Enabling Cloud TAP in the Netskope UI

Enabling Cloud TAP in the Netskope UI

Once you have deployed the Cloud TAP stitcher, you can enable Cloud TAP in your Netskope tenant.

To enable Cloud TAP:

  1. Go to Settings > Security Cloud Platform > Cloud TAP.
  2. Under Cloud TAP Status, click to Enable or Disable the feature.
  3. For Traffic Storage Setup, provide the following for your cloud provider’s storage account:
    1. Select the Cloud Provider.
    2. Enter the following information for the bucket.

      Note

      You must also allow Netskope to have write access to the bucket.

      • For AWS, provide the bucket name, region, access key ID, and secret access key.
      • For GCP, provide the bucket name and upload the account credentials in JSON format. The maximum size allowed is 256 KB.
      • For Azure, provide the storage account name and the access key.
  4. For Traffic Filters, create filter rules that define the traffic that Cloud TAP copies. You can configure the following filters:

    Important

    Ensure to thoroughly configure all relevant traffic filters, so that the desired traffic is copied through Cloud TAP. If the filters are not specific enough, too much data can be copied to your object store (i.e., the cloud storage you configured) and increase the total storage size needed. Depending on the scale, this might also affect overall performance.

    • Source Subnet: Select the source IP addresses for the endpoints to which the rule applies. Go to Policies > Network Locations to specify these IPs.
    • Destination IP: Specify the destination IP for the endpoints to which the rule applies. Go to Policies > Network Locations to specify these IPs.
    • Protocols and Destination Ports: Specify the TCP connections to which the rule applies. You can add a single port, multiple ports, or a port range. If no TCP ports are specified, then all traffic from all TCP ports is copied to Cloud TAP.
    • Access Method: Select the access method configurations to which the rule applies. You can choose GRE, IPSec, or Client as your access method, including IPSec/GRE sites. When you select IPsec or GRE in the access method filter, only traffic from the specified tunnels is steered to Cloud TAP. If no access method is selected, then traffic on all tunnels and from all users will be copied to the object store.
    • User: This filter is only applicable if the access method is Client. Specify the users to which the rule applies. When a user is specified, only traffic from that user is steered to Cloud TAP.
    • Netskope POP: Select the Netskope NewEdge Data Center or POP to which the rule applies.
  5. Click Save.
Share this Doc

Enabling Cloud TAP in the Netskope UI

Or copy link

In this topic ...