Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Next Gen SWG
- bypassAppMgr Blocking UDP against Exception specif...
bypassAppMgr Blocking UDP against Exception specified IP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2023 07:03 PM
Hi,
Kindly advise me that we set "Exceptions" registration on certain IP,
and the bypass setting seems working on TCP request, but UDP ones are blocked as below.
[log said:]
- Labels:
-
SSL bypass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2023 10:28 AM
Hello @mochi. What port is this traffic on? Also, just to confirm, the exception you added was an IP based exception? If so, can you also ensure the "Treat like local IP" is checked on the steering configuration?
Sam Shiflett
Netskope Solution Architect - North America
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2023 02:39 AM
Hello @sshiflett
Thanks for your reply!
The port is 443 and I was add IP base exception (public IP address).
I'm afraid that I couldn't grasp why we need to check "Treat like local IP address" against public IP address based exception.
Do you think we should check it?
Appreciate your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2023 02:16 AM - edited 05-11-2023 02:16 AM
Hello,
I saw that behavior few weeks ago. It should only occur on UDP/443 (quic protocol). The client blocks those UDP/443 flows to avoid the client/app evading the security controls and inspection. Here Chrome should fall back to regular HTTPS TCP/443
Have a nice day
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2023 02:41 AM
Thanks @armeld !
Good point that I did not check if our Chrome was fall back to regular TCP 443 using.
I will check it!
Thanks again!!
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Communicating to Localhost in Private Access for ZTNA
- possible to DLP block PII sent via OneDrive or Gdrive app? in Data Loss Prevention (DLP)
- Patient Zero policy Realtime Policy has anyone actually done this? in Next Gen Secure Web Gateway (SWG)
- 2023 Israel-Hamas War: Understand your organization’s traffic bound for/from affected regions in Advanced Analytics Dashboard
- NPA Internet Access Issues in Private Access for ZTNA
-
NG-SWG
29 -
SWG
23 -
NSClient
19 -
DLP
12 -
netskope client
11 -
Next Gen SWG
11 -
NGSWG
8 -
android
6 -
SCIM
5 -
Client
5 -
Real-time Policy
4 -
URL List
4 -
cloud firewall
4 -
forward proxy
4 -
Threat Protection
4 -
SSL bypass
4 -
sso
4 -
Support Mobiles
4 -
CASB
4 -
GRE
4 -
IOS
4 -
Netskope Endpoint Client
4 -
cfw
3 -
users
3 -
policy
3 -
Google Idp
3 -
DLP Violation
3 -
malware
3 -
Provisionning
3 -
categories
3 -
Email DLP
3 -
IDP
3 -
Groups
3 -
skopeit
3 -
Netskope Agent
3 -
Certificate SSL
3 -
Decrypt SSL
3 -
Azure
2 -
ssl
2 -
Certificate Pinned
2 -
Advanced Analytics
2 -
traffic
2 -
inline
2 -
install
2 -
Netskope Client installation mechanism
2 -
Best Practices
2 -
ChromeOS
2 -
Directory Importer
2 -
steering
2 -
AWS
2 -
Linux
2 -
Cloud
2 -
Windows OS updates
2 -
IPSec Tunnels
2 -
ipsec
2 -
PAC file
2 -
User Group
2 -
Authentication
2 -
url filtering
2 -
Reverse Proxy
2 -
steer traffic
2 -
Admin
2 -
cloud exchange
2 -
okta
2 -
Access
2 -
Netskope
2 -
Apps
2 -
vpn
2 -
Azure AD
2 -
User Notification
2 -
Advance Analytics
2 -
Sync
2 -
MacOS
2 -
Chromebook
2 -
steering exception
2 -
slowness issue
2 -
communication between domain and application
1 -
data
1 -
Next Fen SWG
1 -
Dropbox
1 -
SSL-TLS
1 -
Automation
1 -
Instances APP Enterprise
1 -
NativeApp
1 -
application
1 -
no decryption
1 -
alerts
1 -
Profile
1 -
GitHub
1 -
certificate
1 -
TLS
1 -
ngrok
1 -
punycode
1 -
DNS Resolver
1 -
controls
1 -
google
1 -
Sanctioned apps
1 -
activities
1 -
Desktop Dropbox
1 -
Log
1 -
UPD errors and nsClientFLow
1 -
discord
1 -
Netskope REST API
1 -
AAD
1 -
interception
1 -
SASE
1 -
multi-user mode
1 -
logs
1 -
Download
1 -
Firewalls Local
1 -
GOSKOPE
1 -
Epic
1 -
Local admin
1 -
browser
1 -
WebSecurity
1 -
log data
1 -
Upload
1 -
traffic steering
1 -
SSL Decrypt Bypass
1 -
dashboards
1 -
Internet Access
1 -
block
1 -
CCL
1 -
Fail Close
1 -
EDM
1 -
flow
1 -
Internet next hop type
1 -
openai
1 -
googledocs
1 -
status
1 -
MIP
1 -
Cloud & Threat Challenges
1 -
Threat
1 -
endpoint
1 -
sensitivity
1 -
fundamentals
1 -
chatgpt
1 -
appdefinition
1 -
HTTP Header Profile
1 -
best practice
1 -
security posture check
1 -
Rest API
1 -
Report
1 -
instance
1 -
extension
1 -
url categorization
1 -
CTEP
1 -
AVD
1 -
Artificial Intelligence
1 -
NewEdge
1 -
zero touch
1 -
CCI
1 -
awareness
1 -
Upgrade
1 -
Default OfficeSuite policy
1 -
DaaS
1 -
explicit proxy over IPSec
1 -
ldap
1 -
SIEM Integration
1 -
Intune
1 -
Reports
1 -
Changes
1 -
OfficeSuite
1 -
Virtual Desktop
1 -
Office 365
1 -
AMP
1 -
domain
1 -
interoperability
1 -
Education
1 -
questions
1 -
Widgets
1 -
Config
1 -
No Decrypt
1 -
Evasive Phishing
1 -
file size
1 -
Enterprise Application
1 -
Config Update
1 -
Default Policy
1 -
AD
1 -
MFA
1 -
domain fronting
1 -
incremental update
1 -
Troubleshooting
1 -
Netskope Threat Labs
1 -
RBAC
1 -
Traffic Steer on Galaxy S8
1 -
PAC
1 -
Google chat
1 -
Whitelist
1 -
native definition
1 -
API
1 -
configuration
1 -
export
1 -
Explicit Proxy
1 -
Local Groups
1 -
App
1 -
Netskope Admin
1 -
Windows Server 2016
1 -
Guidelines
1 -
import
1 -
Block Page
1 -
SWG Login
1 -
Private App
1 -
APP instance
1 -
web
1 -
YouTube
1 -
client update
1 -
Custom Rule
1 -
entry
1 -
intel CPU
1 -
Remote Browser Isolation
1 -
Instances Corp
1 -
Whatsapp
1 -
licensing
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In