Netskope Web Security for Linux, CentOS, Ubuntu

  • 20 July 2021
  • 7 replies
  • 121 views

Badge +6

We have been using Netskope for 3 years now and the journey started off with the CASB product. Since beginning of this year we started using the SWG product as well and honestly it has helped us to reduce the web security risks.

 

Our environment has mostly Windows and Mac OS endpoints with around 100 devices running on Linux, CentOS or Ubuntu. With the current coverage from Netskope we are not able to ensure similar level of security for these devices.

 

Is there any plan for extending support for these platforms (Linux, CentOS, Ubuntu, etc.) going forward?


7 replies

Badge +3

Hello,

 

I am tottaly agree with that request.

At least if we could get source code.

 

Maybe with Darling that could be a work arround, i still not tried it for now Darling | (darlinghq.org).

 

Martin

Badge +2

Hello,

 

I use a WSL VM with sshuttle as a workaround. I look forward to the native netskope support for linux soon.

 

Sergio

Badge +7

Hello @kaustavbasu @martin @sergiojim,

 

While we do not have a native client for Linux, I have worked with multiple customers to leverage our explicit proxy to successfully steer Linux workstation traffic to Netskope. You can find more information about the explicit proxy from the Support article below.

 

https://support.netskope.com/hc/en-us/articles/360052369733-Explicit-Proxy

 

Thanks,

-Matt

Badge +2

Hello, Matt,

Explicit Proxy allows access to private Apps through publishers or only works for Public Apps or websites?

 

Regards,

Badge +7

Hi @sergiojim,

 

Netskope Explicit Proxy functions similar to the Netskope client and other real-time steering methods for public cloud apps and websites. The private apps with publishers is our Netskope Private Access (NPA) zero-trust VPN feature, which does require the Netskope client at this time. 

Userlevel 3
Badge +13

There are couple of alternatives you have in lieu of client to steer Linux and other servers or even guest wifi traffic.

 

Eproxy over Internet. All SWG customers tenants come provisioned with an eproxy domain on port 8081 (Settings > Explicit Proxy)

 

IPSEC or GRE Tunnels to Netskope DC of your choice (with active standby failover to a backup DC)

 

Explicit Proxy over IPSEC / GRE what Netskope calls it as EPoT (Explicit Proxy over Tunnel). There is universal IP address that Netskope provides with this option over port 8080.

 

Note that I wouldn't mix Guest wifi and Server traffic together on same Tunnel if you have a flat non-segmented server network. i.e you want Decrypt Server traffic but not the guest wifi. Corresponding SSL Do Not Decrypt policy can then be created by source subnet.

Userlevel 4
Badge +14

I do want to add that Linux client is formally on Netskope roadmap, and Product Management is aware of this customer demand.  We will definitely be sharing the news once Linux client release gets closer to fruition. Stay tuned!

Reply