Netskope Global Technical Success (GTS)

KB - How to Allow/bypass ICMP traffic to a specific IP with Cloud Firewall

Netskope Cloud Version - 119

Objective

How to bypass ICMP traffic to a specific IP with Cloud Firewall.

Prerequisite

Netskope for Cloud Firewall license is required.

Context

Customers need to allow ICMP traffic to specific Network Locations.

Netskope Cloud Firewall

This document guides you to configure a use case related to the Netskope cloud firewall. The Netskope cloud firewall controls your organizations’ outbound non-HTTP(S) traffic. However, if you intend to manage the HTTP(S) traffic (on port 80/443 and non-standard ports), you can refer to the Netskope Secure Web Gateway and Netskope Cloud Access Security Broker documentation.

Please refer the following link to expand the information: Netskope Cloud Firewall

Use Case 1

Allow ICMP traffic to a specific IP with Cloud Firewall with a RTP policy.

Configuration

• Step 1 - Create a Firewall App definition rule.

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> App definition >>> Cloud & Firewall Apps >>> New app definition rule >>> Select Firewall app

Add the destination IP needed to be reached with ICMP traffic, select the protocol= ICMP and assign a name to the app definition.

• Step 2 – Confirm all traffic steering config from the Steering configuration.

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> Steering configuration

Select the steering configuration where are the users you want to permit the traffic.

If the traffic is not set to all traffic click in the 3 dots and select and apply all traffic at cloud, web and firewall section.

• Step 3 –  Create an RTP policy to allow the traffic.

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy >>> Firewall 

Select the Application Created in step1 and set action allow

Click save and save changes.

Note - 

1. Every time a change is applied, It is recommended to include “NOTES” for tracking purposes.
2. Special Characters are not allowed in the policy name section.

Use Case 2

Bypass ICMP traffic to a specific IP with Cloud Firewall with a Steering Exception.

Configuration

Please follow steps 1 and 2 from Use Case 1.

Step 3 – Create Bypass Certificate Pinned Application Exception.

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> Steering Configuration

Select the steering configuration you want to apply the exception

Go to exceptions and Create a New Application Exception.

Select the application created at step 1 and click add.

This policy will bypass the ICMP traffic for the specific IPs configured.

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the default settings may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.