Curious about how to make the leap to Zero Trust Connectivity?
Discover the limitations of traditional VPNs and learn how to migrate from VPN to ZTNA Next from a Netskope customer—Jeff Wehrman (@jwehrman), Sr. Staff Cybersecurity Engineer, at Dexcom in this webinar recap! The recording, slide deck and a summary of the Q&A can be found below:
Q: Netskope is not a total replacement for VPN, which means not supporting server to client flow. How can we overcome this?
A: You bring up an important point. Most ZTNAs do not support server-initiated but Netskope ZTNA Next supports both client and server-initiated flows.
Q: When within your office, is Netskope Private Access (NPA) engaged or does it go offline?
A: Short answer is it stays engaged. The Netskope Client, which steers user traffic, is always on whether in office or remote. It can be configured to steer that traffic to the Netskope Cloud or a local ZTNA Broker adjacent to your campus or branch office.
Q: How can I replace PulseSecure Web Access for external users that are not willing to install the Netskope Client?
A: For external users, NPA offers clientless web browser access to internal apps. By employing their existing web browser (enabled by NPA Browser Access), you don't have to install a client on endpoints.
Q: How does Netskope support both client and server-initiated flows? How do we set this up?
A: Netskope's ZTNA Next solution supports bidirectional traffic flows by providing L3 and L7 connections to client and server-initiated apps.
Q: When using on-prem detection, is the client smart enough to know the difference of truly being on prem vs it coming from the pub / stub address?
A: Yes, the client has on-premise detection based on the ability to detect local DNS or HTTP address.
Q: What is the best practice to configure private apps, IP address or FQDN?
A: It depends on the app, but FQDN will hide the IP address which is better for most scenarios.
Q: Can you connect between applications or do you have to connect one at a time?
A: You can absolutely connect to multiple private apps at the same time.
Q: NPA can substitute VPN for users, but can it substitute VPN site-to-site between organizations?
A: Good question. NPA alone doesn't replace site-to-site VPN but our Borderless SD-WAN can. Learn more here.
Q: What is the user experience during a possible connection to an on-prem file server with resource explorer?
A: Netskope NPA supports all potential options for connecting to an on-premise file server with a resource explorer, whether that's a web interface via ports 80/443 or a Desktop Application. We can even support connectivity to this application via CLI if the relevant TCP/UDP ports are defined.
Q: Are you steering all traffic, all applications to Netskope or only select traffic?
A: Netskope steers thousands of apps by default, but to ensure the correct type of traffic is steered, you can modify the default steering config or create a new one. Additional details here.
Q: Where can I get the ebook?
A: The “The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement” ebook can be found here.
Do you have a question for our team on ZTNA Next? Reply in the comments to continue the discussion!