Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 3 answers
  • Subscribers 12 subscribers
  • Views 7306 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall reported computer not sending heartbeat signals

LHerzog

Since November an increasing number of endpoints is reported from Central with "Sophos Firewall SN reported computer not sending heartbeat signals"

We upgraded our HQ XG from 18.5.4 to 19.0.1 on  Nov 12th but the issue started already before as you can see from the screenshots.

Before that, we only received this alerts occasionally.  Sometimes the message comes multiple times per day for a machine, then a few days no message is created even if the computer is still in use.

What is the issue here?

Central Region is Central Europe

One Computer:



This thread was automatically locked due to age.

Top Replies

  • in reply to LHerzog +2 suggested

    I was able to get some additional feedback on this from our team. 

    The decision-making process behind when these alerts are generated will take place entirely on the firewall. Only if network traffic continues to be routed to the firewall without heartbeat traffic periodically, will the alert be generated.

    Do you know if the NIC on the affected device remains active/communicating on the network while the system is in hibernate mode? What could also help is checking the power saver settings in Device Manager to check if the NIC is configured to stop communicating when the device enters a sleep state.

    There are a couple of options available from the XG Console which can limit the frequency at which these alerts/events are generated in Sophos Central. I will follow up with you via PM to share these.

    Jump to answer
  • 0 in reply to emmosophos

    thanks! I opended case 06153996 maybe you put a hint there for the tech.

  • 0 in reply to LHerzog

    that case is like a blind flight I guess.
    that's all done so far.


    console> system synchronized-security delay-missing-heartbeat-detection show
    285
    console> system synchronized-security suppress-missing-heartbeat-to-central show
    120
    console>

  • 0 in reply to LHerzog

    Hello LHerzog,

    Thank you for the update, I can see your case is now with GES for further investigation.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Support tech found this which is what I already posted above: (modern) standby causes those issues.
    Asking me to disable standby, which is not a desired workaround.

    We've already had a case open in 2021 with SFOS 18.0.5: 04121743  Endpoints reporting "at risk"to XG firewall but Sophos Central showing no issues.

    Support tech wrote there: "I believe from the logs you have provided, I do see that it went from a green connected state to a red missing heartbeat state multiple times back to back. This occurs when heartbeat traffic from the device is no longer sent to the firewall, typically after the machine enters sleep/wakes from sleep or gets disconnected.

    I believe that the endpoints were having issues connecting or enters sleep/wakes from sleep very quickly that the updates were not relayed to central in time therefore it didn't show up there."

    2023-03-28T13:58:53.665Z [ 5156: 5160] I Received Screen Off notification: Endpoint entering Modern Standby


    2023-03-28T13:58:58.229Z [ 4800: 6088] D Failed to connect: system:10065.
    2023-03-28T13:58:58.229Z [ 4800: 6088] D + Connection::OnConnectError()
    2023-03-28T13:58:58.229Z [ 4800: 6088] A Connection failed.

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Cookie Information Banner