Hi everyone, happy Friday/weekend!
I just have a couple of things that I wanted to ask and get answers. I've searched the documentation and have found no information regarding my question, though I might have used incorrect keywords
1. If I am steering all web traffic to Netskope, what happens to web traffic that did not hit any policy ? Does Netskope have implicit deny?
2. If I have Realtime Threat Protection policy below,
what happens when a categorized site did not hit any severity? will it load the site or not?
I know these are basic questions and I appreciate you all for taking time in providing answers.
Thanks and have a great weekend!
Disclaimer: I'm new to netskope and these are my observations.
Q1 > Without SWG policies, traffic would be allowed with no action [just monitored]. NPA on other hand needs explicit allow.
Q2 > For threat profile if any of the severities [low/med/high] are not macheted, default action is to not do anything. This can be changed to alert if desired.
Alert: Inspects the session and performs deep analytics but no action is taken. It will generate an alert under the Alert tab. The alert action allows the traffic.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button belowSign In