Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- Private Access
- Use NPA with logical condition
Use NPA with logical condition
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2023 11:19 AM
Use NPA with logical condition Good afternoon everyone.
Can anyone tell me if there is any way to put a logical condition, example:
Is there a way to configure netskope to be a “second choice” connection type.
Example:
The user is in the company, on the internal network, I want the traffic not to go out through the NPA, but through our internal network.
Or, user is on VPN, I want traffic to go out through VPN instead of NPA.
Is it possible for him to identify this? Or will the priority always be the NPA?
- Labels:
-
netskope client
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2023 08:19 AM
Hi,
This is accomplished thanks to dynamic steering (https://docs.netskope.com/en/enabling-dynamic-steering.html#UUID-0b5b24f7-89f5-c959-2689-59309c90e77...)
You can, for instance define a DNS entry only resolvable from corp/vpn connectivity, and if this is resolved, then you can define which apps to steer or not steer in ZTNA.
Robin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2023 09:05 AM
Just be careful with on/off-prem configurations. On-prem steering exemptions happen at the proxy level, not client-side at this time. This has the potential for impact if you are running cloud services that use IP address as a means for access control.
For example, we have numerous applications that require coming from an office IP to work. If on-prem is enabled then those applications are still sent to the Netskope proxy (albeit exempted) but will come from a Netskope IP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2023 03:03 AM
Hi Bruna,
the most immediate solution is to have the NPA gateway (*.npa.goskope.com) blocked by the corporate firewall.
Nicola
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Detecting Super-Admin OAuth Tokens in Google Workspace with Netskope SSPM in Security Posture Management
- SSPM : Monitoring Salesforce Delegated Group settings with SSPM in Security Posture Management
- SSPM: Securing Google Workspace in Security Posture Management
- Internet Not working on a particular system (working for rest of the systems) in Next Gen Secure Web Gateway (SWG)
- Threat Hunting: Suspected Shell Traffic in Advanced Analytics in Advanced Analytics Dashboard
-
NPA
49 -
ztna
16 -
private access
14 -
publisher
9 -
Netskope Private Access
8 -
netskope client
6 -
Private App
5 -
NSClient
4 -
Private Apps
3 -
Browser Access
3 -
Zero Trust
3 -
Re-authentication for Private Apps
3 -
MacOS
3 -
SAML
2 -
Client
2 -
sso
2 -
okta
2 -
Private App Discovery
2 -
IPv6
2 -
client update
2 -
Authentication
2 -
ZTNA Next
2 -
clientless
2 -
VPN Replacement
2 -
browser
2 -
Terraform
2 -
AWS
2 -
DNS Resolver
2 -
Network Privete Access
2 -
multi tags for NPA apps
2 -
Best Practices
1 -
CIDR
1 -
Automation
1 -
Pre-login
1 -
NG-SWG
1 -
overlap
1 -
jumpcloud
1 -
CRL
1 -
Threat Protection
1 -
ipsec
1 -
CIDR Overlap
1 -
traffic steering
1 -
PreLogon Tunnel
1 -
best practice
1 -
User Group
1 -
IDP
1 -
Config Update
1 -
ps-tip
1 -
fleet
1 -
domain
1 -
tunnel
1 -
Real-time Policy
1 -
SCCM
1 -
App Discovery
1 -
Policy Hit Count
1 -
file size
1 -
Netskope Endpoint Client
1 -
Prelogon
1 -
PQDN
1 -
Support
1 -
Azure PaaS
1 -
FQDN
1 -
Chrome
1 -
Azure AD
1 -
jamf
1 -
configuration
1 -
EC2
1 -
VPN Client
1 -
update
1 -
Netskope Agent
1 -
Auto Scaling
1 -
same access
1 -
Reverse Proxy
1 -
Borderless SD-WAN
1 -
Home Office
1 -
Events
1 -
IPv4
1 -
Azure
1 -
Home Access
1 -
CASB
1 -
tags
1 -
APIv2
1 -
Preference VPN
1 -
DNS over TCP
1 -
vpn
1 -
install
1 -
SSL bypass
1 -
Preference NPA
1 -
multi-user mode
1 -
Script
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In