Netskope Help

Configure an Explicit Proxy

The appliance requires a connection to port 443 on config-<tenant hostname>.goskope.com and messenger-<tenant hostname>.goskope.com for management connectivity. If an explicit proxy is deployed in the network, and the port 443 traffic needs to be routed via a proxy, configure the proxy hostname and port.

Note

The domain names shown above and below apply to release 46 and higher. Using version 46 and later requires using the new domain names. For deployments on release 45 or lower, use config.goskope.com and messenger.goskope.com.

  1. To configure a proxy, enter these commands at the configuration prompt:

    set management-plane upstream-proxy-server hostname <hostname or IP-address>
    set management-plane upstream-proxy-server port <proxy-port-number>

    If the proxy is configured to intercept SSL traffic, then you need to allowlist the traffic to config-<tenant hostname>.goskope.com and messenger-<tenant hostname>.goskope.com.

    It is also important to note that KMIP Forwarder tunnels KMIP traffic using SSH, which requires direct connectivity to remotesvc-<tenant hostname>.goskope.com on port 22 and can't be proxied at this time.

    Note

    The domain name shown above applies to release 46 and higher. For deployments on release 45 or lower, use remotesvc.goskope.com.

  2. To save the proxy configuration, enter save at the configuration prompt.