How to Whitelist ATTACK Simulator in Sophos Products

Modified on Fri, 25 Feb 2022 at 12:44 PM

Sophos Email Appliance (SEA)


Whitelisting in your Sophos Email Appliance (SEA) will allow your users to receive phishing and training-related emails from the ATTACK Simulator console. 


The instructions below include information from the SEA Configuration guide and the Allow/Block Lists article, both provided by Sophos. If you run into issues whitelisting ATTACK Simulator in your Sophos appliance, we recommend reaching out to Sophos for specific instructions. You can also contact our support team whenever you need assistance.


Modify the Allow/Block Lists


The Allow/Block lists allow you to define hosts and senders which are trusted or untrusted. Messages from allowed hosts and senders will bypass Sophos antispam filtering. 


To add ATTACK Simulator to the Allow list:

  1. In your SEA manager, navigate to Configuration > Policy > Allow Lists.
  2. Click the appropriate list to display the List Editor dialog box.
  3. If you have an additional spam filter in front of SEA, select the Senders tab. If you do not have an additional spam filter in front of SEA, select the Hosts tab
  4. In the Add entries text box, enter each required item* and click Add.
  5. *What you enter next varies depending on your selection in Step 3 (Hosts or Senders).
    1. On the Senders tab, enter ATTACK Simulator's email domains, one by one. For the most up-to-date list, please visit this page
    2. On the Hosts tab, enter ATTACK Simulator's IP. For the most up-to-date list, please visit this page.
  6. Optionally, you can also add ATTACK Simulator's landing domains to the Whitelisted URLs list. For the most up-to-date list, please visit this page.


Sophos Firewalls


Whitelisting in Sophos firewall allows users who've failed your phishing tests to access ATTACK Simulator's landing pages.


The instructions below were created for Sophos XG firewalls, so other versions of Sophos firewalls may require a different set of steps. We recommend reaching out to Sophos for specific instructions on how to whitelist ATTACK Simulator.


To whitelist in Sophos XG firewalls:

  1. Get the latest list of email and landing domains from this page.
  2. Log in to the portal for the firewall.
  3. Click on Web, located on the left.
  4. Click on Exceptions, located at the top.
  5. If you don’t have an exception list, click Add Exception.
  6. Provide a name (ATTACK Simulator) and an optional description for the list.
  7. Check the boxes to the right under Skip the selected checks or actions for the services you purchased.
  8. Check URL pattern matches.
  9. Enter each phish and landing domain, one line at a time, in the Search/Add box.
  10. Click the Save button at the bottom of the page.


After following this article, we recommend setting up a test phishing campaign to 1-2 users to ensure your whitelisting was successful. As a last resource, we suggest reaching out to your service provider for assistance. Click here for an email template you can send to your service provider.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article