How to Whitelist KnowBe4 in Sophos Products

Jump to:
Sophos Email Appliance (SEA)
Sophos XG Firewalls

Sophos Email Appliance (SEA)

Whitelisting in your Sophos Email Appliance (SEA) will allow your users to receive phishing and training-related emails from the KnowBe4 console.

The instructions below include information from the SEA Configuration guide and the Allow/Block Lists article, both provided by Sophos. If you run into issues whitelisting KnowBe4 in your Sophos appliance, we recommend reaching out to Sophos for specific instructions. You can also contact our support team whenever you need assistance.

Modify the Allow/Block Lists

The Allow/Block lists allow you to define hosts and senders which are trusted or untrusted. Messages from allowed hosts and senders will bypass Sophos antispam filtering.

To add KnowBe4 to the Allow list:

In your SEA manager, navigate to Configuration > Policy > Allow Lists.
Click the appropriate list to display the List Editor dialog box.
If you have an additional spam filter in front of SEA, select the Senders tab. If you do not have an additional spam filter in front of SEA, select the Hosts tab.
In the Add entries text box, enter each required item* and click Add.
What you enter next varies depending on your selection in Step 3 (Hosts or Senders).
- If on the Senders tab, enter KnowBe4's server hostnames, one by one. For the most up-to-date list, please see this article.
- If on the Hosts tab, enter KnowBe4's IPs, one by one. For the most up-to-date list of our IP addresses, please see this article.
Optionally, you can also add KnowBe4's phish link and landing domains to the Whitelisted URLs list. To do so, you'll need to navigate to your Domains subtab under Phishing in your KnowBe4 console.

Sophos Perimeter Protection

Many of KnowBe4's phishing emails will utilize senders from domains that don't exist. Sophos has a Perimeter Protection setting which blocks mail from any non-existent domains and we do not recommend that you shut this setting off, as shutting it off might allow real spam to come through your filters.

As a workaround, you can modify the senders in phishing templates to come from one of KnowBe4's phish link or landing domains. If you also add KnowBe4 to your SPF records, you'll be able to use phishing emails marked with a (Spoofs Domain) tag, as these emails will appear to come from your own domain.

Sophos Firewalls

Whitelisting in Sophos firewall allows users who've failed your phishing tests to access KnowBe4's landing pages.

The instructions below were created for Sophos XG firewalls, so other versions of Sophos firewalls may require a different set of steps. We recommend reaching out to Sophos for specific instructions on how to whitelist KnowBe4.

To whitelist in Sophos XG firewalls:

Contact support and request a copy of our phish domains and landing domains.
Log in to the portal for the firewall.
Click on Web, located on the left.
Click on Exceptions, located at the top.
If you don’t have an exception list, click Add Exception.
Provide a name (KnowBe4) and an optional description for the list.
Check the boxes to the right under Skip the selected checks or actions for the services you purchased.
Check URL pattern matches.
Enter each phish and landing domain, one line at a time, in the Search/Add box. XXXXXX and .com represent each phish and landing domain.
^([A-Za-z0-9.-]‌*\.)?XXXXXX\.com\.?/
Click the Save button at the bottom of the page.

Note: After following this article, we recommend setting up a test phishing campaign to 1-2 users to ensure your whitelisting was successful. As a last resource, we suggest reaching out to your service provider for assistance. Visit here for an email template you can send to your service provider.

Note: To ensure that you have whitelisted correctly, see our How to Verify You Have Whitelisted KnowBe4 Correctly article.