Skip to main content
Question

Threat protection Fallback action - do real time policies are still evaluated

  • November 27, 2025
  • 1 reply
  • 14 views
ludsfr
Netskope Partner

Hi folks,

do you know if when setting fallback action to alert, real time policies are still evaluated when a fallback action has been triggered?

Use case : you don’t want to block download when file size > 400Mo (max file size analyzed by TP)

1.You set fallback action to alert

2.You set a RTP allow_all_vip for a VIP group to be allowed to download and surf with no exception

3.You set a RTP block_dl_400 for all users to block download with constraints file size >400Mo AND specifics files types

Expected result 

  1. when download a file under 400Mo, TP is applied, all users can download.
  2. when download a file great than 400Mo, fallback action is applied, then RTP is applied regarding the user’s group

In Real life, when standard user try to download a file >400Mo, block_dl_400 is not applied, log indicate fallback action, so it seems that policies are not evaluated after fallback action.

Moreover it seems that Netskope tenant is setting MIME/TYPE as application/octet-stream whatever the original content-type return by server side.

1 reply

ludsfr
Netskope Partner
  • ludsfr
  • Author
  • Netskope Partner
  • November 27, 2025

I’m answering to myself, I confirm that it pass throught RTP, I made a mistake in my log analysis.

After fallback to “alert” it match the my block_dl_400 RTP Policie.

😌

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settingsAccessibility statement