Netskope Community
02-07-2023 05:26 AM
With release R99 Netskope introduced a new feature “Periodic Validation on Device Classification” which is very important to enforce Zero Trust principles. Before that release, Device Classification of the client was only accomplished, when client service was started. With the new feature a validation interval can be configured for more frequent device posture checks.
Requirements:
The “Device Classification Profile” is a policy about a single or multiple checks, whether a device is compliant or not. This part of the configuration has not changed and will not be covered in detail in this post. Here is the link to public documentation.
For testing on Windows a simple profile can be created to check if “notepad.exe” is running (managed) or not (unmanaged).
If the feature is enabled in the Netskope tenant, a new UI option in the client configuration menu under “Settings - Security Cloud Platform - Devices - Client Configurations”. Under the first tab “Traffic Steering” there is a new checkbox “Periodic Validation on Device Classification”. When enabled the administrator can configure a validation interval between 5-120 minutes.
For testing the lowest value of 5 minutes is recommended. If the interval is set below 30 minutes a warning message about device performance is displayed.
For testing a simple block policy for the category “Cloud Storage” is used with the source attribute “Device Classifications = Unmanaged”:
First verify that the client configuration is up-to-date: Right click on the NSClient icon - Configuration. The new feature will also change the client configuration and therefore the client configuration should be updated.
With R99 there is also a new flag for “nsdiag.exe”. The flag “--check-dc” triggers the client to evaluate the device classification policy instantly. With that trick you do not have to wait until the re-evaluation is triggered by the validation interval. “nsdiag.exe” is located for
In addition I recommend monitoring the nsdebuglog.log for device classification status changes. Here are sample commands for the different platforms.
The device status is also instantly reflected in the UI under “Settings - Security Cloud Platform - Devices” in the details page of a device.
Demo Workflow for Windows:
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In