Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Heartbeat is not working. Any Ideas why?

JanKellermann

Hi,

we want to begin selling XG Firewalls und Intercept X to our customers.

We are trying this features right know and cant get Security Heartbeat working.

We have a XG330 HA Cluster with FullGuard. A Central Account with with Intercept X Advanced for Server with EDR wich is installed on Windows Server 2016 Test Server.

This Server is successfully shown in the Central Console.

The two Firewall are also connectet to the Central Portal

The Agent shows no Error.

But in the XG Dashboard is no Security Hearbeat action at all..... in the Log viewer the Security Hearbeat Log is empty.

The Agent Logs under C:\ProgramData\Sophos\Heartbeat\Logs said:

 2021-02-22T11:13:32.566Z [2492:3964] - ----------------------------------------------------------------------------------------------------
a 2021-02-22T11:13:32.568Z [2492:3964] - Starting Heartbeat version 1.10.1051.0
a 2021-02-22T11:13:32.568Z [2492:3964] - ----------------------------------------------------------------------------------------------------
a 2021-02-22T11:13:32.852Z [2492:4132] - No configuration available to establish Heartbeat connection.

wich is also not very helpful?

Where did this configuration came from?

Can someone help me troubleshoot this?

Regards

Jan



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Did you mean this:

    Endpoints and XG Firewall communicate through an encrypted TLS connection over the IP address 52.5.76.173 on port 8347.

    A traycert to 52.5.76.173 will take like 7 hops to an amazonaws Server that has the XG Firewall on hop 2. So it looks like the Router do so. But i have to check for the Port.

    Do i need a XG Policie for this?

  • FormerMember
    0 FormerMember in reply to JanKellermann

    Please ensure that "Configure Synchronized Security Heartbeat" is set to GREEN or YELLOW in firewall rule configuration.

  • 0 in reply to FormerMember

    Hi, this was not set at all, but i have done this now.

    I also tried wireshark on the Server with "tcp.port == 8347" filter, but there is nothing trying to send Pakets over this Port. It is totaly empty.

    I was wondering if in the log souldnt be anything more than:

    - No configuration available to establish Heartbeat connection.

    And there are also no Packets to ip.dst==52.5.76.173