Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1118
Views
0
Helpful
1
Replies

Whitelisting Content Filters

juselding
Level 1
Level 1

‎09-30-2019 12:23 PM - edited ‎09-30-2019 12:25 PM

I recently created a content filter to add a header on all external e-mail.  This was to prevent some people from replying to outside addresses that were clear phishing attempts.  This has worked somewhat, however management would like to whitelist certain external addresses from receiving this header, even though they are external.

 

Right now I am keying off of inbound vs outbound connections.  Inbound connections would go to the ESA Servers, then pass to Exchange.  All internal e-mail from user to user shouldn't hit the ESA and would not get the header.  The issue I am running into is how best to allow/whitelist these servers or addresses on this on the rule?

 

The majority of our filtering is handled via Sender Groups.  We have one main group where we add most of our whitelists via server IP's or domains.  However, I am wondering if these same groups can be used to whitelist a content filter, or if I need to add rules for "IP does not match" into the content filter?

 

Thanks for the help. 

Labels:
0 Helpful
1 Reply 1

ppreenja
Cisco Employee
Cisco Employee

‎10-01-2019 02:31 AM

Hello juselding,

If my understanding is correct then below two methods can be used for achieving your requirement:

1) Adding a new content filter above in order from the existing content filter. This new filter should contain the details of the incoming recipients or IP addresses (make use of a dictionary for the multiple entries) in the condition option and "Skip Remaining filters" in the action.
This is will skip the existing filter for adding the header.

2) Create a new incoming policy for external email and add the sender email-id details to be exempted from adding the header. After this, keep everything as default except in the content filter option where you need to customize it by removing the content filter adding the header information. Also, make sure to keep this new policy in the order above than any other policy.

Note: Make sure to commit the changes afterward in either scenario.

I hope this helps!

Cheers,
Pratham

0 Helpful
Customers Also Viewed These Support Documents