Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 17519 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Heartbeat troubleshooting

SicorS.p.A.

Hi all,

I'm using a XG 310 and trying the sophos heartbeat with the Sophos Enpoint Security Advanced Protection.

All my client works fine and HB is correctly shown on the XG310 dashboard, but one single client continuosly switch from RED to GREEN state.

My Heartbeat logs show that this state changes every few seconds, but I don't have any log about WHY it is changing.

From cloud console, in the client event log, there isn't any trace of this problem. The client displayed correctly without error.

Now I'm going to remove and reinstall the endpoint security, but what I like to know is where I could get a more detailed log about this problem, as the standard firewall logs are completely useless.

Thanks



This thread was automatically locked due to age.
  • 0

    Now without any actions the switching client become fixed green, but I have a new client that costantly switch between yellow and red.

    In the XG310 logs I have only a Message ID 18013 that I don't know what it means.

    In the Sophos Cloud AV Console I don't have any evidence of this problem, the client is green and doesn't have any logs of warnings or errors in its history...

  • 0

    I think that the Copernicus project, as it is now, is a total crap.

    These are the problem (with XG310 MR3):

    - Sophos Heartbeat continuosly log off or lost credentials to the Sophos Cloud. Every time you need to disconnect Sophos Cloud account and reconnect. This happens 2 times/week. Don't know what will happen if you start using it on firewall rules!!!....

    - One or more devices continuosly reported RED on XG console, but on Cloud Console are perfectly GREEN and have no strange messages on the log.

    - The XG Heartbeat log is totally useless. You see only the state change, but no log or reasons, so is totally useless as it is.

    For now no luck with Sophos product, for both XG and Cloud antivirus... and these are very basic problem.. seems that debug of Sophos products is totally missing...

  • 0

    Hi All,

    Sophos Heartbeat identifies user health based on User traffic activity through Sophos Endpoint Protection. When an endpoint is installed on the system it connects with Sophos firewall to give synchronized security. Heartbeat notifies firewall when a user becomes infected with a malware that a firewall detects. Firewall blocks the endpoint from communicating inside or outside the network to help prevent harm until a healthy heartbeat is restored. During such instances, the heartbeat status for the system becomes red as the system is denied any communication through firewall until the threat is prevented and cured.

    If the heartbeat logs are changing every second, try to reinstall endpoint protection on the concerned system. When Sophos Endpoint Protection is removed from Endpoint there will be an Endpoint with Missing Heartbeat shown on the Firewall. Endpoint gets a new name and when Sophos Endpoint Protection will be reinstalled on the endpoint there are two Endpoints shown on the Firewall. A green one from the new installation and the old Endpoint shown as Missing Heartbeat. This is technically correct, as the new Installation of Sophos Endpoint Protection is identical to a new Endpoint. Monitor the behavior and the status after this exercise.

    To get rid of the old Endpoint, the Sophos Central admin has to remove it manually. 

    Can you raise a case in support and provide me the ticket# to deep inspect the behavior.

    Thanks