Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 12 subscribers
  • Views 1626 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

rumors of Heartbeat disabled for Windows Server 2012 R2 - true?

LHerzog

Hi,

I just read this article: https://borncity.com/win/2022/11/15/windows-server-2012-r2-sophos-user-authentication-using-heartbeat-disabled-on-rds-servers/

saying a customer found out tha his Windows 2012 R2 Servers no longer send their heartbeat status to the XG/S Firewall after Sophos disabled that feature.

Sounds serious.

Can Sophos confirm that is true?

I cannot report this from our side - our 2012 R2 machines have heartbeat -  but the reason may be that the relevant updates have not yet been pushed by central in our region.

Looking forward to your answers on that thing.

edit:

I want to add: the blog post is a bit mixed up - writing of SATC, User authentication and heartbeat things. SATC has been replaced by Intercept-X - I know.



This thread was automatically locked due to age.

Top Replies

  • +4 verified

    Hi LHerzog, as you suggested I think there is some confusion around some different technologies in that blog post.  

    SATC(Sophos Authentication for Thin Client), which enables the Sophos Firewall to authenticate users accessing a server or remote desktop, used to be available as a stand alone agent but is now included with Sophos Central Server Protection in Sophos Central.  As mentioned it is currently only supported on Windows Server 2016 and later.  We had previously provided access to a potential workaround approach for older operating systems via an Early Access (beta) program but as with all beta software and features provided by Sophos, capabilities provided via Early Access programs may be discontinued at any time and may not be made Generally Available (GA) and unfortunately that was the situation here.

    There is an alternative method in version 19 of the Firewall that doesn’t provide quite the same level of integration with the Firewall, but can at least identify individual users’ web traffic from Remote Desktop servers. This is a potential solution for customers looking to continue to run Server 2012 R2 until they get to upgrading.  The feature is “Per-connection authentication” and is documented here: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Authentication/HowToArticles/AuthenticationConfigurePerConnectionAuth/index.html.  You can also find a tech on that topic here: https://techvids.sophos.com/watch/nPQbf634vyUSqHYCd8SDS7

    Security Heartbeat is an unrelated feature that allows endpoints and firewalls to share their health status with each other and as you suggest there are no issues with Windows Server 2012 R2.

    Hope that provides some clarity for you.

    Thanks,

    Kevin

    Jump to answer
Parents
  • +1

    Hi LHerzog,

    I can confirm, that SATC (included in endpoint) is not supported in 2012R2 any longer. We had a long case with Sophos / GES for this problem. Sophos stopped support for this with the lates Core agent and it will not be supported again. If you want to use user authentication on 2012R2 RDS server “Per-connection authentication” (using old direct proxy technology) is the only solution.

    Regards,

    Sebastian

Reply
  • +1

    Hi LHerzog,

    I can confirm, that SATC (included in endpoint) is not supported in 2012R2 any longer. We had a long case with Sophos / GES for this problem. Sophos stopped support for this with the lates Core agent and it will not be supported again. If you want to use user authentication on 2012R2 RDS server “Per-connection authentication” (using old direct proxy technology) is the only solution.

    Regards,

    Sebastian

Children
  • 0 in reply to SebastianMies

    Thanks for confirming that situation. I hope it may help others using 2012 R2 RDS Servers with user authentication against the firewall.   can you please tell the Intercept-X Version (probably Core Agent) that stopped supporting that feature for Server 2012 R2?

  • 0 in reply to LHerzog

    Hi LHerzog,

    As per my first message, while it was available for a period of time for Server customers who had enrolled in our 'New Server Protection Features' Early Access Beta program, the SATC functionality was never made generally available to customers on Windows Server 2012 R2.  It was officially released and supported for Windows Server 2016 and above when our 2022.2 Core Agent was released.

    Thanks,

    Kevin

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Cookie Information Banner