I have a website URL port 443 configured for NPA due to Geo-restrictions. I have developers that need to access a US site. I have a Publisher in my data center in the US behind a gateway public IP of 168.xxx.xx.x. When my user hits the web URL, they get a 163.xxx.xx.x address. Should the NPA web URL use the local gateway address for egress traffic?
Solved
NPA Website URL Access IP Egress Traffic
Best answer by venkatesanek
If private app is configured with FQDNs of website properly, then traffic should be intercepted & tunneled via NPA and egress IP will be your datacenter public IP range.
Here in this case, the traffic looks to be steered via SWG tunnel of NS client, hence Netskope egress IP range(163.128.X.X) is used.
Kindly raise a support case with private app details and collect the NS client log bundle with inner pcap & outer pcap during replication.
This topic has been closed for replies.
If private app is configured with FQDNs of website properly, then traffic should be intercepted & tunneled via NPA and egress IP will be your datacenter public IP range.
Here in this case, the traffic looks to be steered via SWG tunnel of NS client, hence Netskope egress IP range(163.128.X.X) is used.
Kindly raise a support case with private app details and collect the NS client log bundle with inner pcap & outer pcap during replication.
Thanks for the update. I will raise a ticket.
I want to confirm if everything is configured properly, the NPA tunnel traffic should show the local gateway IP, not the (163.128.x.x). Is that correct?
I got it. Do I also need to add the website to a steering bypass so it does not steer traffic through SWG? I was always told NPA takes precedence over SWG.
Interesting. That is what I thought as well. However, the website configured in NPA continued to give me the 163.128.x.x. address until I added the URL to the steering bypass. I now get the local gateway egress IP. This is exactly what I needed.
This is resolved, however, is there a reason I had to bypass the site in the steering bypass?
Thanks.
This is now resolved.😀 I was able to get the NPA configuration working. Thanks again for your time.
Sign up
Already have an account? Login
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Login to the community
Sign in or register securely using Single Sign-On (SSO)
Employee Continue as Customer / Partner (Login or Create Account)Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.