A customer had the following queries :
1. List of IP / Domains to be whitelisted for incoming email : This would be the 2 IP's seen in Central along with specific domains if required.
2. List of IP / Destination FQDN to be whitelisted (in customers Web Proxy) in order for Training to properly load : Is 'app.phishthreat.com' the only one ?
3. List of workstation dependent pre-requisites - Does Flash need to be enabled or all training slides and videos are HTML5 based ?
Can you please confirm on questions 2. and 3. ?
2. The way our training links work is that the link in the email is the same as the sender domain, so the initial request will be to that domain, which will then redirect to app.phishthreat.com. I don't think our domains are likely to be filtered by a web proxy, but you can certainly whitelist all of the sending domains and app.phishthreat.com just to be safe.
3. We do not use any Flash. Everything is video or HTML5.
Let me know if you have any more questions.
Thanks for that Scott !
I do have another question. Following the above instructions will enable users to reach the initial landing page (attack domain website) and also get access to app.phishthreat.com.
However, in case if I use Video Training, the page links to Vimeo Player where we host the video content. (Example: player.vimeo.com/.../238466088)
Now this particular customer cannot whitelist the entire 'vimeo.com' domain. They are wondering if we maintain a list of URLs of videos hosted on Vimeo and if all these links can be shared ? I do understand that this will have to be a continuous process since we keep adding attack and training content regularly.
Can you please share the current list of Vimeo videos ? Do PM me if required.
(Suggestion - KB article with all active video links).
We are having the same issue. Was this ever resolved?