1

nsconfig.json

contains various tenant-level configurations

• When Config version changes (polls for latest config)
• On-demand config update (from nsdiag or UI)
• User Login-Event (done to identify if we have config of a higher priority user group)

Yes (default is generated)

1. Download for the first time or new config version
   1. First Time: 10 Minutes interval (until success)
   2. Checks for new Config version in 5 Minutes (Fast Sync Mode) otherwise 60 minutes
   3. If new config version is Available then download in 3 to 10 Minutes interval (backoff logic)
2. On-Demand Config Download
3. New User Login
   1. To check the higher group priority case

nsdomain.json

Provides steering mode (CASB/Web) and along with domains to steer (CASB). Also has a config for dynamic steering

• When Config version changes (Client polls for latest config in config update interval)
• On-demand config update (from nsdiag or UI)

Yes

(V6) steering_config_2 and dynamic Steering
v1/steering/domains?orgkey=<orgkey>&userkey=<userkey>&os=<OS>

(V5) steering_config_2
steering/domains?orgkey=<orgkey>&userkey=<userkey>&os=<OS>

(V4)
v4/config/org/domains?orgkey=<orgkey>&userkey=<userkey>&os=<OS>

1. Download for the first time or new config version
   1. First Time: 10 Minutes interval (until success)
   2. Checks for new Config version in 5 Minutes (Fast Sync Mode) otherwise 60 minutes
   3. If new config version is Available then download in 3 to 10 Minutes interval (backoff logic)
2. On-Demand Config Download

nsbypass.json

Provides a list of cert-pinned apps that needs to be bypassed/blocked by the Client.

No

(V3) steering_config_2 and dynamic Steering
v1/steering/pinnedapps?orgkey=<orgKey>&userkey=<userKey>&os=<OS>

(V2) steering_config_2
steering/pinnedapps?orgkey=<orgKey>&userkey=<userKey>&os=<OS>

(V1)
config/org/getcertpinnedapplist?orgkey=<orgKey>&os=<OS>

nsexception.json

Provides a list of domains/subnets/IP addresses which needs to be bypassed by the Client

Yes

(V3) steering_config_2 and dynamic Steering
v1/steering/exceptions?orgkey=<orgKey>&userkey=<userKey>

(V2) steering_config_2
steering/exceptions?orgkey=<orgKey>&userkey=<userKey>

(V1)
config/getexceptionlist?orgkey=<orgKey>&hashkey=<userKey>

nstunnelpolicy.json

It provides a set of apps and domains which needs to be bypassed/blocked by the Client.

No

nsoverlap.json

Provides Steering decision for the scenario where different sass services get resolved to the same IP address.

No

nsdeviceid.json

Lists the rules need to be checked for the purpose of device classification (managed, unmanaged, unknown, unconfigured)

No

nsbypasscat.json

TBD

No

(V2) steering_config_2
steering/categories?orgkey=<orgKey>&userkey=<userKey>

(V1)
config/getbypasscategorylist?orgkey=<orgKey>&hashkey=<userKey>

certutil.json

Install the certificate in Firefox cert store

For each logged-in user, In case Firefox installation/Firefox update is detected the cert utils are downloaded (if already not downloaded) and certutil.json is created (having the firefox version)

No

1. User Login
   1. Firefox already installed
   2. Installation is detected (one-hour interval)

nsuserconfig.json

Use to identify multi-user deployment

Generated  locally during Netskope client installation

No (Yes in case of multi-user deployment)

nsbranding.json

This config is required to bootstrap the Client for each user. It uniquely identifies the user.

Downloaded (if already not present) on user-login or on force config update (from nsdiag or UI)

Yes

Activation Key: 

config/useractivationkey/getbranding?tenantid=<TenantID>&userkey=<Userkey>&activationkey=<activationkey>&os=<os>

Install Params:

api/v1/userconfig?token=<restToken>&email=<userEmail>&configtype=agent

IdP Enrollment:

config/user/getbrandingbyemail?orgkey=<org key>&email=<email-id>

User Login (UPN):

/config/user/getbrandingbyupn?orgkey=<orgKey>&upn=<username/UPN Hash>

One time - During Installation (Single user):

1. Activation Key
2. Install Params

Multiple Times based on Login Events (PerUser deployment or IdP deployment) :

1. IdP Enrollment
2. User Login (AD joined)

1. New User Login (Retry in 10 mins till success)
2. New Config Version
3. On-Demand Config Download

eventcache.json

Used as a cache to store client status events

This config file is locally created (i.e. not downloaded) on user login. But it is used to push cached client status later. 

No

v2/update/clientstatus

1. Push the client status every 5 minutes until all log-in user status is pushed successfully. 
2. Install event is tried to push in every 1 min until install event is pushed successfully. 

nsdeviceidstatus.json

Use to store the device classification status obtained from an addon (by post method)

Downloaded On user login if device classification rules are configured (see nsdeviceid.json above)

No

1. New User Login (Retry in 10 mins till success)
2. New Config Version
3. On-Demand Config Download

nsuser.conf

Use to maintain client-status and tunnel status

This file is locally generated but certain configuration parameters like admin-force-enable-client are fetched during user login or force-update config file. 

No.

v3/support/client/post