Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- SWG basic questions
SWG basic questions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-23-2022 02:49 PM
Hi everyone, happy Friday/weekend!
I just have a couple of things that I wanted to ask and get answers. I've searched the documentation and have found no information regarding my question, though I might have used incorrect keywords
1. If I am steering all web traffic to Netskope, what happens to web traffic that did not hit any policy ? Does Netskope have implicit deny?
2. If I have Realtime Threat Protection policy below,
- Source: Any
- Destination: Any Categorized web traffic
- Activities and Constraints: Upload and Download
- Profile and Action: Default Malware scan where all severities are just alerting with no Remediation Profile
what happens when a categorized site did not hit any severity? will it load the site or not?
I know these are basic questions and I appreciate you all for taking time in providing answers.
Thanks and have a great weekend!
- Labels:
-
SWG
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2022
05:19 AM
- last edited on
10-10-2022
10:03 AM
by
JulieB
Hi @karltek,
Disclaimer: I'm new to netskope and these are my observations.
Q1 > Without SWG policies, traffic would be allowed with no action [just monitored]. NPA on other hand needs explicit allow.
Q2 > For threat profile if any of the severities [low/med/high] are not macheted, default action is to not do anything. This can be changed to alert if desired.
Alert: Inspects the session and performs deep analytics but no action is taken. It will generate an alert under the Alert tab. The alert action allows the traffic.
ref > https://docs.netskope.com/en/inline-policies.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2022 06:01 AM - edited 09-26-2022 06:02 AM
- Siva's reponse is spot-on but I'll add a bit more context for the SWG traffic. There is a hidden implied rule at the end of the policy that is an effective "Accept". Looking at your traffic logs, you can identify these hits in events where the Policy Name is the null value. Additionally, when traffic hits this rule, several other fields tend to log with null values also. You can get around this by creating an explicit rule (you'll have to do All Categories, because it won't let you create a rule without any constraints) that replicates the action of the implied rule (accept).
- Here, I'll ask for a bit more clarification before lining up with the prior response. You state that you are malware scanning the upload/download, but you then ask about the site's severity. Are you referring to the CCI rating of the site rather than the scan of the file being transferred?
-Q.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Need specific group of users to use NPA features only and AZURE AD. in Private Access for ZTNA
- SSPM : Monitoring Salesforce Delegated Group settings with SSPM in Security Posture Management
- New User Behavior Analytics (UBA) Dashboard in Advanced Analytics Dashboard
- August Office Hours Recap in Advanced Analytics
- Visualize risk types by their impact/volume in Advanced Analytics Dashboard
-
NG-SWG
23 -
SWG
23 -
NSClient
17 -
DLP
12 -
Next Gen SWG
11 -
NGSWG
8 -
netskope client
7 -
android
6 -
Client
5 -
cloud firewall
4 -
forward proxy
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
SCIM
4 -
GRE
4 -
Netskope Endpoint Client
4 -
Real-time Policy
4 -
URL List
4 -
users
3 -
Google Idp
3 -
Threat Protection
3 -
policy
3 -
Provisionning
3 -
DLP Violation
3 -
malware
3 -
categories
3 -
IDP
3 -
IOS
3 -
Groups
3 -
CASB
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
skopeit
3 -
cfw
3 -
Azure
2 -
inline
2 -
install
2 -
Advanced Analytics
2 -
traffic
2 -
ChromeOS
2 -
Directory Importer
2 -
IPSec Tunnels
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
PAC file
2 -
AWS
2 -
Reverse Proxy
2 -
url filtering
2 -
Admin
2 -
ipsec
2 -
Authentication
2 -
okta
2 -
Apps
2 -
steer traffic
2 -
Email DLP
2 -
cloud exchange
2 -
Azure AD
2 -
Netskope
2 -
User Notification
2 -
Advance Analytics
2 -
web
2 -
Chromebook
2 -
slowness issue
2 -
MacOS
2 -
steering exception
2 -
Netskope Agent
2 -
ssl
2 -
Certificate Pinned
2 -
communication between domain and application
1 -
data
1 -
Profile
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
Epic
1 -
Netskope Client installation mechanism
1 -
status
1 -
no decryption
1 -
alerts
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
SSL Decrypt Bypass
1 -
dashboards
1 -
google
1 -
multi-user mode
1 -
log data
1 -
Upload
1 -
Internet next hop type
1 -
openai
1 -
googledocs
1 -
interception
1 -
SASE
1 -
WebSecurity
1 -
Best Practices
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
chatgpt
1 -
appdefinition
1 -
browser
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
Artificial Intelligence
1 -
ldap
1 -
steering
1 -
block
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
explicit proxy over IPSec
1 -
AMP
1 -
MIP
1 -
Rest API
1 -
Report
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
Office 365
1 -
Evasive Phishing
1 -
best practice
1 -
security posture check
1 -
Proxy
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Access
1 -
domain fronting
1 -
CCI
1 -
User Group
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
MFA
1 -
Whitelist
1 -
SIEM Integration
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
Google chat
1 -
Windows Server 2016
1 -
domain
1 -
interoperability
1 -
Education
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
App
1 -
Netskope Admin
1 -
YouTube
1 -
file size
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
Sync
1 -
APP instance
1 -
licensing
1 -
incremental update
1 -
vpn
1 -
Netskope Threat Labs
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
Instances Corp
1 -
debugging
1 -
controls
1 -
native definition
1 -
API
1 -
Guidelines
1 -
configuration
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances APP Enterprise
1 -
fiddler
1 -
AAD
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
punycode
1 -
Whatsapp
1 -
Local admin
1 -
client update
1 -
Next Fen SWG
1 -
Custom Rule
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
discord
1 -
NativeApp
1 -
Internet Access
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In