Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 3 answers
  • Subscribers 12 subscribers
  • Views 6449 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall reported computer not sending heartbeat signals

LHerzog

Since November an increasing number of endpoints is reported from Central with "Sophos Firewall SN reported computer not sending heartbeat signals"

We upgraded our HQ XG from 18.5.4 to 19.0.1 on  Nov 12th but the issue started already before as you can see from the screenshots.

Before that, we only received this alerts occasionally.  Sometimes the message comes multiple times per day for a machine, then a few days no message is created even if the computer is still in use.

What is the issue here?

Central Region is Central Europe

One Computer:



This thread was automatically locked due to age.
  • 0 in reply to emmosophos

    thanks! I opended case 06153996 maybe you put a hint there for the tech.

  • 0 in reply to LHerzog

    that case is like a blind flight I guess.
    that's all done so far.


    console> system synchronized-security delay-missing-heartbeat-detection show
    285
    console> system synchronized-security suppress-missing-heartbeat-to-central show
    120
    console>

  • 0 in reply to LHerzog

    Hello LHerzog,

    Thank you for the update, I can see your case is now with GES for further investigation.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Support tech found this which is what I already posted above: (modern) standby causes those issues.
    Asking me to disable standby, which is not a desired workaround.

    We've already had a case open in 2021 with SFOS 18.0.5: 04121743  Endpoints reporting "at risk"to XG firewall but Sophos Central showing no issues.

    Support tech wrote there: "I believe from the logs you have provided, I do see that it went from a green connected state to a red missing heartbeat state multiple times back to back. This occurs when heartbeat traffic from the device is no longer sent to the firewall, typically after the machine enters sleep/wakes from sleep or gets disconnected.

    I believe that the endpoints were having issues connecting or enters sleep/wakes from sleep very quickly that the updates were not relayed to central in time therefore it didn't show up there."

    2023-03-28T13:58:53.665Z [ 5156: 5160] I Received Screen Off notification: Endpoint entering Modern Standby


    2023-03-28T13:58:58.229Z [ 4800: 6088] D Failed to connect: system:10065.
    2023-03-28T13:58:58.229Z [ 4800: 6088] D + Connection::OnConnectError()
    2023-03-28T13:58:58.229Z [ 4800: 6088] A Connection failed.

Unfiltered HTML