How synchronise security work with sophos intercept x when the firewall is in bridge mode?

Hey Jingeo,

Have you also followed the steps to enable and verify heartbeat? Please see here for KBA reference.

Related: Sophos XG Firewall v17: How to configure Synchronized Application Control (SAC)

Regards,

i already enabled these steps earlier,everything activated and i cannot see any heartbeats.it is showing zero connected

Hi,

I think you need to dig deeper.

Go to the shell and log for the hbtrust.log and heartbeat.log in /log/  (Advanced Shell).

I got confirmation from sophos team that synchronous feature works only with an endpoint.Intercept x alone cannot give security heartbeat

I am quite sure that Intercept X only works fine with XG HB / App control. 

Tested it today with my test env. 

I am quite sure that Intercept X only works fine with XG HB / App control. 

Tested it today with my test env. 

Hi All,

Intercept X does not contain SAV engine and ony contains ML, Exploit prevention ,Sophos Clean ,RCA and Heartbeat  . True it does contain Heartbeat and does work with Sophos XG ,

Logs from the machine

18.352519 PortA, IN: IP 192.168.20.5.49772 > 52.5.76.173.8347: Flags [P.], ack 1, win 2053, length 141
21:37:18.352532 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [.], ack 142, win 237, length 0
21:37:18.352824 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [.], ack 142, win 237, length 1460
21:37:18.352865 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [.], ack 142, win 237, length 1460
21:37:18.352888 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [P.], ack 142, win 237, length 1176
21:37:18.353402 PortA, IN: IP 192.168.20.5.49772 > 52.5.76.173.8347: Flags [.], ack 4097, win 2053, length 0
21:37:18.478755 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [P.], ack 142, win 237, length 1073
21:37:18.491187 PortA, IN: IP 192.168.20.5.49772 > 52.5.76.173.8347: Flags [P.], ack 5170, win 2048, length 1305
21:37:18.492208 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [P.], ack 1447, win 260, length 7
21:37:18.492548 PortA, OUT: IP 52.5.76.173.8347 > 192.168.20.5.49772: Flags [R.], seq 5177, ack 1447, win 260, length 0

Heartbeat.log

2018-08-22 21:40:37 INFO HBSessionHandler.cpp[2358]:89 removeDirtySessions - Number of sessions: 0
2018-08-22 21:40:38 INFO HBSessionHandler.cpp[2358]:116 findPinnedEndpointIdentity - Number of sessions: 1
2018-08-22 21:40:38 INFO HBSession.cpp[2358]:468 logNewSession - New Session: [192.168.20.5]:7618 connected
2018-08-22 21:40:38 INFO EndpointStorage.cpp[2358]:114 endpoint_connectivity_cb - Connectivity changed for <bc46ed33-2f7c-47ec-8c1d-57263131c9b7>: <4> -> <1>
2018-08-22 21:40:38 INFO ModuleEac.cpp[2358]:98 sendEacMessage - send EacSwitchRequest to endpoint (IP=192.168.20.5)