Sophos Firewalls
Whitelisting in Sophos firewalls allows users who’ve failed your phishing tests to access CyberLearn’s landing pages.
These instructions were created for Sophos XG firewalls; other Sophos versions may require slightly different steps. We recommend reaching out to Sophos for product-specific instructions on how to whitelist.
To whitelist in Sophos XG firewalls:
- Contact support and request a copy of our CyberLearn phishing and training (landing) domains.
- Log in to the web portal for the firewall.
- Click on Web, located on the left.
- Click Exceptions, located at the top.
- If you don’t have an exception list, click Add Exception.
- Provide a name (CyberLearn) and an optional description for the list.
- Check the boxes to the right under Skip the selected checks or actions for the services your organization uses.
- Check URL pattern matches.
- Enter each phishing and landing domain, one line at a time, in the Search/Add box. Examples:
go.cyber-detector.com(click/open tracking for simulations)app-cyberlearn.com(training portal)api.app-cyberlearn.com(API calls)*.cyber-detector.com- *.veriffy-center.com
- *.user-messagee.com
- *.access-portall.com
- *.delivery-statuss.com
- *.document-serviice.com
- (Optional wildcard/regex pattern, if your policy permits):
^([A-Za-z0-9.-]+\.)?cyber-detector\.com$^([A-Za-z0-9.-]+\.)?app-cyberlearn\.com$
- Click the Save button at the bottom of the page.
Note: After following this article, we recommend sending a test phishing campaign to 1–2 users to ensure your whitelisting was successful. If issues persist, reach out to your service provider or Sophos support.
Tip: To ensure that you have whitelisted correctly, open a CyberLearn simulation link from a client behind Sophos and verify that the landing page loads immediately and that the click shows in CyberLearn analytics.
