall is a VPN -> LAN rule and we are using the heartbeat section as such:

This makes sure no "red" clients are allowed and also that no employees try to install the VPN client on another machine other then one we have approved.  This works exactly as it should, clients can connect so we can log it but they can't communicate.

However yesterday I got a call from a user who was connected to the VPN but couldn't access anything.  Looking at their Sophos Endpoint it's all green with no events.  Check Sophos Central and same, green status.  Not a single bad event in their Endpoint event log.  But look at the XG itself under the Heartbeat section shows some red:

Clicking that "5 at risk" lists their machine as having a Red status.  So the firewall is blocking them because it thinks they have a red status but their actual machine and Sophos Central show green.

What causes this and how do we fix it?  I've seen things pop up into that list and then disappear a few minutes later but recently we've had clients pop up red that are green in every other way and stay there for hours.



This thread was automatically locked due to age.
Parents Reply Children