Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Private Access
- Re: NPA Internet Access Issues
NPA Internet Access Issues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-31-2023 03:15 PM
I'm doing a deploy of NPA across my environment and hitting a series of snags.
The issue seems to be related to my Mac users having issues with DNS resolution or pages loading failures. These are largely my SaaS based SSO apps but they can be anything. We are using Duo Security for MFA but that has been added as an exception. The problem is intermittent. Some users experience it all the time, I only experience it periodically though it used to be all the time for me too. All users are in the same Steering Configuration.
We are all using MacOS Ventura so this may be related to the bug from last year.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 10:00 AM
Finally solved it. We discovered that our current VPN client was causing TCP resets when it wasn't active, just installed. Turns out that version of AnyConnect had a known defect. Since we had not fully pushed NPA, we hadn't removed the client. I've also observed the issue with OpenVPN which we'll have to keep around to support other folks, Mac and Windows users. I'm working on how we can resolve that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2023 06:30 AM
@clnicholson ask your account SE to enable one of our controlled-access features for handling DoX. It has solved multiple NPA related issues relating to Mac's insistence on using DOH.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 10:00 AM
Finally solved it. We discovered that our current VPN client was causing TCP resets when it wasn't active, just installed. Turns out that version of AnyConnect had a known defect. Since we had not fully pushed NPA, we hadn't removed the client. I've also observed the issue with OpenVPN which we'll have to keep around to support other folks, Mac and Windows users. I'm working on how we can resolve that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 10:16 AM
@clnicholson glad to hear it. If you don't mind, what was the version of AnyConnect with the defect? Would be good to know in case anyone runs across it in the future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2023 10:20 AM
Version 4.10.04065. I've also just become aware that it's affecting OpenVPN clients. Support has a ticket for that.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- VPN and NPA Not Happy Together in Private Access for ZTNA
- Clientless access to private app in Private Access for ZTNA
- October Office Hours Recap in Advanced Analytics
- How to Capture HAR on Google Chrome in Next Gen Secure Web Gateway (SWG)
- Can enpoint's local admin be restricted from internet access through AAD integration? in Next Gen Secure Web Gateway (SWG)
-
NPA
50 -
ztna
16 -
private access
14 -
publisher
9 -
Netskope Private Access
8 -
netskope client
6 -
Private App
5 -
NSClient
4 -
Private Apps
3 -
Browser Access
3 -
Zero Trust
3 -
Re-authentication for Private Apps
3 -
MacOS
3 -
SAML
2 -
Client
2 -
sso
2 -
okta
2 -
Private App Discovery
2 -
IPv6
2 -
client update
2 -
Authentication
2 -
ZTNA Next
2 -
clientless
2 -
VPN Replacement
2 -
browser
2 -
Terraform
2 -
AWS
2 -
DNS Resolver
2 -
Network Privete Access
2 -
multi tags for NPA apps
2 -
Best Practices
1 -
CIDR
1 -
Automation
1 -
Pre-login
1 -
NG-SWG
1 -
overlap
1 -
jumpcloud
1 -
CRL
1 -
Threat Protection
1 -
ipsec
1 -
CIDR Overlap
1 -
traffic steering
1 -
PreLogon Tunnel
1 -
best practice
1 -
User Group
1 -
IDP
1 -
Config Update
1 -
ps-tip
1 -
fleet
1 -
domain
1 -
tunnel
1 -
Real-time Policy
1 -
SCCM
1 -
App Discovery
1 -
Policy Hit Count
1 -
file size
1 -
Netskope Endpoint Client
1 -
Prelogon
1 -
PQDN
1 -
Support
1 -
Azure PaaS
1 -
FQDN
1 -
Chrome
1 -
Azure AD
1 -
jamf
1 -
configuration
1 -
EC2
1 -
VPN Client
1 -
update
1 -
Netskope Agent
1 -
Auto Scaling
1 -
same access
1 -
Reverse Proxy
1 -
Borderless SD-WAN
1 -
Home Office
1 -
Events
1 -
IPv4
1 -
Azure
1 -
Home Access
1 -
Query
1 -
CASB
1 -
tags
1 -
APIv2
1 -
Preference VPN
1 -
DNS over TCP
1 -
vpn
1 -
install
1 -
SSL bypass
1 -
Preference NPA
1 -
multi-user mode
1 -
Script
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In