Configure Blue Coat Encrypted TAP
Configure Blue Coat Encrypted TAP
Blue Coat configuration is extremely flexible and will accept this configuration even if the E-TAP license is not installed, but traffic will not be forwarded. This section is intended to help admins implement it in a way consistent with their exiting configuration, but is not prescriptive on how it should be configured.
Create a Category Object for Managed Apps
In order to create clean rules that identify traffic destined for cloud apps that will be managed with Netskope, it’s best to create a Category Object with all the relevant domain names and use it throughout the configuration steps.
This can be done in the Visual Policy Manager, under Configuration > Edit categories, and here is an example where we called them CloudApps.
The list of domains that your Netskope tenant instance is ready to handle can be downloaded from the Web User Interface, using the Export button on the Settings > Manage > Applications > Predefined page.
Create an Encrypted TAP Object for Managed Apps
In order to direct traffic into the TAP appliance, it is necessary to create an Encrypted Tap policy via the VPM, setting an unused Ethernet interface to perform the tap. This interface should be connected directly or via an Ethernet switch to the TAP interface of the N1000 or N5000 appliance:
- From the Management Console, on the Configuration tab, select Policy > Visual Policy Manager > Launch.
- On the VPM, from Policy, select Add SSL Access Layer, and provide a name as required.
- Highlight the added row, right click Action, and choose Set.
- On the Set Action Object window, click New…, and choose Enable encrypted tap.
- On the Add Encrypted Tap Object window, set the name, verify Enable encrypted tap is selected, and choose the tap Interface to use from the dropdown list.
- Click OK to close the windows, then Install Policy.
These instructions assume SSL interception has already been enabled. For more information, refer to: How Can I Tap Decrypted HTTPS Traffic?