Currently, Netskope identifies certain IP addresses as malicious based on threat intelligence; however, due to the absence of SNI inspection, traffic to these IPs is sometimes allowed to pass through. This behavior results in an inconsistent security posture because malicious IPs should be blocked unconditionally to minimize risk.
We kindly request a feature enhancement to ensure that any traffic destined for an IP flagged as malicious is blocked unconditionally, regardless of whether SNI visibility is available or not.
This improvement would strengthen the security logic by guaranteeing that malicious IPs never bypass protection simply because SNI information is missing or cannot be inspected.
Impact:
-
Prevents risky connections to known malicious IP addresses even when SNI cannot be inspected
-
Aligns enforcement with expected security best practices
-
Minimizes potential attack vectors and reduces security gaps
You previously advised us to enable the backend flag “Block Single Destination IP with URL List and Control No-SNI Traffic”; however, we are unable to do so because our customer is a bank, and enabling it risks blocking legitimate production traffic or causing unwanted blocks in critical environments.
Thank you for considering this enhancement.
