Security Awareness Safelisting in Proofpoint Protection Services
Situation | Customer has PPS and it is preventing emails from reaching the configured email address |
---|---|
Version | Proofpoint Essentials Security Awareness Proofpoint Protection Services |
Summary | You will need to Safelist all relevant IPs Create policy routes |
Question
How do I ensure my Proofpoint Security Awareness Training products run properly using Proofpoint Protection Services?
Answer
You must complete the following steps in order to safelist Security Awareness Training in Proofpoint Protection Services. ALL steps must be completed.
See the Safelisting Guide for the list of IPs needed.
Create a Policy Route of the necessary IPs
- Click on System at the top, then Policy Route on the menu on the left
- Click New Route at the top of the page
- Give the Route an ID (No Spaces) and a Description (Suggest Proofpoint_PSAT)
- Click on Add Condition
- Select Sender IP Address for the Condition
- Select Equals for the Operator
- Enter one of the IP addresses for your region (Safelisting Guide)
- Click Add and New Condition to enter the next IP
- Repeat Steps 4 ~ 8 using the OR radio button at the top until all IPs are entered
- Click Add Condition to close the pop-up
- Click Save Changes at the top to save the Policy Route
Use the Policy Route to bypass the Spam Module
- Click on Email Protection > Spam Detection > Settings > General
- Verify Disable Processing for Selected Policy Routes is enabled
- If not, click the checkbox to enable the feature
- Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to the Disable for any of box
- Click Save Changes
Use the Policy Route to Bypass the Anti-Spoofing Rules
- Click on Email Protection > Email Firewall > Rules
- Click Edit Rule for your current, active, anti-spoofing rule
- Under Conditions, verify Disable Processing for Selected Policy Routes is enabled.
- If not, click the checkbox to enable the feature
- Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to the Disable for any of box
- Click Save Changes
Use the Policy Route to Bypass the Anti-Virus Rule (CLEAR Implementations)
- Click on Email Protection > Virus Protection > Settings > Rules
- Verify Disable Processing for Selected Policy Routes is enabled
- If not, click the checkbox to enable the feature
- Under Conditions, verify Disable Processing for Selected Policy Routes is enabled
- If not, click the checkbox to enable the feature
- Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to the Disable for any of box
- Click Save Changes
Use the Policy Route to Bypass TAP Attachment Defense
- Click on Email Protection > Targeted Attack Protection > Attachment Defense > Settings
- Verify Disable Processing for Selected Policy Routes is enabled
- If not, click the checkbox to enable the feature
- Select the Proofpoint_PSAT Policy Route from the list and use the >> button to move it to the Disable for any of box
- Click Save Changes
Note: The policy route built to tag the Phishing messages should also be disabled on the System > Settings > System menu, under the Enable Traffic Statistics Feedback to Proofpoint options, in the Disable Processing list.
IMPORTANT: If additional filtering is occurring after PPS\TAP, it will be necessary to create an additional rule to add a header and value to the email for further safelisting downstream.
Create a Rule for adding a header using the created Policy Route
- Click on Email Protection > Email Firewall > Rules
- Click Add Rule
- Enable the new rule by clicking the On option under Enable
- Give the Route an ID (No Spaces) and a Description
- Click the option to Restrict Processing and select the Policy Route previously created
- Click Add Condition
- Select Message Size for the Condition and Greater Than or Equal for the Operator
- Set the Value for 1 then click Add Condition
- Under Dispositions, click Change Message Header
- Select Add Header for the Operation
- Provide a name for the Header, then add a Value
- Click Add, then Save to make the rule active
Note: When generating a header, create one that aligns to your organization’s standards and allows Administrators to easily identify.
If the message from the Platform is still being blocked, first use PPS SmartSearch and Exchange Search to see what is blocking the messages.