Netskope Global Technical Success (GTS)

Enterprise Browser (EB) - Using EB with Netskope Client

Netskope Cloud Version - 124

Objective

Using EB with Netskope Client

Prerequisite

Netskope SWG and Enterprise Browser license is required

Context

• Configuration setting to use the NS Client and the Enterprise Browser
• The Netskope Enterprise Browser covers the following main use cases (v1.0)

1. BYOD: Corporate user using a personal device for secure corporate browsing
2. BYOD: Corporate user using a personal device to access a corporate SaaS app
3. Contractor on a Netskope Unmanaged Device (i.e. no Netskope client installed) 
4. Contractor on a Netskope Managed Device (managed e.g. client installed and enabled)

For the use case in which the NS Client is installed (Use Case 4) we have verified that both can work together pointing at the same / different tenant: 

• NS Client running  a configuration overlapping the one by the Enterprise Browser
  • NS Enterprise Browser connects to the back-end services on port 443.
  • NS Enterprise Browser uses a dedicated 8090 to steer the traffic to CEP
  • NS Client captures all the 80 and 443 (HTTP, HTTPS) flows by default. 
  • NS Client might run a configuration capturing “all the traffic” or non-standard ports (including those of the Enterprise Browser) 

• Solution: the system allows to set an exception to the NS Enterprise Browser as a Certificate Pinned App and bypass the traffic to the NS Enterprise Browser at NS Client level

Configuration setting to use the NS Client and the Enterprise Browser

• Although the main use case for the Enterprise Browse is unmanaged devices. Yes, both solutions can work together with the proper configuration. Please follow the next steps:

Path: Netskope Tenant UI >>> Settings >>> Configuration >>> Security Cloud Platform >>> Traffic Steering >>> Edit Configuration: “Bypass exception traffic at Client”

Path: Netskope Tenant UI >>> Settings >>> Configuration >>> Security Cloud Platform >>> Traffic Steering >>> App Definition >>> Certificate Pinned Application >>> New Certificate Pinned App

Complete the details as follows: 

Path: Netskope Tenant UI >>> Settings >>> Configuration >>> Security Cloud Platform >>> Steering Configuration >>> Default tenant config (or any config you want to apply it for) >>> Exceptions

Add a “New Exception”, selecting the pinned app created in the previous step.

Note - Repeat the same steps above for updater.exe including *.<MP>.goskope.com in Custom App Domains. Where MP depends on the location of your tenant.

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.