Cisco Umbrella with the Netskope Client

Create an Umbrella IP Bypass List in Netskope

Regardless of the Netskope steering method (CASB or NG-SWG) or OS (Windows or Mac), create a Network Location and add the below ranges to it. This prevents Netskope from intercepting the block page responses and the Intelligent Proxy redirect responses (if enabled in Umbrella), regardless of type (malware, malsite, content, etc) so those pages/redirects can be properly rendered.

  1. Go to Policies > Profiles > Network Location. Click New Network Location and select Single Object. Enter these addresses one at a time, and click the adjacent + icon to add each location:

    • 67.215.64.0/19

    • 146.112.0.0/16

    • 155.190.0.0/18

    • 185.60.84.0/22

    • 204.194.232.0/21

    • 208.67.216.0/21

    • 208.69.32.0/21

    When finished, the Network Location dialog should look like this:

    image1.png

    If so, click Next.

  2. Enter a name, and then click Save Network Location.

  3. Now create an exception. Go to Settings > Security Cloud Platform > Traffic Steering and select a Steering Configuration. Click Exceptions and then New Exception > Destination Locations.

    image2.png
  4. Select your Destination Location from the dropdown, enable the Treat like local IP Address option, and then click Save.