Overview
If your organization is using Zscaler proxy solution, you might need to perform additional whitelisting to make sure Hoxhunt works properly.
There are multiple symptoms that may be caused by Zscaler:
- Hoxhunt add-in is experiencing sluggish performance
- Hoxhunt add-in is forced to run in Compatibility Mode and/or Intranet security zone
- Hoxhunt add-in's Task pane doesn't load properly or it's loaded in a separate browser window
- Hoxhunt Results pop-up window doesn't load properly
- Hoxhunt add-in works only on second attempt
- User must access any URL with Edge browser before Hoxhunt add-in works
- End users are unable to click through links in Hoxhunt's simulated threat emails
- All fail links used in Hoxhunt training emails are inspected by Zscaler and blocked, preventing the user from failing the training email
Bypass Hoxhunt around Zscaler proxy
As a rule of thumb, Zscaler should not handle Hoxhunt's traffic. If possible, simply exempt *.hoxhunt.com. If this is not possible, exempt the following:
- officejs.hoxhunt.com
- api.hoxhunt.com
- game.hoxhunt.com
- app.hoxhunt.com
- auth.hoxhunt.com
Exempt Hoxhunt from Cloud apps authentication
https://help.zscaler.com/zia/exempting-urls-cloud-apps-authentication
Exempt Hoxhunt from SSL inspection
https://help.zscaler.com/zia/skipping-inspection-traffic-specific-urls-or-cloud-apps
Create a Custom URL Category
Your Hoxhunt Onboarding Manager will provide you with the up to date list of lookalike and training domains used in the Hoxhunt training.
Once you have received the list of domains:
- Go to Zscaler Cloud Portal - URL Categories
(or navigate to Zscaler Cloud Portal > Administration > URL categories) - Click on the pencil icon to edit your allowlist.
- Copy and paste the entire list of Hoxhunt training domains to “Add items” in URLs Retaining Parent Category.
(TIP: You can use ".domain.com" syntax to ensure that subdomains are also allowlisted) - Click Save.
- Select Activation > Activate.
Security Exceptions
You need to add the same list of domains (provided by Hoxhunt Onboarding Manager) to the Security Exceptions, otherwise malware scanning might affect the user's access to the fail links. For example, they might see the following error:
ERR_SSL_PROTOCOL_ERROR
The security exceptions can be found through the path below in Zscaler Cloud Portal:
Policy > Malware Protection > Security Exceptions
For more information about Zscaler Allow/whitelisting:
https://help.zscaler.com/zia/adding-urls-allowlist