Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 870 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Heartbeat Authentication stopped working

John Nickell

First this seems to be a client issue, because I'm not getting reports of others being affected, but I have seen this happen with different clients over time with Sophos and the only resolution I've found so far has been to restart the computer.

I'd like to find out "why" it's happening and if there's a resolution short of restarting the entire computer.

In today's example I was connected with Sophos Connect client on an IPSEC VPN connection.  This appears to still be up and intact. 

I was working over VPN, had an RDP session open as well as a connection to an internal website and SQL server all of which required my computer to authenticate with heartbeat.

"without any warning" the firewall has now deemed my computer as to not be authenticated via heartbeat which means all of the resources I had open are no longer available if they require heartbeat authentication.

I verified that Sophos Central shows my computer has a green status. I don't see any windows events that would have contributed.



This thread was automatically locked due to age.
  • 0

    Hi John, 

    are you still seeing the heartbeat from your machine on the sophos firewall ? heartbeatd.log can be off help here, also acces_server.log by taking the access_server in to debug can help you understand why your machine is being logged off. 

    -Cheers,
    kranthi

  • 0 in reply to kranthi yadlapudi

    At the time the firewall was still showing me as connected under live users.

    I'll have to look for those logs later. I wound up restarting my computer so I could get work done.

  • 0 in reply to kranthi yadlapudi

    Could you expand on where I can find these logs next time this happens?

  • 0

    Do you see in Logviewer any reason of logging off this user in this time frame? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I apologize for the radio silence but today's the first time this has reoccurred and yet again it happened right as I am "needing" access to resources that I had setup to require heartbeat authentication.

    I was working over the VPN connected to head office firewall and accessing the branch office firewalls (over SDWAN). I was attempting to view another internal resource over the SDWAN when I was blocked due to "Your device does not meet the security heartbeat requirements for this network."

      In the HeadOffice firewall's "Security Heartbeat" log viewer I only see the "green" status that was logged when I connected to the the VPN about an hour prior to the incident

    In it's Authentication log, the last event for my user is a successful login when connecting to the VPN.

    When I look at the Firewall log there are events even prior to my "issue" that indicate a lack of heartbeat from my client even though I wasn't overtly experiencing an issue at the time.

    I see nothing in the Sophos Connect client, or Endpoint agent to indicate a change in status. 

    I'm not sure where else to look at the moment.

    A possible contributor to why I experienced the issue today and had not in a while is that I had been making a practice of shutting my computer down and starting it cold between days recently, however last night I only 'slept/hibernated' it. If this was really a contributor I'm not sure why it would have worked to begin with.

    I appreciate any advice you can provide on where to look the next time this happens. I'm not aware that this is impacting others, but I'd like to have an answer if it ever does.

Unfiltered HTML