Skip to main content

Netskope Help

Cookie Surrogate

Netskope provides an option to create a real-time protection policy for unknown (unauthenticated or unidentified) users when the user identity is not available or received by the Netskope cloud. For example, a shared IP scenario like using a terminal server or multiple sessions with the same IP address.

This feature can help you ensure that lack of authentication does not lead to an unnecessary block of user traffic.

The following applies when configuring a policy for unauthenticated users:

  • Apply policies based on category or native app flows and apply actions based on the policy. However, User justification caching per app, MFA caching per app is not supported.

  • Apply policies based on the application name for native apps. In addition, app activity is supported.

To configure a policy for unauthenticated users:

  1. Create a Real-time Protection policy as usual. To learn more: Real-time Protection Policies

  2. When selecting a source, select the Unknown checkbox for User.

    Real-time-Protection-Policy-Unknown.png

    Optionally, you can also click + EXCLUSIONS and then select the Unknown checkbox to exclude the unknown user from the policy.

    Real-time-Protection-Policy-Unknown-Exclusions.png

    Note

    The + EXCLUSIONS feature is in Controlled GA. If you want to enable this feature, contact your sales team.

  3. Complete your other policy variable choices.

  4. Save your policy.

Skope IT Events

Skope IT Events user field displays "unknown" to reflect unknown traffic. 

cookie_surrogate_2.jpg

If this feature is not enabled, the user field displays "IP Address".

The Application Event Details shows "unknown" in the User field to reflect unknown traffic.

cookie_surrogate_3.jpg