Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 284 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

send user information to off site XG through WAN Port

Bjoern Mueller

Hi there,

following Setup:

Multiple Sites/Locations with multiple Sophos XG connected through MPLS over the WAN interface. All Computer have Sophos Endpoint Security installed that is sending heartbeat to the nearest Firewall.

If a user's PC is located within Site #1 i can use the rules (on Site #1 firewall) based on the username and even the log shows the username. Same for Site #2 if the user is located in Site #2. It happens often that a user from Site #1 is accessing a PC on Site #2 which means both firewalls are involved. This is working perfectly till it comes to the point where i cannot make a rule on Site #2 based on the username.

So is there any possibility that the Heartbeat information from Site #1 is forwarded to Site #2 and vice versa? Or is there any other possibilty to limit access to Site #2 (in the firewall of Site #2) based on a information that is transfered from Site #1 (except the user's [dhcp] IP address).

Thanks in advance for any help on this...



This thread was automatically locked due to age.
  • 0

    Hello Bjoern,

    Thank you for contacting the Sophos Community.

    I think this won't be possible but you can confirm with your Sales Engineer if they have seen this requirement before.

    The endpoint sends their heartbeat info to the heartbeat magic IP and that just hits whichever XG is their Gateway, it can't forward to a 2ng XG.

    The only way I would see this working would be if user #1 VPNs into Site #2, so the Magic IP reaches that other XG.

    Regards,