Excluding users from NPA

  • 28 June 2023
  • 3 replies

Badge +3

Hello all,


We are at the tail end of our Netskope deployment and having some hesitation with rolling out to one department. This department has users that work remote on company issued devices and have to complete an RDP connection to a device on-site. We've tested eliminating the need for the RDP connection with NPA, however the files they need to access are quite large (2GB +) and are located on an on-prem server. When they have used our VPN or NPA it can take upwards of 20 minutes just to pull down one file. We want to have our SWG policies apply to this group, but not have NPA active for them.


I've tested creating policies to block NPA access, but that creates an unnecessary amount of noise for the user. I'm hoping someone can point me in the direction of how to disable NPA for these users prior to deploying the agent.


Thanks for the help!

3 replies

Badge +10

Hi Sheldon, 


Good question! It's actually possible to have different steering configurations applied to AD Users and Groups.


You could try....

Creating a new Steering Configuration (tip: you can clone your existing one) 

Change the new Steering Configuration to steer Web Traffic but not NPA Traffic (see below)
Apply the new Steering Configuration only to the AD Group in question



Hope that helps!


Badge +3



Thanks for the feedback, in my initial testing (using myself as a guinea pig) this worked! I can't believe I spent months going over this and didn't explore a steering configuration. I'm going to move to testing with the department after the holiday. I'll update if there are any issues from this point.

Badge +10

Excellent. Hope it works out and enjoy the holiday!