Skip to main content
  • EN

AD_4nXcN_cDmM4rCZZbpUuPgjKKCbgm95jq4Qtr-FXlTisOFlsSspasqMIGjDv9d_erYBni9-8Dxi94eWDJlJOnjxxZGjZMEXrCwQhGqwOAGOhM4FGob5-NS2DYlc87DvSlhkUmy0pf2ig?key=pubQI6TE_K00T7sgShJCc8A-

Netskope Global Technical Success (GTS)

Understanding Netskope User License Utilization - SWG & NG-SWG

 

Netskope Cloud Version - 125

 

Objective

Gain a clearer understanding of Netskope user license consumption, specifically for SWG and NG-SWG licenses.

 

Prerequisite

SWG & NG-SWG

 

Context

This document is intended to help customers understand the Netskope user licensing model. It provides key insights into how user licensing works and guides customers on how to effectively track and manage their Netskope user license usage.

 

Details

Traffic Steering                                                                                                                                                        

(A.) SWG and NG-SWG customers can route their traffic to Netskope using several steering methods, including:

  • Netskope Client
  • GRE Tunnel
  • IPSec Tunnel
  • Explicit Proxy
  • Proxy Chaining and others

(B.) Netskope recommends using the Netskope Client as the preferred steering method due to its comprehensive visibility and user-level control.

(C.) In practice, the majority of customers commonly steer traffic using the Netskope Client. However, many also utilize network-based tunnels such as GRE and IPsec, depending on use cases like Server Traffic, IoT, Guest Access, and more.

(D.) With the Netskope Client, end-user identity is always visible. In contrast, with GRE and IPsec tunnels, user identity may be obscured if authentication mechanisms are not configured. In such cases, user identification becomes a challenge, as only private and public IP addresses are visible—making it difficult to determine the nature of the traffic, whether it's from a user, server, IoT device, guest access, or other sources.

 

Netskope Licenses (SKUs)                                                                                                                                    

Netskope offers a range of SKUs in the SWG and NG-SWG categories, tailored to support different types of traffic.

(A.) User License - Number of users at the customer's end. This traffic should be authenticated, meaning end-user identification—such as an email address—must be available.

(B.) Server/IoT License - Servers and IoT devices typically cannot authenticate, so the nature of their traffic is considered unauthenticated. As a result, consumption for these devices is calculated based on the volume of traffic they generate, rather than by user identity.

(C.) Guest Traffic - Installing the Netskope Client on guest machines is technically not feasible. As with servers and IoT devices, traffic from guest machines is treated as unauthenticated and is measured based on the volume of traffic generated.

 

Understanding User License Utilization

(A.) At Netskope, user licensing is based on a Trust Model. We trust our customers to procure licenses aligned with the actual number of users within their organization.

(B.) A single user accessing Netskope services through multiple official devices—such as a laptop, mobile phone, or tablet—with the Netskope Client installed will still consume only one user license.

(C.) User License Usage Calculation - User licenses are measured based on average consumption per quarter (every 3 months). For example:

  • January 2025 - 2,870 users
  • February 2025 - 2,850 users
  • March 2025 - 2,950 users

This results in an average quarterly consumption of approximately 2,850–2,900 user licenses. In such scenarios, we recommend procuring at least 3000 user licenses to ensure full coverage.

Note - We advise planning for future organizational growth over the next 3–4 quarters when estimating license requirements. 

It’s important to consider that some users might be temporarily inactive due to:

  • Business travel
  • Paid Time Off (PTO)
  • Maternity or parental leave

(D.) User License Usage Report

  • Option 1 - Skope IT

Path: Netskope Tenant UI >>> Skope IT >>> Users

  1. By applying the filter "Access Method: Client" you can view data related specifically to authenticated traffic. Removing this filter will display data for both authenticated and unauthenticated traffic.
  1. Note that unauthenticated traffic is categorized separately and may originate from sources such as servers, IoT devices, guest access, or other non-Netskope client machine, which are covered under a different SKU.

Reference

AD_4nXdrw6CNKRxql4PE7S-7sY-deapZhaqhVdgsBACmhuaaf3pQQAtskfsVzBClX4hZpcz6vYE7vkRIfgTASXAnGzukE2mXdTwoFWtTEjJsQUihLgdbex4WfXM3UbRMPgcay8mBfjLing?key=pubQI6TE_K00T7sgShJCc8A-

 

 

  • Option 2 - Advanced Analytics

Path: Netskope Tenant UI >>> Advanced Analytics >>> Netskope Library >>> Device Client Overview

Reference

AD_4nXdWopFjIErh6Wkg5SWip-l1ksmeym0mpYNJh_m_wm7a4dXbfzr-6yAmEgdCvpHsqwbHlm7RmWo9gG7_oyak8xHqqw17OC5qnNGZvmS7QUo1O9RpTMfWmx4UxSY7lKRVmGk3TAneUA?key=pubQI6TE_K00T7sgShJCc8A-

 

Author Notes

  • For confirmation or any questions regarding license utilization or SKU selection, it is recommended to contact your Netskope account team.
  • Netskope also leverages backend tools to monitor customers’ license utilization. If usage exceeds the licensed capacity, your assigned account team may proactively reach out to address the overutilization.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Be the first to reply!
Terms & ConditionsCookie settings