+3Hello, I need to enable the traffic of print queues from a pc client (with netskope client installed) to network printers in the headquarter(already installed with local IP on pc client), can you help me to create a NPA policy?
What are the steps to follow?
Is there a guide/best practies somewhere?
Thank you very much
Best answer by jrun16
If I understand your request, you’re trying to connect a user device (Netskope client installed) to printers in another location. If that’s correct, we have policies for that very same config. Here’s what we did to help define the ports. The below assumes you have a publisher in the HQ and that publisher has line of sight to all printers.
We created an NPA private application with a list of printer IP addresses. If all printers are on a segmented network, you could also use an IP range. Just be sure that the segmented network is locked down so that non-printer devices can’t join. Then we opened up all ports for both TCP and UDP to the printer IPs. We then assigned a RTP to a handful of testers and told them to test print. As they tested, we reviewed the traffic to those printers via SkopeIT. We determined which ports/protocols were used/needed and then locked down the private application so that it was only using those ports/protocols. Tested again, verified everything worked as expected and then we open the RTP up to all users that needed it.
For Example (Not the actual hosts, ports or protocols)
Discover App Definition:
Production App Definition:
If I understand your request, you’re trying to connect a user device (Netskope client installed) to printers in another location. If that’s correct, we have policies for that very same config. Here’s what we did to help define the ports. The below assumes you have a publisher in the HQ and that publisher has line of sight to all printers.
We created an NPA private application with a list of printer IP addresses. If all printers are on a segmented network, you could also use an IP range. Just be sure that the segmented network is locked down so that non-printer devices can’t join. Then we opened up all ports for both TCP and UDP to the printer IPs. We then assigned a RTP to a handful of testers and told them to test print. As they tested, we reviewed the traffic to those printers via SkopeIT. We determined which ports/protocols were used/needed and then locked down the private application so that it was only using those ports/protocols. Tested again, verified everything worked as expected and then we open the RTP up to all users that needed it.
For Example (Not the actual hosts, ports or protocols)
Discover App Definition:
Production App Definition:
+3With your suggestions I found the missing ports and now I can print everywhere! Thank you so much and have a great day! 🚀
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
