Firewall alerts

These are Firewall alerts.

There are the following types of firewall alerts.

Security

Alert type

Description

Severity

What has Sophos done so far?

Advanced Threat detected

An attempt to communicate with a botnet or command and control server has been detected.

Medium

We've logged details about the event, and notified administrators.

Missing Heartbeat

An endpoint that previously had a security heartbeat is still communicating on the network, but its security heartbeat has been lost.

High

We've detected the activity, and notified administrators.

Any firewall rules set to block RED heartbeat activity may have also blocked connections from the endpoint.

System health

Alert type

Description

Severity

What Sophos has done so far

High CPU usage on firewall.

The firewall's CPU usage has been at or above 100% for more than 30 minutes.

Medium

Nothing.

Your users may be experiencing issues.

High memory usage on firewall.

The firewall's memory usage has been at 100% for more than 30 minutes.

Medium

Nothing.

Your users may be experiencing issues.

High disk usage on firewall.

The firewall's disk usage has been at 100% for more than 30 minutes.

Medium

Nothing.

Your users may be experiencing issues.

Connectivity

Alert type

Description

Severity

What Sophos has done so far

Firewall gateway down

Gateway <Gateway name> is down.

High

Nothing.

Firewall gateway up

Gateway <Gateway name> is up.

Info

Nothing.

Firewall lost connection to Sophos Central.

Firewall hasn't checked in with Sophos Central for the past <x>minutes.

High

Nothing.

Firewall re-connected to Sophos Central.

Firewall connection to Sophos Central has been restored.

Info

Nothing.

Firewall VPN tunnel down.

IPsec connection between <Site1> with<IP from> and <Site2> with <IP to> has closed.

Medium

Nothing.

Firewall VPN tunnel connection restored.

IPsec connection between <Site1> with <IP from> and <Site2> with <IP to> has reconnected.

Info

Nothing.

Firewall HA degraded.

One of the HA nodes is down or degraded. Your HA pair is unavailable.

Medium

Nothing.

Firewall HA state restored.

Both HA nodes are now connected and in good health.

Info

Nothing.

Firewall RED tunnel down.

<red tunnel name> is disconnected.

Medium

Nothing.

Firewall RED tunnel connection restored

<red tunnel name> is connected again after 89000 ms.

Info

Nothing.

General

Alert type

Description

Severity

What Sophos has done so far

New firewall registered with Sophos Central.

You've successfully registered a new firewall with Sophos Central.

Info

We've added the firewall to the Firewall Management list.

You can now turn on Synchronized Security.

Firewall awaiting management approval.

You've turned on Sophos Central management for this firewall. This is awaiting approval.

Medium

Nothing.

You need to approve management.

New firewall wait time expired.

A firewall was awaiting management approval for more than 30 days, and the wait time has expired.

Medium

We've canceled the management request.

New firewall zero-touch process canceled by local admin.

You've stopped the zero-touch process on this firewall.

Medium

The zero-touch process has stopped.

We've removed the firewall from the Firewall Management list.

Firewall management turned off for firewall.

You've turned off Firewall management for this firewall.

Medium

We've kept the firewall in the Firewall Management list.

You can't manage it. It won't report events or send backups to Sophos Central.

Firewall de-registered from Sophos Central

You've de-registered the firewall.

Medium

We've removed the firewall from the Firewall Management list in Sophos Central.

We've turned off any configured Synchronized Security features on the firewall.