Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 3286 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with Security Heartbeat

Eric Kindell

Hi,

 

We and some other partners has problem getting Security Heartbet working on our XG->Endpoints->central.

Getting warnings that endpoints no longer sending heartbeat to the XG and the client/server gets isolated. But there is no problem with the client.

Running 17.5 MR3 but it was the same with 17.0, 17.1, 17.5 MR1.

 

Do you running Security heartbeat in prod?

 

Dose it work? Or do you also have problems?

 

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I've had the same issue with blocked endpoints since the missing heartbeat feature was introduced a couple of years ago. It worked fine in SFOS 15.x.x were endpoints got blocked only at red heartbeat, not at missing heartbeat.

    Endpoints usually report missing or red heartbeat for a few seconds up to a couple of minutes right after a reboot, when they wake up from standby or after being idle for some time even though they have not gone into standby.

    I disabled heartbeat detection on all firewall rules and noticed that the flapping between green/red/missing drastically decreased which makes me believe this is a performance/capacity issue. When heartbeat detection is enabled on relevant firewall rules I receive numerous email from Sophos Central on missing heartbeat and the user experience is awful with random sign outs from web apps etc. I opened a support case with Sophos last year but we never got to a solution.

Reply
  • 0

    Hi,

    I've had the same issue with blocked endpoints since the missing heartbeat feature was introduced a couple of years ago. It worked fine in SFOS 15.x.x were endpoints got blocked only at red heartbeat, not at missing heartbeat.

    Endpoints usually report missing or red heartbeat for a few seconds up to a couple of minutes right after a reboot, when they wake up from standby or after being idle for some time even though they have not gone into standby.

    I disabled heartbeat detection on all firewall rules and noticed that the flapping between green/red/missing drastically decreased which makes me believe this is a performance/capacity issue. When heartbeat detection is enabled on relevant firewall rules I receive numerous email from Sophos Central on missing heartbeat and the user experience is awful with random sign outs from web apps etc. I opened a support case with Sophos last year but we never got to a solution.

Children
No Data