Allow/whitelisting Zscaler proxy solutions

Overview

If your organization is using Zscaler proxy solution, you might need to perform additional whitelisting to make sure Hoxhunt works properly.

 

There are multiple symptoms that may be caused by Zscaler:

  • Hoxhunt add-in is experiencing sluggish performance
  • Hoxhunt add-in is forced to run in Compatibility Mode and/or Intranet security zone
  • Hoxhunt add-in's Task pane doesn't load properly or it's loaded in a separate browser window
  • Hoxhunt Results pop-up window doesn't load properly
  • Hoxhunt add-in works only on second attempt
  • User must access any URL with Edge browser before Hoxhunt add-in works
  • End users are unable to click through links in Hoxhunt's simulated threat emails
  • All fail links used in Hoxhunt training emails are inspected by Zscaler and blocked, preventing the user from failing the training email

 

Bypass Hoxhunt around Zscaler proxy

As a rule of thumb, Zscaler should not handle Hoxhunt's traffic. If possible, simply exempt *.hoxhunt.com. If this is not possible, exempt the following:

  • officejs.hoxhunt.com
  • api.hoxhunt.com
  • game.hoxhunt.com
  • app.hoxhunt.com
  • auth.hoxhunt.com

 

Exempt Hoxhunt from Cloud apps authentication

https://help.zscaler.com/zia/exempting-urls-cloud-apps-authentication

Exempt Hoxhunt from SSL inspection

https://help.zscaler.com/zia/skipping-inspection-traffic-specific-urls-or-cloud-apps
 

Create a Custom URL Category

Your Hoxhunt Onboarding Manager will provide you with the up to date list of lookalike and training domains used in the Hoxhunt training. 

Once you have received the list of domains:

  1. Go to Zscaler Cloud Portal - URL Categories
    (or navigate to Zscaler Cloud Portal > Administration > URL categories)

  2. Click on the pencil icon to edit your allowlist.

  3. Copy and paste the entire list of Hoxhunt training domains to “Add items” in URLs Retaining Parent Category.
    (TIP: You can use ".domain.com" syntax to ensure that subdomains are also allowlisted)

  4. Click Save.

  5. Select Activation > Activate.

 

Security Exceptions

You need to add the same list of domains (provided by Hoxhunt Onboarding Manager) to the Security Exceptions, otherwise malware scanning might affect the user's access to the fail links. For example, they might see the following error:

ERR_SSL_PROTOCOL_ERROR


The security exceptions can be found through the path below in Zscaler Cloud Portal:

Policy > Malware Protection > Security Exceptions

 


For more information about Zscaler Allow/whitelisting:

https://help.zscaler.com/zia/adding-urls-allowlist

 

Was this article helpful?

4 out of 4 found this helpful

Have more questions? Submit a request