Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 26 replies
  • Answers 1 answer
  • Subscribers 16 subscribers
  • Views 20730 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall marking Endpoint to "at risk" - Endpoint reporting Heartbeat Status 3

LHerzog

Why is this endpoint reporting Heartbeat Status Red to our XG Firewall this morning? Status "At Risk"!

As result the user cannot access most applications.

XG Showing this:

Central is showing this:

XG Log:

XG430_WP02_SFOS 18.0.5 MR-5-Build586# grep "xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx" /log/heartbeatd.log
2021-06-14 09:28:19 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <3> -> <1>
2021-06-14 09:28:19 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.40)
2021-06-14 09:28:25 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.40) health: 3
2021-06-14 09:32:00 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>, Application path :C:\134program files (x86)\134mozilla firefox\134firefox.exe
2021-06-14 09:32:50 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <1> -> <5>
2021-06-14 09:32:53 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <5> -> <1>
2021-06-14 09:32:53 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.40)
2021-06-14 09:32:55 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.40) health: 3
2021-06-14 09:37:01 INFO SacProcessor.cpp[17627]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>, Application path :C:\134program files (x86)\134mozilla firefox\134firefox.exe
2021-06-14 10:02:23 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <1> -> <3>
2021-06-14 10:02:31 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <3> -> <1>
2021-06-14 10:02:31 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.15)
2021-06-14 10:02:34 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.15) health: 3
2021-06-14 10:13:31 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <1> -> <3>
2021-06-14 10:13:34 INFO EndpointStorage.cpp[17627]:114 endpoint_connectivity_cb - Connectivity changed for <xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx>: <3> -> <1>
2021-06-14 10:13:35 INFO EpStateListBroker.cpp[17627]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx(SSL-VPN-IP.10)
2021-06-14 10:13:44 INFO ModuleStatus.cpp[17627]:138 processMessageStatus - Status request received from endpoint: xxxxxxx-4c58-4236-9dbc-xxxxxxxxxxx (SSL-VPN-IP.10) health: 3



This thread was automatically locked due to age.

Top Replies

  • in reply to LHerzog +2 suggested

    Hello LHerzog,

    It looks like this release has been pushed back once again. Some issues were found with legacy operating systems, which have since been resolved. The next release is scheduled to be completed as of October 14th. 

    Jump to answer
Parents
  • 0

    The only thing that stands out is the services missing or stopped - do you have access to the machine? If yes, open the Endpoint Self-Help tool and see if it reports the same. If it does - then see which service is at fault and correct it. If it doesn't, take a look at the registry and see if the key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Status has anything other than 1 for admin, health, service, or threat.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • 0

    The only thing that stands out is the services missing or stopped - do you have access to the machine? If yes, open the Endpoint Self-Help tool and see if it reports the same. If it does - then see which service is at fault and correct it. If it doesn't, take a look at the registry and see if the key HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Status has anything other than 1 for admin, health, service, or threat.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Cookie Information Banner