If you are using Check Point Harmony Email & Collaboration in conjunction with Hoxhunt phishing simulations, you need to allowlist Hoxhunt in Check Point.
For most up to date instructions, please refer to Check Point's Harmony Email & Collaboration Administration Guide, specifically Managing Security Exceptions > Security Engine Exceptions > Anti-Phishing Exceptions.
Adding Anti-Phishing Exceptions (Allow-List)
Anti-Phishing Exceptions will make the Anti-Phishing engine stop scanning emails that match an Allow-List rule. The Anti-Phishing verdict will automatically be clean.
- Go to Security Settings > Exceptions > Anti-Phishing.
- In the drop-down from the top of the page, select the require exception type (Allow-List).
- Under Filters, define the criteria for filtering the emails, and click Search. You may also skip this step.
- Click Create Allow-List Rule to create a allow-list rule.
- If required, enter a description for the rule in the Comment field and click OK.
Filters to refine the email criteria for Allow-List
While refining the criteria for creating Allow-List, you can use these filters best suitable for Hoxhunt emails:
- Server IP - Emails from a specific server IP address. Use the following:
193.3.183.0/2535.156.0.138
- Headers - Emails that has a specific header + value. You can define these in Hoxhunt Admin Portal.
Bypassing Check Point Harmony with a Receive Connector?
Otherwise, even when Hoxhunt simulations are delivered directly to your M365, such mail flow rules will re-route simulations to Check Point and back to M365. This type of re-routing can cause Microsoft Advanced Delivery not to detect the original sender IP properly, causing simulations to be inspected and even quarantined.