Netskope Client and PAC files

If you have PAC files or WPAD deployed to user base here are recommended settings:

1. Following traffic needs to go via PAC

addon-<TENANT-NAME>.goskope.com

2. Following traffic needs to go DIRECT

gateway-<TENANT-NAME>.goskope.com

gateway-backup-<TENANT-NAME>.goskope.com

dns.google

3. Do not use Netskope consolidated IP ranges in the PAC file. If you add global range the "addon" traffic will also fall under that range.

Sample PAC file:

Here is a typical PAC file syntax. Check what's the ultimate "return" statement. The address "163.116.128.80:8080" in this PAC file is the Netskope Explicit Proxy over Tunnel IP address.

{

<snip>

..

/* Don't proxy to access to Netskope URLs for clients */

if (shExpMatch(host, 'gateway-<TENANT_NAME>.goskope.com'))

{ return 'DIRECT'; }

(repeat for the other domains in # 2 above)

<snip>

...

/* Use on-prem proxy unless client IP is in scope for cloud proxy */

/* if (isInNet(clientIP, '10.102.4.0', '255.255.255.0') */

/* || isInNet(clientIP, '10.102.16.0', '255.255.255.0') */

/* { return 'PROXY 163.116.128.80:8080; DIRECT';} */

/* When not handled above, use on-prem proxy */

return 'PROXY bcproxy.TENANT_NAME.com:80; DIRECT'; }

}

Contact your Bluecoat or PAC file administrator for the syntax in your version of the PAC file. Most PAC files have a If and

Page 1 / 1

Thanks for sharing with our Netskope community @MM_NS 😀

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded