Palo Alto safelisting guide

If you’re using Palo Alto products within your organization, it is recommended that you safelist BullPhish ID within the system to make sure that the phishing and training invitation emails get delivered and the users can access all the landing pages.

The instructions below are for third-party software. If you run into issues with safelisting BullPhish ID in Palo Alto products, we recommend that you contact Palo Alto Networks for specific instructions. Please feel free to contact our support team whenever you need assistance.

If your organization uses Palo Alto WildFire, its URL scanning feature might falsely mark all phishing links as clicked. To prevent that, BullPhish ID needs to be safelisted. Please follow the vendor’s official documentation. Relevant email headers and IP addresses can be found in our Reference guide for deliverability.

DNS filtering

If your organization uses DNS filtering, you should safelist our domains to ensure users can access our landing pages. The vendor instructions can be found here. Relevant domain names can be found in our Reference guide for deliverability.

Streaming service filtering

If your organization disallows users from streaming video services, the training functionality can be impaired. To prevent that, Vimeo has to be explicitly unblocked:

  1. Create a custom URL category under Objects > Custom Objects > URL Category. Include all URLs provided by Vimeo.
  2. Go to Object > Security Profiles > URL Filtering, and change the action from NONE to ALLOW.
  3. Save the changes.

Further information can be found in the vendor’s documentation.

URL filtering

If your organization uses URL filtering, you should safelist our landing page URLs to ensure users can access them without issues:

  1. Create a custom URL category under Objects > Custom Objects > URL Category. Please include all the landing page URLs available in our Reference guide for deliverability.
  2. Go to Object > Security Profiles > URL Filtering, and change the action from NONE to ALLOW.
  3. Save the changes.

Further information can be found in the vendor’s documentation.

After completing the steps in this article, we recommend setting up a test phishing campaign for 1-2 users to ensure your safelisting was successful. As a last resource, we suggest you contact your service provider for help.