Jump to:navigation, search
Wiki

Whitelisting for Awareness Plus

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden


















{{var | 1=URL-Filter--Menü | 2=Konfiguration in der Securepoint UTM unter {{{Menu-UTM|Anwendungen|Mailfilter|URL-Filter} | 3=Configuration in Securepoint UTM under { Applications Mailfilter  Area URL-Filter}





















Whitelisting for the simulated phishing emails of the Securepoint Awareness PLUS training course

Last adaption: 02.2025

New:
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Applications Mailfilter


Whitelisting UTM

In order for the simulated phishing mails of the Securepoint Awareness PLUS training to reach the users, a whitelisting must be configured in the mail filter of the UTM.
Otherwise, the mails might be discarded by the UTM.


Filter rules

Configuration in Securepoint UTM under { Applications Mailfilter  Area Filter Rules button Add Rule

Caption Value Description Add Filter Rule UTMuser@firewall.name.fqdn Application Mail filter Whitelist Filterregel erstellen
Rule name: AwarenessWhitelist Unique name
Perform action: Accept email Lets the email pass
Connect criteria with and operator All criteria must apply
If an email is received: notempty
Anpassung auf neue IP-Range in 02.2025
and source host

passt auf regex ^18\.153\.184\.([1-9]|[12]\d|30)$

IP address from which to receive simulated phishing emails.
The specific IP address differs depending on the industry package and email templates chosen.
The IP address can be found in the Awareness Manager portal under SimulationWhitelisting in the Email Server section.
and header field

Reply-To is »absender@securepoint.awareness.domain

Sender address of the simulated phishing mail
The specific sender address differs depending on the industry package and email templates chosen.
The sender addresses used can be found in the Awareness Manager portal under SimulationWhitelisting in the section Envelope sender addresses (technical senders)
Save Saves the settings


URL Filter

Caption Value Description Add Rule UTMuser@firewall.name.fqdn Application Mail filter URL-Filter Regel hinzufügen
Add Rule https://simulierte.phishing.url Emails must not be blocked based on domains included in phishing links.
The specific domains differ depending on the industry package and email templates chosen.
The domains can be found in the Awareness Manager portal under SimulationWhitelisting in the List of domains used in phishing links section.
Tab Action By default new URLs are blocked.
The action must be changed to allow.
Deletes the url filter rule


Whitelisting Mailserver

It must be ensured that the mail server does not filter emails itself.
For this purpose, please adjust the configuration of your own mail filter accordingly.


Whitelisting with Microsoft 365

There is a separate Wiki article for whitelisting in Microsoft 365.

Retrieved from "https://wiki.securepoint.de/index.php?title=AWP/Whitelisting&oldid=94576"