Skip to main content
Solved

New bee to Netskope

  • February 7, 2023
  • 10 replies
  • 155 views

Forum|alt.badge.img+5

Hi All,

We are new bee for netskope and started implementation recently.

If I may ask top 5 lessons learnt from some of the projects which we should watch out for a new implementation, that could give us good kick start.

 

Appreciate your help and looking forward for active participation in community.

Thanks

Brijesh

Best answer by freestlz

Each IPSEC tunnel only supports 10 sa - each subnet is two sa. one for port 80 and one for port 443

  • This was important because we couldn't gradually flip over subnet by subnet to the VPN tunnels, it had to be the entire /8 subnet at once.

For Azure SCIM importing, make sure email = UserPrincipalName and not mail field.

  • This will be helpful if you have AD users with third party emails or user without email filled.

Make sure Zoom and any voice traffic is bypassed from the Netskope client and IPSEC tunnels.

This topic has been closed for replies.

10 replies

agarcia
Netskope Employee
Forum|alt.badge.img+7
  • Netskope Employee
  • February 7, 2023

What products will you implement?  NGSWG? NPA? CASB? DLP? 


kvarshney
Forum|alt.badge.img+14
  • Explorer III
  • February 7, 2023

Forum|alt.badge.img+5
  • Author
  • New Member III
  • February 7, 2023

I should have mentioned that earlier, we are implementing NGSWG and NPA.


wilson
Forum|alt.badge.img+11
  • Explorer III
  • February 8, 2023

Regarding SWG - test and document your findings.

Netskope is rapidly expanding to new features to stay competitive in the industry.

Documenting your findings will ensure that when behavior changes you can exactly point out to Netskope.


wilson
Forum|alt.badge.img+11
  • Explorer III
  • February 8, 2023

If you haven't signed up for it, considering getting the top tier of their support, including a TAM.

SWG is intrinsic to your business, and you do not want to be an general support pool when things go haywire.

Remember their support model for speed of solution is if the problem is universal to them, not just something solely affecting you.  (ie, if you have something major not working, while you consider it imperative (and could escalate) their SLA is dependent upon the impact to ALL customers.


JulieB
Forum|alt.badge.img+15
  • Explorer III
  • February 13, 2023

Hey, @bpathak.

 

I just wanted to say hi and welcome you to the Netskope Community—I'm Julie and it's a joy to have you here.  This is a great question to ask the Community!  

 

To help you on your journey, I have a tip for you on using the Community...  make sure to subscribe to the forums that are important to you!  🌟

 


Forum|alt.badge.img+6
  • Explorer
  • Answer
  • March 10, 2023

Each IPSEC tunnel only supports 10 sa - each subnet is two sa. one for port 80 and one for port 443

  • This was important because we couldn't gradually flip over subnet by subnet to the VPN tunnels, it had to be the entire /8 subnet at once.

For Azure SCIM importing, make sure email = UserPrincipalName and not mail field.

  • This will be helpful if you have AD users with third party emails or user without email filled.

Make sure Zoom and any voice traffic is bypassed from the Netskope client and IPSEC tunnels.


Forum|alt.badge.img+5
  • Author
  • New Member III
  • March 13, 2023

Thanks much Julie


Forum|alt.badge.img+5
  • Author
  • New Member III
  • March 13, 2023

Thanks much


Forum|alt.badge.img+5
  • Author
  • New Member III
  • March 13, 2023

Thanks Much