Ask the community

CRL Checking with Pre-Login Tunnel

Curious
New Contributor II

Hi Everyone, 

Am wanting to enable CRL Checking of device certificate for Pre-Login tunnel. 

 

I want to ensure the CRL in the certificate of the connecting NPA client will be available for verification but I'm unsure of the source doing the verification. The docs are not detailed enough.

 

Where will the CRL Checking request originate? Will it be our management plane or the one of the many NPA Gateway's the client may connect to or some other component (eg. Stitcher)?

 

Thank you

1 Solution
sshiflett
Netskope
Netskope

@Curious,

 

Please see https://docs.netskope.com/en/netskope-help/data-security/netskope-private-access/private-access-faqs...

It is my understanding that the CRL request will originate from the management plane of your tenant.  The article above has a link to the support portal which provides the specific IP address(es) per management plane.  


Sam Shiflett
Netskope Solution Architect - North America

View solution in original post

2 Replies 2
sshiflett
Netskope
Netskope

@Curious,

 

Please see https://docs.netskope.com/en/netskope-help/data-security/netskope-private-access/private-access-faqs...

It is my understanding that the CRL request will originate from the management plane of your tenant.  The article above has a link to the support portal which provides the specific IP address(es) per management plane.  


Sam Shiflett
Netskope Solution Architect - North America
Curious
New Contributor II

Thanks @sshiflett those IP's listed in the KB you posted are making requests. Just the info I needed!

Subscribe

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In