Heartbeat troubleshooting

Hi All,

Sophos Heartbeat identifies user health based on User traffic activity through Sophos Endpoint Protection. When an endpoint is installed on the system it connects with Sophos firewall to give synchronized security. Heartbeat notifies firewall when a user becomes infected with a malware that a firewall detects. Firewall blocks the endpoint from communicating inside or outside the network to help prevent harm until a healthy heartbeat is restored. During such instances, the heartbeat status for the system becomes red as the system is denied any communication through firewall until the threat is prevented and cured.

If the heartbeat logs are changing every second, try to reinstall endpoint protection on the concerned system. When Sophos Endpoint Protection is removed from Endpoint there will be an Endpoint with Missing Heartbeat shown on the Firewall. Endpoint gets a new name and when Sophos Endpoint Protection will be reinstalled on the endpoint there are two Endpoints shown on the Firewall. A green one from the new installation and the old Endpoint shown as Missing Heartbeat. This is technically correct, as the new Installation of Sophos Endpoint Protection is identical to a new Endpoint. Monitor the behavior and the status after this exercise.

To get rid of the old Endpoint, the Sophos Central admin has to remove it manually. 

Can you raise a case in support and provide me the ticket# to deep inspect the behavior.

Thanks

Hi All,

Sophos Heartbeat identifies user health based on User traffic activity through Sophos Endpoint Protection. When an endpoint is installed on the system it connects with Sophos firewall to give synchronized security. Heartbeat notifies firewall when a user becomes infected with a malware that a firewall detects. Firewall blocks the endpoint from communicating inside or outside the network to help prevent harm until a healthy heartbeat is restored. During such instances, the heartbeat status for the system becomes red as the system is denied any communication through firewall until the threat is prevented and cured.

If the heartbeat logs are changing every second, try to reinstall endpoint protection on the concerned system. When Sophos Endpoint Protection is removed from Endpoint there will be an Endpoint with Missing Heartbeat shown on the Firewall. Endpoint gets a new name and when Sophos Endpoint Protection will be reinstalled on the endpoint there are two Endpoints shown on the Firewall. A green one from the new installation and the old Endpoint shown as Missing Heartbeat. This is technically correct, as the new Installation of Sophos Endpoint Protection is identical to a new Endpoint. Monitor the behavior and the status after this exercise.

To get rid of the old Endpoint, the Sophos Central admin has to remove it manually. 

Can you raise a case in support and provide me the ticket# to deep inspect the behavior.

Thanks