Skip to content

Enable Synchronized Application Control when Heartbeat is used

Low

Explanation

Security Heartbeat is a feature that allows endpoints and firewalls to communicate their health status with each other. This feature allows the Sophos Firewall and Sophos Central administrators to define policies for network access based on the endpoint's health status.

Resolution

  1. Go to SYSTEM > Sophos Central.
  2. Click Register and ensure that Security Heartbeat is turned on.
  3. Select the following filters in PROTECT > Rules and policies > Firewall rules and click OK:

    • Rule type: User and Network
    • Source zone: LAN and DMZ
  4. Edit your rule that has Configure Synchronized Security Heartbeat.

  5. Set Minimum source HB permitted to either Green or Yellow.
  6. Click Save.

Note

  • If the rule is configured to allow egress traffic with Sophos Endpoints connecting to resources on the WAN zone, set Minimum source HB permitted to either Green or Yellow for tighter security control.
  • If the rule is configured to allow traffic between the LAN and DMZ zones with communication between Sophos protected endpoints and server, configure additional control by setting both Minimum source HB permitted and Minimum destination HB permitted to either Green or Yellow.

More resources