Cisco Umbrella with the Netskope Client

Enable the Perform Server Name Indication (SNI) Check in Netskope

Originally Ignore DNS Loopback was used to ensure there was no overlapping IP space when one IP was used by several applications. When this occurred, Netskope would map that IP to all of those applications, and policy could overlap. Now that the SNI check option exists for steering, this original method is no longer needed.

To ensure SNI checking is enabled:

  1. Go to Settings > Security Cloud Platform > Netskope Client > Devices and click Client Configurations (top right).

  2. Click on the existing tenant configuration. If there is more than one, click the one that will require Umbrella Roaming Client interop.

  3. Under Advanced, enable the Perform SNI (Server Name Indication) Check option:

    image3.png

This ensures the ability to check the SNI to ensure there is no confusion as to what server name is being seen, hence removing the concern around overlapping IPs.