This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

Internal and External server same name

Go to solution
barrycuda72
New Contributor II

‎04-25-2023 11:27 AM

New user to Netskope so apologies if this has been answered.

I have an internal application with an Admin page that can be access via port 8383.

This application has a public address for client apps to communicate with when they are not in the building.  The Admin page is not available when you are using the External address.

Example:

Internal  App.Test.com  IP 192.1.1.1

External App.Test.com. IP 35.1.1.1

We configured this as a Private App, however the admin page does not work and from what I can tell from the logs Netskope is using the External address.  If I use the IP address instead of the FQDN internally it works.   Any thoughts?

Labels:
2 Solutions
Go to solution
qyost
Contributor III

‎04-25-2023 11:44 AM - edited ‎04-25-2023 11:49 AM

uuid-fbf09aa4-2cb6-e1ad-5f37-c7468df8777f.png

When defining your private app, there is an option to "Use Publisher DNS".   That should move the resolution to the internal DNS servers for you.

--
-Q.

View solution in original post

Go to solution
nduda
Contributor
In response to barrycuda72

‎04-28-2023 09:14 AM

You can accomplish this with a simple Real-time Protection Policy. “DNS over HTTPS” is an application in the list. Just create a policy to block it with no notification. In fact, I’m under the impression this is standard policy deployment for new customers by their SE’s now. 

View solution in original post

8 Replies 8
Go to solution
qyost
Contributor III

‎04-25-2023 11:44 AM - edited ‎04-25-2023 11:49 AM

uuid-fbf09aa4-2cb6-e1ad-5f37-c7468df8777f.png

When defining your private app, there is an option to "Use Publisher DNS".   That should move the resolution to the internal DNS servers for you.

--
-Q.
Go to solution
barrycuda72
New Contributor II

‎04-25-2023 12:00 PM

Dang that was an easy fix..  Thank you

Go to solution
qyost
Contributor III
In response to barrycuda72

‎04-25-2023 12:01 PM

Welcome to the community. 

--
-Q.
Go to solution
nduda
Contributor

‎04-25-2023 01:18 PM

But this should works without using the internal dns option. Netskope should be intercepting that fqdn. What we found is that blocking dns over https is usually the cause for this. We’ve deployed a simple utility policy in Netskope to do this and all our NPA fqdn intercepting works now. 

Go to solution
barrycuda72
New Contributor II

‎04-28-2023 09:11 AM

I have a follow up question.  On a different app we are seeing where the private app only works when we disable dns over https in the browser.   How would I do that in Netskope?

0 Likes
Go to solution
nduda
Contributor
In response to barrycuda72

‎04-28-2023 09:14 AM

You can accomplish this with a simple Real-time Protection Policy. “DNS over HTTPS” is an application in the list. Just create a policy to block it with no notification. In fact, I’m under the impression this is standard policy deployment for new customers by their SE’s now. 

Go to solution
barrycuda72
New Contributor II

‎04-28-2023 09:25 AM

That worked like a charm

Go to solution
Rohit_Bhaskar
Community Manager
Community Manager
In response to barrycuda72

‎04-28-2023 10:25 AM

Please mark the comments as a accepted solution for your question
Best Wishes
Rohit Bhaskar
0 Likes
Subscribe
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In