β05-11-2021 05:43 AM
So we have the agent deployed out to our widows and Macs in our environment. We have followed the Best practice guides for bypassing the VPN traffic with Netskope but we are still having issues connecting to the VPN on the Mac's. Anyone else run into this issue?
Solved! Go to Solution.
β05-11-2021 08:54 AM
@cmaulding the bug in Big Sur GP client is not address until 5.2.5. I have verified that on 5.2.5-66 things are running just fine.
β05-11-2021 06:01 AM
@cmaulding To confirm, when you have the Netskope Client enabled, your VPN will not connect to its intended destination? Can you share what type of VPN and also, are you using the Client for Netskope Private Access or CASB/SWG or both?
β05-11-2021 07:08 AM
Hey Bob that is correct. We are using the PaloAlto Global protect, and we are using it for SWG/CASB and NPA. Currently. We have the agent on Windows Machine with the global Protect VPN and those were just fine. It is only the Mac's that do not work.
β05-11-2021 08:19 AM
Hi @cmaulding are you running on Catalina? If so there is a PAN bug with Catalina and GlobalProtect, where split-tunneled domains/IPs are not functioning when running GlobalProtect 5.1 or 5.2.
You can read more on PAN's website: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBqECAW&lang=en_US%E2%80%A...
β05-11-2021 08:26 AM
Hey @bob
We are actually running on macOS 11.3.1 BigSur and having the same issue.
β05-11-2021 08:34 AM
@cmaulding feel free to send me a private message here and we can take a look at this together. Can you also please confirm the version of GP client you're running?
β05-11-2021 08:51 AM
@mkoyfman we are running GP 5.2.3-22 and I sent you an email per the private message. I appreciate your help.
β05-11-2021 08:54 AM
@cmaulding the bug in Big Sur GP client is not address until 5.2.5. I have verified that on 5.2.5-66 things are running just fine.
β05-11-2021 10:50 AM
@mkoyfman I have upgraded to the latest client version 5.2.6-87. Now I am able to get the VPN to connect but as soon as it does the Netskope agent goes Red. Disconnect the VPN and it comes back online. Would this have to do with the bypass configuration that I mentioned before?
β05-19-2021 08:45 AM
I have this same exact issue on Windows machines. The guidance for adding split tunneling via IP addresses have been done as well.
On Windows, we are experiencing the same exact issue where when we connect to VPN, the Netskope agent goes red and then a disconnect/reconnect fixes the issue for a period of time. It's very intermittent. I have a ticket opened with Netskope Support but no clear fix.
GP Version: 5.2.6
β05-19-2021 08:47 AM
@ddrake DM me the case number and I will take a look into what's going on there.
β05-19-2021 09:02 AM
We had this exact same issue. I had to add the addresses of our GlobalProtect gateways into a Network Location group. I then added that group as an exception in our Steering Configuration. After that, everything was stable.
β05-19-2021 10:18 AM
thanks for sharing, @jeremywc . @ddrake did you also read and follow this article? https://support.netskope.com/hc/en-us/articles/360023155053-Best-Practice-for-coexistence-of-Netskop...
This is what @jeremywc is talking about
β05-12-2021 06:27 AM
Also confirmed that 5.2.6.-87 works fine.
β06-11-2021 11:47 AM
Sorry @mkoyfman - I apparently don't get notifications on comments I make. I'll DM you the ticket number.
β08-10-2021 12:21 PM
Hey there @ddrake! Normally you would receive notifications on comments if you were the original conversation author, but in this case, if you are interested in a conversation you can subscribe to the RSS Feed to receive email updates on further comments.
Check out our resource on Subscribing to Community Boards & Labels, if you ever have any questions or need help please reach out to me directly!
Happy posting! π