I have a few questions about Heartbeat. I'm wanting to turn it on. I'm licensed, I just need to apply a setting onto a firewall rule now at this point.
1) Sorry if it's a dumb question, it just seems like many devices do not qualify to be sending a "heartbeat" to the XG, so what's keeping the XG from blocking those devices? Such as mobile phones, NAS, etc. Is it just that the XG only considers a device to require a heartbeat IF it has Central Endpoint installed at some point in history? All other devices pass Okay?
2) Given that many infections now spread from computer to computer such as Ransomware, wouldn't it be more effective to apply a HB requirement on a LAN-LAN rule or similar? This would at least help to prevent virus's from spreading in the network right? Everything I've seen so far, people apply HB requirement to the LAN-WAN rule so it was confusing. I get that their method would prevent BOTNET type traffic from calling home though, so that's good.
3) Another reason I could see to not apply the HB requirment onto the LAN-WAN rule is; what if you need to troubleshoot the device remotely, or if you just need to clean up a PUA and want to do it from the Central portal. Wouldn't that command to Clean never reach the infected device with the PUA since the XG would be blocking it?
- I thought perhaps a workaround might be to make an additional LAN-WAN FW rule above the main LAN-WAN rule which would allow traffic only to Teamviewer, Splashtop servers, and Sophos Central servers etc. Leaving all HB settings off on that rule, but turning them on for the main rule below. That way I could still troubleshoot remotely, log in remotely, and issue commands to clean PUA's remotely too. Does this sound accurate?
This thread was automatically locked due to age.
