client connection status

Hello Marcus,

connected (reachable by ping for example) [to] the network

connected to the network has no unconditional meaning - and that you use an example suggests you are to some extent aware of this. Thus you'd have to define the meaning of network connected   in relation to "Sophos Endpoints".

If you think this is finicky consider the following:

• ICMP could be blocked anywhere on the path (including the client)
• the client could be behind a router (or a virtual client) and thus not be reachable from the server
• the client might be "outside" but using a message relay

In these cases you will never be able to see the client as network connected unless it is RMS connected. In most cases you won't be able to use Protect computers if this is what you want to know. But you can't determine whether the client is disconnected because of some issue with RMS, some network issue or simply because it is turned off (as an aside - there is an extra piece of information which is not indicated by SEC, namely the fact that the client's RMS has contacted the server but the connection hasn't been established because of some error).

Likewise a computer with for example Intel's AMT might respond to a ping (and also listen and respond to HTTP requests) even when no OS is loaded.

There is no "natural" definition of network connected and consequently such a feature would not only have to be configurable to be of use but also come with an additional set of requirements - and even then there's be significant limitations. Furthermore to have a "potentially meaningless" column (to avoid this you'd have to be able reliably discern the cases connectivity issue vs. information not available) might violate SEC's design principles.

Christian

Hello Marcus,

connected (reachable by ping for example) [to] the network

connected to the network has no unconditional meaning - and that you use an example suggests you are to some extent aware of this. Thus you'd have to define the meaning of network connected   in relation to "Sophos Endpoints".

If you think this is finicky consider the following:

• ICMP could be blocked anywhere on the path (including the client)
• the client could be behind a router (or a virtual client) and thus not be reachable from the server
• the client might be "outside" but using a message relay

In these cases you will never be able to see the client as network connected unless it is RMS connected. In most cases you won't be able to use Protect computers if this is what you want to know. But you can't determine whether the client is disconnected because of some issue with RMS, some network issue or simply because it is turned off (as an aside - there is an extra piece of information which is not indicated by SEC, namely the fact that the client's RMS has contacted the server but the connection hasn't been established because of some error).

Likewise a computer with for example Intel's AMT might respond to a ping (and also listen and respond to HTTP requests) even when no OS is loaded.

There is no "natural" definition of network connected and consequently such a feature would not only have to be configurable to be of use but also come with an additional set of requirements - and even then there's be significant limitations. Furthermore to have a "potentially meaningless" column (to avoid this you'd have to be able reliably discern the cases connectivity issue vs. information not available) might violate SEC's design principles.

Christian