Add the MA IP addresses to Google Workspace allowlists

You can use Google Workspace® to allowlist the Arctic Wolf Managed Security Awareness® (MA) program IP addresses and headers, and any applicable third-party IP addresses that are used during spam filtering. For example, a static IP address or a range of IP addresses that are assigned to you by your third-party provider.

  • Access to the Google Admin console with administrator permissions
  • Complete Add MA to email gateway and spam filtering.
  • Obtain the MA IP addresses to allowlist.

    To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.

  • If applicable, obtain the static IP addresses or range of IP addresses from your third-party provider.
Complete Configure browsers to autoplay MA sessions

Allowlist the MA IP addresses in Google Workspace

  1. Sign in to the Google Admin console.
  2. In the menu, click Apps > Google Workspace > Gmail.
  3. Click Spam, phishing and malware.
  4. In the navigation menu, select the domain for your organization.
  5. On the Spam, phishing and malware tab, do one of these actions:
    • Scroll to the Email allowlist setting.
    • In the search field, enter Email allowlist.
  6. In the Email Allow List field, enter the MA IP addresses.
  7. Click Save.
    Note:

    It can take up to 24 hours for your changes to take effect.

Add a custom spam filter for MA Phishing Simulation emails

  1. In the Google Admin console menu, click Apps > Google Workspace > Gmail.
  2. Click Spam, Phishing and Malware.
  3. In the Spam section, click Add a rule.

    The Add setting window opens.

  4. In the Required: enter a short description that will appear within the setting's summary field, enter a description for the rule.
  5. In the Options to bypass filters and warning banners section, complete these steps:
    1. Select the Bypass spam filters for internal senders checkbox.
    2. Select the Bypass spam filters and hide warnings from senders or domains in the selected lists checkbox.
    3. Click Create or edit list to add one or more allowed MA Phishing Simulation domains.

      The Manage address lists window opens.

  6. Click Add address list.
  7. In the Name field, enter Arctic Wolf MA Phishing Domains.
  8. Click Bulk add addresses.

    The Bulk add addresses window opens.

  9. Based on your preferred language, copy one of these phishing domain lists:
    Note:

    You might see MA subdomains in your environment. To allowlist these subdomains, contact your Arctic Wolf CST.

    • English
      SHELL 
      arcticwolf.com, arcticwolfawareness.com, automated-mailsender.com, corporate-alert.com, helpdesk-itsupport.com, humanresources-mailer.com, internal-humanresources.com, internalcorporate-mailer.com, itsupport-corporate.com, mail-donotreply.com, securityalert-corporate.com
    • Deutsch
      SHELL 
      arcticwolf.com, arcticwolfawareness.com, admin-hinweis.de, itsupport-mitarbeiter.de, mitarbeiter-helpdesk.de, unternehmenssicherheit-alarm.de
  10. In the Enter comma or space delimited email addresses or domain names field, paste the phishing domain list.
  11. Click Add, and then click Save.
    Note:

    It can take up to 24 hours for your changes to take effect.

  12. Optional: Contact security@arcticwolf.com or submit a ticket in the Arctic Wolf Portal to verify that the configuration is correct.