Netskope Global Technical Success (GTS)
Permit Authorized Webmail Instances While Restricting Access to All Un-authorized Webmail Platforms
Netskope Cloud Version - 123
Objective
This document is intended to describe several ways to create a policy to permit authorized webmail instances while restricting access to all unauthorized webmail platforms
Prerequisite
Netskope SWG/CASB Inline license is required
Context
Allowing only sanctioned webmail enhances security, prevents data leaks, reduces phishing risks, ensures compliance, and improves IT visibility and control.This document is meant to guide customers on their adoption journey to understand the steps for creating policy to achieve this use case.
Lab Recreate
- For demonstration purposes, we will consider “Google gmail” as a sanctioned webmail platform.
The document comprises of steps to -
- Allow logins to corporate instances of Google gmail
- Block logins to all non corporate Google gmail instances
- Block all other webmail platforms
Step 1 : Allow logins to corporate instance of Google gmail
Start with tagging corporate and non corporate instances of application. Use the document here as a reference : Link
Path: Netskope Tenant UI >>> Policies >>> Real time protection – New policy – Cloud App access
Step 2 : Block non corporate instances
Step 3 : Block all other webmail platforms
While blocking all other webmail platforms, it is essential to exclude URLs for Google gmail to ensure that while accessing corporate google gmail platform, the access is permitted.
Configuration steps are enlisted below -
Create a new URL list including google gmail URLs under
Path: Netskope Tenant UI >>> Policies >>> Profiles >>> URL List - - - New URL List
Create a New custom category under
Path: Netskope Tenant UI >>> Policies >>> Profiles >>> custom categories - - - New Categories
Create a new policy to block all other webmail platforms
The policy structure with all three policies will be as follows -
Verification
When you try to access, corporate google gmail, access will be permitted.If you try to access any unsanctioned webmail platform, you will receive the below notification -
You can customize the above notification using the steps specified here
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
What to Read Next? | |
| User Notification - User Alert for Non-Sanctioned Application | |
| Block Google gmail personal instance access | |
| Blocking emails destined to personal email accounts | |