CGNAT Address Support for Local DNS Resolution

CGNAT Address Support for Local DNS Resolution

When a private app is published via Netskope Private Access, the Netskope Client will resolve DNS to a synthetic IP address. This would be the case when Publisher DNS is disabled. With this new feature, Private Access now reserves the CGNAT address space 100.64.0.0/16 (was previously 191.x.x.x) for local DNS resolution. This feature is enabled by default on all new tenants created after release 101. For existing tenants, users should contact Support to enable this functionality.

Note

Any application using 100.64/16 IP space will cause a collision with NPA, so it is advised to turn off this feature.

Netskope suggests that you do not enable this functionality if the Client CPE or the Private Apps are assigned CGNAT IPs. When this functionality is enabled for an existing tenant, the Client needs to restart to begin operating with CGNAT. Until then, Clients will continue to work in the existing manner.

Share this Doc

CGNAT Address Support for Local DNS Resolution

Or copy link

In this topic ...