Ask the community

Mac OS Ethernet Dongles and Netskope

New Contributor III

Hi Folks,

We have a few users that have real difficulty with reestablishing connectivity via netskope when their macs come out of sleep/hibernate. The common thread between them is that they are also using dongles with ethernet connections to the internet. 

One fix that appears to help some users is turning off IPV6 ( changing to link-local) on any ethernet dongle that is attached. 

Curious if others are seeing this issue. 

9 Replies 9

What version are the NSAgents? We dealt with these issues but way back around R105/106. We had to do a global JAMF disable of IPv6 at one point.

New Contributor III

Were using latest 109, this issue appeared to be a problem in 108 as well when we deployed NS in org. 

Our org is predominantly Macintosh (thousands and thousands) and we haven't seen any of these issues since R105/106. Is anything in the logs?

New Contributor III

Stuff like this:
2023/10/18 10:48:21.862277 stAgentNE p434 t53767 critical nsDNSProcessor.cpp:149 dnsProcessor Failed to get DNS resolver values
2023/10/18 10:48:21.993231 stAgentNE p434 t16007 info networkMonitor.cpp:358 networkMonitor New Network Change event received
2023/10/18 10:48:21.994177 stAgentNE p434 t16007 info networkMonitor.cpp:337 networkMonitor Best route interface new ip

Netskope support is blaming the dongles, but there are no issues with NS is disabled. 

You don't happen to also use a VPN software like Global Protect/Any Connect do you?

New Contributor III

We use a version of openVPN (Pritunl). But we have at least 2 users that don't use it and are still having same issue.   The VPN client is bypassed per NS recommendations. 

New Contributor II

Why did you ask if they were using a VPN such as GlobalProtect/AnyConnect?  Is there something that is conflicting between the two?


New Contributor III

Curious, are you still actively shutting off ipv6 via JAMF on your fleet?

New Contributor III

@mdmeow12123 am only disabling IPv6 on specific clients when DNS failures occur. It seems to only affect those clients using a public IPv6 address (starts with 2001:xxxx) and with some ISP's or some Android phone hotspots. For these reasons, we have not disabled IPv6 for everyone. Also, this was only reported for our Windows clients. 

Top Liked Authors

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In