Skip to main content

                                                      AD_4nXcsTrD0yysdfiFl9WBnanJPe79JprCZ9z7F-PGCl_PAUMY1eXNEUt06e55szXx2KpzbqL8JRr_Esj6KSBEl90guf8zi9RUPcGtmQZ2bNa6guCL_BRVs4Jdf8nMlcsG3pIk1ylzzHA?key=AmS38N0PXSJ1laoCDR6p-8KQ

Netskope Global Technical Success (GTS)

Enterprise Browser (EB) - Using EB with Netskope Client

 

Netskope Cloud Version - 124

 

Objective

Using EB with Netskope Client

 

Prerequisite

Netskope SWG and Enterprise Browser license is required

 

Context

  • Configuration setting to use the NS Client and the Enterprise Browser
  • The Netskope Enterprise Browser covers the following main use cases (v1.0)
  1. BYOD: Corporate user using a personal device for secure corporate browsing
  2. BYOD: Corporate user using a personal device to access a corporate SaaS app
  3. Contractor on a Netskope Unmanaged Device (i.e. no Netskope client installed) 
  4. Contractor on a Netskope Managed Device (managed e.g. client installed and enabled)

 

For the use case in which the NS Client is installed (Use Case 4) we have verified that both can work together pointing at the same / different tenant: 

  • NS Client running  a configuration overlapping the one by the Enterprise Browser
    • NS Enterprise Browser connects to the back-end services on port 443.
    • NS Enterprise Browser uses a dedicated 8090 to steer the traffic to CEP
    • NS Client captures all the 80 and 443 (HTTP, HTTPS) flows by default. 
    • NS Client might run a configuration capturing “all the traffic” or non-standard ports (including those of the Enterprise Browser) 

 

  • Solution: the system allows to set an exception to the NS Enterprise Browser as a Certificate Pinned App and bypass the traffic to the NS Enterprise Browser at NS Client level

 

Configuration setting to use the NS Client and the Enterprise Browser

  • Although the main use case for the Enterprise Browse is unmanaged devices. Yes, both solutions can work together with the proper configuration. Please follow the next steps:

Path: Netskope Tenant UI >>> Settings >>> Configuration >>> Security Cloud Platform >>> Traffic Steering >>> Edit Configuration: “Bypass exception traffic at Client”

AD_4nXfk8Bm8fahi91huqWx-ja-iDPHUTuEGpgGnj93qPsH-WxvRtyDAAqpxd1JwS0Ku22imeevx5hXv-hB1Dek_-UQ-tzqKD5Dki813JqvlR-znkNdg5rA9iQgJM9yX-PgMaTqnOH_V-A?key=AmS38N0PXSJ1laoCDR6p-8KQ

 

Path: Netskope Tenant UI >>> Settings >>> Configuration >>> Security Cloud Platform >>> Traffic Steering >>> App Definition >>> Certificate Pinned Application >>> New Certificate Pinned App

AD_4nXfWmoS3vZCmrjSC7XXKOdICOgsDjjqXxRR7vCv2f4aXuOn90YEqcx1GpuBtsUYhd4pK0kbSZX3OixSYqRxiPzzW60dyhSKpVzJXyrdfxNJpuN4opCPJ6NJDUYcpM3jEtM_Sjovjew?key=AmS38N0PXSJ1laoCDR6p-8KQ

 

Complete the details as follows: 

AD_4nXencnx_Z71BRpPLhko3oCoWdGExrUP8CO1Xbglps8XUt2fXwhcB0k9yecsJgH_IvBi58AJgmODhhRQG03oRiX-QTNPH2xJJhf1TwjMkJ-K1AmyrGEazE7uHl2rqTeQKv5CmryvUnA?key=AmS38N0PXSJ1laoCDR6p-8KQ

 

Path: Netskope Tenant UI >>> Settings >>> Configuration >>> Security Cloud Platform >>> Steering Configuration >>> Default tenant config (or any config you want to apply it for) >>> Exceptions

Add a “New Exception”, selecting the pinned app created in the previous step.

AD_4nXe4RtTQYSoRWzEPzePCfUYiQj1InD7pJlpH_N-3VtVfpLePdNU4IX9wn1mMt3MCHXVzI8mmqQMn-S2fegsH8sEHtu4IU8AorkehAgal3rkNzT1mWi46nuwng-KcUW0ol_Eo9CwnIQ?key=AmS38N0PXSJ1laoCDR6p-8KQ

 

AD_4nXdBWCSQEfwxBAAk7terEIxdiELvpWw9ox5PJo4ruM6ZubnKWAuBinZCCoPLC807aaEi0I6ljo0ejofYECGdkETcB3MPsLPbjEPG7Nl50BqjRV00y0O-hZS4IaEFgHSEVZMaETU8Sg?key=AmS38N0PXSJ1laoCDR6p-8KQ

Note - Repeat the same steps above for updater.exe including *.<MP>.goskope.com in Custom App Domains. Where MP depends on the location of your tenant.

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.


 

Be the first to reply!