Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1739 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Heartbeat is not working. Any Ideas why?

JanKellermann

Hi,

we want to begin selling XG Firewalls und Intercept X to our customers.

We are trying this features right know and cant get Security Heartbeat working.

We have a XG330 HA Cluster with FullGuard. A Central Account with with Intercept X Advanced for Server with EDR wich is installed on Windows Server 2016 Test Server.

This Server is successfully shown in the Central Console.

The two Firewall are also connectet to the Central Portal

The Agent shows no Error.

But in the XG Dashboard is no Security Hearbeat action at all..... in the Log viewer the Security Hearbeat Log is empty.

The Agent Logs under C:\ProgramData\Sophos\Heartbeat\Logs said:

 2021-02-22T11:13:32.566Z [2492:3964] - ----------------------------------------------------------------------------------------------------
a 2021-02-22T11:13:32.568Z [2492:3964] - Starting Heartbeat version 1.10.1051.0
a 2021-02-22T11:13:32.568Z [2492:3964] - ----------------------------------------------------------------------------------------------------
a 2021-02-22T11:13:32.852Z [2492:4132] - No configuration available to establish Heartbeat connection.

wich is also not very helpful?

Where did this configuration came from?

Can someone help me troubleshoot this?

Regards

Jan



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni

    Hi,

    the Server is in a Network wich is known in the LAN Zone of the XG Firewall. From the Server the Firewall is Pingable... an tracert runs with one hop to the XG Firewall on Layer 2 without any Routing.

    But the default Gateway of the Server is not the XG Firewall rather than our Core Router. But the Internet Route if the Core Router the will have the XG Firewall on the routing path again.

    So this shoudn not be the Problem.

    I reinstalled the Endpoint Software an it still says

    a 2021-02-22T12:19:48.922Z [2536:3292] - Starting Heartbeat version 1.10.1051.0
    a 2021-02-22T12:19:48.922Z [2536:3292] - ----------------------------------------------------------------------------------------------------
    a 2021-02-22T12:19:48.977Z [2536:3552] - No configuration available to establish Heartbeat connection.

    It loks like the Endpoint is never trying to find any XG Firewall becaus of missing Config.

  • 0 in reply to JanKellermann

    Does the Core Switch forward the HB IP + Port to XG or not? Check on the XG firewall for the HB Port, if something will eventually communicate. 

  • 0 in reply to LuCar Toni

    Did you mean this:

    Endpoints and XG Firewall communicate through an encrypted TLS connection over the IP address 52.5.76.173 on port 8347.

    A traycert to 52.5.76.173 will take like 7 hops to an amazonaws Server that has the XG Firewall on hop 2. So it looks like the Router do so. But i have to check for the Port.

    Do i need a XG Policie for this?

  • FormerMember
    0 FormerMember in reply to JanKellermann

    Please ensure that "Configure Synchronized Security Heartbeat" is set to GREEN or YELLOW in firewall rule configuration.

  • 0 in reply to FormerMember

    Hi, this was not set at all, but i have done this now.

    I also tried wireshark on the Server with "tcp.port == 8347" filter, but there is nothing trying to send Pakets over this Port. It is totaly empty.

    I was wondering if in the log souldnt be anything more than:

    - No configuration available to establish Heartbeat connection.

    And there are also no Packets to ip.dst==52.5.76.173

  • +1

    So everything works like a charm now. The mistake was a misconfigured default Policy for Server Protection in Sophos Central. This was used for testing some weeks ago and it was not set back to default, where Security Heartbeat is enabled. I my case it was disabled and for that reason it correctly was not active. :-( After applying the Policy default everthings begin to work magicly!

    Thank you guys for your help!!!

    King Regards

    Jan