Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 20 replies
  • Subscribers 30 subscribers
  • Views 71050 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to make security heartbeat work?

ShunzeLee

Dear Sir,
I have apply a trial Sophos Central for 30 days,
and make it to integrate with XG home version.

Both the Central & XG get sync each other,
but the XG's Security Heartbeat always show 0.

How to make XG's security Heartbeat work?

Sophos Central's license as below.

XG's security heartbeat enabled.

Sophos Central get XG appliance.

Sophos Central has user & computer on it.



But the security heartbeat is always 0?

If I enable security heartbeat on LAN to WAN rule,
the user would be blocked, since it's status won't sync to XG.

Anybody know what's wrong with the setting?



This thread was automatically locked due to age.
Parents
  • 0

    HI ShunzeLee, 

    Let me check and get back to you . 

    Thanks 

    Aditya Patel 

  • 0 in reply to Aditya Patel

    I have changed the XG from Home Virtual version to real appliacne,

    but got the same result...

     

    Maybe Sophos Central 30 days trial version doesn't support heartbeat?

  • 0 in reply to ShunzeLee

    Hi Shunzelee

    The reason this is not working is because the heartbeat (connection to endpoint is located on Sophos Central)- You'll need a seperate firewall rule to allow communication to Sophos Central servers. 

    After this point, you should be able to see the number increase.

    Below are the FQDNs if you need to create a rule

    sophos.com
    mojave.net
    sophosupd.com
    sophosupd.net
    sophosxl.net
     
    Hope that helps.
  • 0 in reply to varunparikh

    No rules are needed to allow communication to Sophos Central. Communication is allowed by default from XG.

    You can use a tcpdump to check the communication with Sophos URL and post it!

  • +1 in reply to lferrara

    Hello Luk

    I checked this and I unfortunately I will have to disagree with you on this. 

    When I disabled the firewall rule for my machine, the ping stopped. 

    when enabled, ping worked. 

    Screen shot below:

     

    Once again, what I meant above is to allow communication from endpoints to Sophos URLs, I understand that Firewall to Sophos URLs will always work. 

    Hope this helps.

  • 0 in reply to varunparikh

    Thanks Varun.

    I tested heartbeat on v15 and it was working correctly.

    Something changed?

    This can dangerous! If an admin block internet to some devices to internet, those devices with hb will stop to work. Admins prefer to set deny rules on top.

    I think that hb should work as hidden or be controlled by device access.

    I was quite sure that no policy rules were needed on v16.

    This can be very very dangerous and confuse admins that do not know that!

    Another feature request?

    Thanks Varun!

Reply
  • 0 in reply to varunparikh

    Thanks Varun.

    I tested heartbeat on v15 and it was working correctly.

    Something changed?

    This can dangerous! If an admin block internet to some devices to internet, those devices with hb will stop to work. Admins prefer to set deny rules on top.

    I think that hb should work as hidden or be controlled by device access.

    I was quite sure that no policy rules were needed on v16.

    This can be very very dangerous and confuse admins that do not know that!

    Another feature request?

    Thanks Varun!

Children
  • 0 in reply to lferrara

    Varun,

    so if this is the behaviour, al already LAN to WAN Policy rule where traffic HTTP/HTTPS is allowed, this should be enough for Sophos HB devices to communicate with Sophos Central.

  • 0 in reply to lferrara

    Thanks for your reply Luk. 

    I believe you tested on v15 (On premise SEC - endpoint), is that correct?

    I will have this checked again at my end and report back to you. 

    The local heartbeat would work, I think our question here is that if the endpoint would be able to communicate with the Sophos update servers on a deny poilcy, or a policy is needed for communication. 

    I can see a new "cache endpoint updates" in the web protection, so I would also evaluate that and share my results with you.

    Regards,

  • 0 in reply to varunparikh

    Thank Varun.

    Cache endpoint updates is used to reduce Sophos Endpoint updates traffic.

    I tested HB with Cloud Version (SEC does not have HB feature at the moment).

    Sophos Clients with HB must have constant communication to Sophos Central. As I said, this behaviour must change and be controlled by a command line or device access ACL.

    As I wrote, this can be misleading to XG Admins that do not know that.

    Please Varun, test the HB using a deny rule for some devices and check the communication to Sophos Central (using Tcpdump) and reply here back!

    Thanks