Skip to main content
  • EN

gy0cFkNIC5MgcBa0MzDCI3eF6srcO2zUOc_vl4sMDRvQu5_e43sHYJTYg4BDqVEY7k5ZiceLyygrcexmiW_RN-m_365RnDd195cMjjQ43lpoHRG1-W178RF0NSIek-nVFVDwOdrNXKqruiT7B2qepg

Netskope Global Technical Success (GTS)

Use-Case - How to block/bypass a predefined category, excluding a URL list from the category?

 

Netskope Cloud Version - 120

Objective

How to block/bypass a predefined category, excluding a URL list from the category?

 

Prerequisite

Netskope for Web/SWG license is required.

 

Context

Customers need to exclude specific URLs which are included in predefined categories.

 

Do you know?

Custom URL lists offer flexibility to supersede the predefined Netskope URL category mapping for a given URL and/or augment them by defining custom URL categories for situations in which the Netskope predefined URL category does not have a mapping for a URL (uncategorized).

 

Categories can be specified when you create Real-time Protection policies. Create custom categories to include predefined categories, plus include or exclude the URLs that you want to use for a Netskope Secure Web Gateway policy. To create a custom category, first add one or more URL lists, then add any predefined categories and URL lists to the custom category.

 

Use Case 1

Block Categories excluding a specific URL list with an RTP policy.

 

Configuration

For recreating the lab environment, we are taking.

CategoryGenerative AI, Education.

Domain

www.grammarly.com

  • Step 1 - Go the Web section.

Path: Netskope Tenant UI >>> Policies >>> Web >>> URL Lookup

At URL lookup we can find the predefined category/categories how a specific URL belongs, the Steering configuration and the policies where the URL is used.

 

A screenshot of a computerDescription automatically generated


 

Path: Netskope Tenant UI >>> Policies >>> Web >>> URL List >>> New URL List

 

5yJL3IuLiuZybYAjMO7Q8diaoXSHa9plTDZqDl0aFixlKxu6zmjls9Hn0qOmZrj9n9Wd6TTBMTPgFQ5UGvq4nOLReU6ouOAJ3x9u-nfjW23y90Vo0jDJ4KY-82LH61rXbPz0uEIBFEF_LB2vjzc5AA

 

Create a new URL List adding the URL/URLs to exclude using exact match and adding a wildcard as shown below -

A screenshot of a emailDescription automatically generated

 

Save and apply changes with notes.

 

Path: Netskope Tenant UI >>> Policies >>> Web >>>  Custom Categories >>> New Custom Category

Create a custom category adding the predefined category/categories where the URL we want to exclude belongs and add the URL list created before at the URL list (Excluded) section.

Save and apply changes with notes.

HZQfwhAJQ-xgfSTOcfyxvAW0eN31Lt1CveIvlEY4_In6OkhvJzNtVobnEDid1WDcPMvED9ByzOVKvQ6GKEyB-GJG-DLi-NPmUhsb9oBx8zsZ4dcIq1a8EZM4x2lQGNHQ6K0KtHtD8fPgJiFvVLEKOQ

 

A blue square with orange lettersDescription automatically generated

 

JzUZZFrufnVra6Crswc7W02nDU3pEoWh9xJ7REA7-TC9g-BuD5c_gOO4yxbq9vtb6ZgCZTkXu3yLVSnGJdp83Nck_eKDNSpXo2ZT9H9Zwp8CIqZf6wzYd0ZBnu0pBmuJPl34ikMUABTGYTijt7m8Dw



 

Note

  1. Every time a change is applied, It is recommended to include “NOTES” for tracking purposes. In the provided example, an internal Task number was added for efficient tracking.
  2. Special Characters are not allowed in the name sections.

 

  • Step 2 – Create a web category Policy.

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy >>> Web Access

Click at the Category section and select custom categories, select the category created before, set activity “browse” and action “Block”. 

Save and apply changes.

Ki0nMLC2KByYhcir97Iq2s4SWrEGyu7jqyyUHUCrtKQEAdO-nLLlcxZLehLXsBnC_ceehsiAjrDmshIUlBebKfxMDKKdZ4lXNhmlFLox_WeDRfgAuIKOACivcrRHA9Gsuqa9DIkJ9w6GyB_gNHGeGw

This policy blocks all the browsing from education category and generative AI, excluding Grammarly website.



 

Use Case 2

Bypass Categories excluding a specific URL List.

 

Configuration

For recreating the lab environment, we are taking.

CategoryGenerative AI, Education.

Domain - www.grammarly.com

  • Step 1 - Go to the Web section.

See Step 1 at Use Case 1

 

  • Step 2 – Create Bypass category Exception.

Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> Steering Configuration >>> Select the steering configuration you want to add the exclusion >>> Exceptions >>> New Exception >>> Category.

Select the custom category Created in the Step1

A screenshot of a computerDescription automatically generated

 

7ZtXIQv6Sq5X_dzDbWQ1Wmi2dX-Rju7AbMXp7ndR1pw2Ov7tVvfinovKarwLU7RS3nc3J7luTep3QZRBXBNYtX4m6KywgmeEQzODi175cK20yujiWaQ9KHf9N2hk06FBV25GeOE_hHiYchxn15qI0g

 

Author Comments

  • If the end goal is to bypass SSL decryption then It's recommended to implement an No-SSL Decryption policy rather than including the domain/category in the steering exceptions. Visibility is crucial, and utilizing steering exceptions would result in complete loss of it. With a No-SSL Decryption policy, we can ensure that transactions are effectively recorded.
  • If a website is not functioning properly when traffic is steered over Netskope, please contact the Netskope Customer Service team for assistance. It's important to avoid making any changes to steering exceptions and SSL decryption without recommendations from the Netskope Customer Service team.

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the default settings may be altered. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

 

Terms & ConditionsCookie settings