Netskope Community
10-18-2023 01:10 PM - edited 10-18-2023 01:12 PM
Hi Folks,
We have a few users that have real difficulty with reestablishing connectivity via netskope when their macs come out of sleep/hibernate. The common thread between them is that they are also using dongles with ethernet connections to the internet.
One fix that appears to help some users is turning off IPV6 ( changing to link-local) on any ethernet dongle that is attached.
Curious if others are seeing this issue.
Thanks!
10-18-2023 01:13 PM
What version are the NSAgents? We dealt with these issues but way back around R105/106. We had to do a global JAMF disable of IPv6 at one point.
10-18-2023 01:15 PM
Were using latest 109, this issue appeared to be a problem in 108 as well when we deployed NS in org.
10-18-2023 01:19 PM
Our org is predominantly Macintosh (thousands and thousands) and we haven't seen any of these issues since R105/106. Is anything in the logs?
10-18-2023 01:30 PM
Stuff like this:
2023/10/18 10:48:21.862277 stAgentNE p434 t53767 critical nsDNSProcessor.cpp:149 dnsProcessor Failed to get DNS resolver values
2023/10/18 10:48:21.993231 stAgentNE p434 t16007 info networkMonitor.cpp:358 networkMonitor New Network Change event received
2023/10/18 10:48:21.994177 stAgentNE p434 t16007 info networkMonitor.cpp:337 networkMonitor Best route interface new ip 0.0.0.0
Netskope support is blaming the dongles, but there are no issues with NS is disabled.
10-18-2023 01:39 PM
You don't happen to also use a VPN software like Global Protect/Any Connect do you?
10-18-2023 01:41 PM
We use a version of openVPN (Pritunl). But we have at least 2 users that don't use it and are still having same issue. The VPN client is bypassed per NS recommendations.
10-27-2023 12:05 PM
Why did you ask if they were using a VPN such as GlobalProtect/AnyConnect? Is there something that is conflicting between the two?
10-19-2023 02:51 PM
Curious, are you still actively shutting off ipv6 via JAMF on your fleet?
10-19-2023 09:29 PM
@mdmeow12123 am only disabling IPv6 on specific clients when DNS failures occur. It seems to only affect those clients using a public IPv6 address (starts with 2001:xxxx) and with some ISP's or some Android phone hotspots. For these reasons, we have not disabled IPv6 for everyone. Also, this was only reported for our Windows clients.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In