Hello good afternoon, as always thanks for the collaboration, your time and good vibes.
Reviewing the NPA topics, and validating to generate an NPA type policy, I don't see that it allows me to add a Netskope Threat Protection profile. For example if I have at NPA level, some SMB type access, for shared folders against some File server, Storage or NAS, via the corresponding UDP/TCP ports used by SMBv2 and SMBv3 and I add them as a NPA type APP, at that point Netskope performs or not the inspection of that traffic flow? Netskope Threat Protection for NPA does or does not perform inspection of NPA/Private access APPs.
@MetgatzNK - I spoke to Netskope Technical Account Manager on NPA limitations several times, they confirmed as now NPA does not support SSL Inspection which means it cannot decrypt traffic to perform deep scan so there is no DLP, and Threat Protection applied to private apps. But they also mentioned about a future road map which will support SSL inspection for Private apps.
So the NPA/ZTNA connections to the private apps, does not perform any type of SSL inspection, but for the protocols or connections that are not SSL, for example FTP, SMB, http-tcp:80, among others, does the Threat Protection module not perform any inspection of the traffic in case of any anomaly and/or threat?
So at no point do you perform any type of inspection with the Threat Protection modules? It only protects the endpoint connection, through the Netskope client and the NPA/ZTNA tunnels through the NPA/ZTNA Gateway and the Publishers through the SSL/TLS tunnels, but it does not perform any type of inspection?