Avanan Safelisting Guide

How to setup whitelisting in Avanan

If your organization uses Avanan, you can safelist BullPhish ID in Microsoft 365 and Google Workspace to ensure that simulated phishing and training notification emails are delivered. To safelist BullPhish ID, you can create rules in Microsoft 365 and Google Workspace to communicate to Avanan that messages from BullPhish ID don't need to be blocked or filtered.

Safelisting in Avanan for Microsoft Office 365

To whitelist BullPhish ID in Office 365, you must create a mail flow rule in the Exchange admin center. This rule will look for BullPhish ID IP addresses and add a header that lets Avanan know that the email is safe.

To set up this mail flow rule, follow the steps below:

  1. Log into your Microsoft Admin console.

  2. From the navigation panel, navigate to Admin centers > Exchange. You can also access the Exchange admin center by navigating to admin.exchange.microsoft.com.

  3. From the navigation panel, navigate to mail flow > rules.

  4. At the top of the page, click the plus sign icon to open a drop-down menu.

  5. From the drop-down menu, select Create a new rule. When you select this option, a new rule pop-up window will open. 

  6. In the Name field, enter a name for the rule. For example, you could enter "BullPhish ID whitelisting".

  7. In the Apply this rule if… drop-down menu, hover your mouse over The sender, then select IP address is any of these ranges or exactly matches. When you select this option, a specify IP address ranges pop-up window will display. image-20220914-131825.png

  8. In the pop-up window, enter the IP addresses from a list you can find in this article in a chapter called “IP Addresses”. After entering each IP address, click the plus sign icon to add it.
  9. Click the OK button.

  10. In the Do the following… drop-down menu, select Modify the message properties, then select set a message header.

  11. Click the first Enter text… option next to the Do the following... field. When you click this option, a message header pop-up window will open.

  12.  In the Header name field, enter X-CLOUD-SEC-AV-Info.

    image-20220914-131947.png
  13. Click the OK button.

  14. Select the second Enter text… option next to the Do the following... field. When you click this option, a header value pop-up window will open.

  15. In the pop-up window, enter [portalname],office365_emails, inline, but replace [portalname] with the name of your Avanan portal.

  16. Click the OK button.

  17. Under Properties of this rule, select the Audit this rule with severity level check box.

  18. Under Choose a mode for this rule, select the Enforce option.

  19. Select the Stop processing more rules check box.

  20. Click the Save button to apply this rule to your server.

For more information about mail flow rules in Office 365, see Microsoft’s Manage mail flow rules in Exchange Online article.

Whitelisting in Avanan for Google Workspace

To whitelist BullPhish ID for Gmail, you must create a new content compliance rule and modify an existing Avanan rule. The new rule will identify Bullphish ID IP addresses and add a header that lets Avanan know that the message is safe. Creating this rule will prevent any sandboxing tools that your organization uses from blocking simulated phishing tests and training notifications.

First, create a content compliance rule by following the steps below:

  1. Log into your Google Admin console.

  2. From the Admin console home page, navigate to Apps > Google Workspace > Gmail.

  3. If you manage more than one organization, select the organization where you would like to apply the rule from the navigation panel.

  4. Scroll down to the Compliance section of the page.

  5. Hover your mouse over the Content Compliance setting.

  6. Click the CONFIGURE or ADD ANOTHER button, depending on whether you have already added a rule. When you click either of these buttons, an Add setting pop-up window will open.

  7. Under Content compliance, enter a description of this rule. For example, you could enter "BullPhish ID whitelisting".

  8. Under step one, select the Inbound check box.

  9. Under step two, fill out the fields by following the steps below:

    • In the drop-down menu, select If ALL of the following match the message. When you select this option, an Expressions section will display.

    • In the Expressions section, click the ADD button.

    • In the drop-down menu, select Metadata match.

    • In the Match type drop-down menu, select the Source IP within the following range.  

    • In the Match type field, enter 34.237.252.20.

  10. Under step 3, fill out the fields by following the steps below:

    • In the drop-down menu, select Modify message.

    • Under Headers, select the Add custom headers check box. When you select this check box, a Custom headers section will display.

    • In the Custom headers section, click the ADD button. 

    • In the Header name field, enter "X-CLOUD-SEC-AV-Info.

    • In the Value field, enter [portalname],googlr_mail, inline, but replace [portalname] with the name of your Avanan portal.

  11. Click the SAVE button.

Next, modify the existing content compliance rule by following the steps below: 

  • Navigate to the Compliance section of your Gmail settings again.

  • Hover your mouse over the Content Compliance setting.

  • Click the EDIT button. When you click this button, an Add setting pop-up window will open again.

  • Under step two, click Edit next to next to the [portal_name]__inline_ei rule, where [portal name] is replaced by the name of your Avanan portal. 

  • Modify the fields by following the steps below:

    • From the first drop-down menu, select Metadata match.

    • From the Attribute drop-down menu, select Source IP.

    • From the Match type drop-down menu, select Source IP is not within the following range. When you select this option, a field will display below this drop-down menu.

    • In the Match type field, enter 34.237.252.20.

  • Click the SAVE button. Now, you'll have two conditions under this rule.

For more information about content compliance rules in Google Workspace, see Google’s Set up rules for advanced email content filtering page.

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section