Menu

Whitelisting by IP Address in GSuite/Google Apps

Avatar
Katie Brennan
Updated
Follow

How to Whitelist by IP Address in GSuite/Google Apps

The below instructions will show you how to whitelist KnowBe4's simulated phishing emails and training notifications by IP address in your GSuite environment. This method of whitelisting is a two-part process:

Note:

GSuite customers should also disable the return-path header in their KnowBe4 Account Settings prior to sending out phishing tests. Click here to see how to do that.

 

Part 1: Add KnowBe4's IP addresses to Email Whitelist

This is the recommended setting if you do not have a cloud-based spam filter in front of GSuite. If you do have a cloud-based spam filter, you should whitelist us by our IP addresses in the filter, and whitelist by header in GSuite

We recommend setting up a test phishing campaign to yourself or a small group after you follow the below steps to ensure your whitelisting was successful. The setting may take up to an hour to propagate to all users, so wait at least an hour before testing.

 

 

      1. Select GSuite.

 

      1. Select Gmail.

  

      1. Select Advanced Settings.

  

      1. In the Organizations section, highlight your Domain (Not an OU).

  

        1. In the Email whitelist section, enter the following IP addresses separated by commas:
          • 192.254.121.248
          • 23.21.109.197
          • 23.21.109.212

Note:

If you're on the EU instance of KnowBe4, the IP addresses you need to whitelist will be different. See here for more information.

 

 

Note: GSuite does not allow whitelisting by IP Address for individual OUs, only the entire domain.

      1. Scroll to the bottom and click Save. The setting may take up to an hour to propagate to all users.

 

Reference: Email Whitelist in Google Suite

Back to top

 

Part 2: Add KnowBe4's IP addresses as Inbound Gateways

This method of whitelisting is to prevent the following Google banners from appearing in your user's inbox when they receive a simulated phishing test from KnowBe4:

This message seems dangerous

Be careful with this message

Note, we have found that this process exempts KnowBe4 simulated phishing emails from the Gmail banner warnings. However, this is not documented by Google as a whitelisting recommendation.

  1. Log in to your Google Admin Console.
  2. Navigate to Apps > GSuite > Gmail > Advanced Settings.
  3. Under General Settings, select your top-level organization (typically your primary domain) on the left.
  4. Scroll down to the Inbound Gateway setting located under the Spam section. Hover over the setting and click the Edit button. This will open the Inbound gateway screen.
  5. Configure the Inbound gateway using the settings below:

    1. Gateway IPs
      Add the IP Addresses for KnowBe4:
      • 23.21.109.197
      • 23.21.109.212
      • 192.254.121.248
    2. Leave the Reject all mail not from gateway IPs option unchecked.
    3. Check Require TLS for connections from the email gateways listed above.
    4. Message Tagging
      Enter text for the Spam Header Tag that is unlikely to be found in a PST email. This field is required.
      • Example: kzndsfgklinjvsdnfioasmnfroipdsmfs
    5. Select the Disable Gmail spam evaluation on mail from this gateway; only use header value option.
    6. Click the SAVE button.

Back to top

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Related articles