I'm not familiar with Vagrant, but the description of the problem aligns to a common one with command line/developer tools with independent SSL Trusted Root CA stores. We have an article on remediating these tools, if it matches up as the root cause, then the Netskope Root CA will need to be installed where Vagrant can access it. Configuring SSL Inspection for Command-Line Tools
Hello @rohitutla1990,
The default behavior of the Netskope client is to steer selected traffic (specific apps or all web traffic) to anything not in the exceptions list. Since you are seeing the Netskope certificate that indicates that the client is intercepting and sending this traffic to the Netskope cloud. Many dev tools use their own certificate stores so they don't trust the system store which is where the Netskope certificate is installed by default so you have a few options:
1. Bypass the traffic from SSL inspection using the domains or process via a cert pinned application.
2. Install the Netskope certificate to Vagrant's certificate store. This allows for the Vagrant to trust the Netskope certificate. I found a few different guides on some sites around this:
https://stackoverflow.com/questions/45475023/configuring-vagrant-ca-certificates
https://superuser.com/questions/1122599/installing-vagrant-plugin-on-the-corporate-network
3. Bypass the process from being steered to Netskope entirely. This may be preferable as it appears Vagrant is a completely local development application so sending it to any proxy may cause issues but I'm not thoroughly familar with the app to say.
4. Bypass traffic to the loopback address. I'd say this is least preferable as it bypasses all traffic to the loopback address from any process.
This traffic should be showing in the nsdebuglog unless the Log Level is set to critical or error. Info level should show the steering and you should see a line similar to:
Tunneling flow from addr: 192.168.1.84:54651, process: processname.app to host: domain.com, addr: 127.0.0.1:443 to nsProxy
Depending on how the Vagrant app works then your best option may be to bypass the traffic entirely from Netskope if it all needs to stay on the local machine.