I'm sure this has been asked before but when searching the forums using email from keywords I get a ton of hits. My issue is something I'm sure others are or should complain about. Why on earth does Sophos messages come directly from the end point and have an email from address that you can't control? I've done quite a bit of testing and the best I can get is an email sent on behalf of someone else, which doesn't cut it with our ticketing system. Why can't the email come from the EC? And why can't we control the from address? I could very easily have tickets automatically opened in our ticketing system under the proper customer name if I could control the "true" from address on messages sent from the AV/HIPS policy. Other notifications like the Dashboard that come directly from EC work great and the from address you specify is actually used in the email.
Now I'm trying to use SNMP traps as an alternative and they work fine inside a LAN, however once we get firewalls/VPN tunnels in the mix, even when we know traps are allowed, Sophos won't send them. We've tested other traps from the same systems using different software and they arrive at the trap server with no problems, yet when we use the Savtest tool, the triggers are not sending any traps unless the system is on the same network as the trap receiver. This only happens with the Sophos EC policies. Like I said, I know the firewalls are allowing traps accross the VPN's as we have other traps working just fine. It appears to be an issue specifically with Sophos.
This thread was automatically locked due to age.