Netskope Help

Error Settings

Click Manage Error Settings on the Steering Configuration page to open the Error Settings dialog. Error settings are global. You can bypass or block traffic in the following error scenarios:

  • No SNI: Between the Netskope Client and the Netskope Cloud Proxy, when the Netskope Cloud Proxy cannot determine the SNI.

  • Malformed SSL: Between the Netskope Client and the Netskope Cloud Proxy, when the designated port is 443 but fails to parse the first packet in the SSL traffic.

  • CRL/OCSP Check: Between the Netskope Cloud Proxy and the internet server, when the server’s certificate is revoked. Netskope does SSL termination for this error and performs a deep packet inspection for CRL/OCSP Check Failed. Bypass option will only ignore mismatch and failures.

  • SSL Handshake Error: Between the Netskope Cloud Proxy and the internet server, when the SSL handshake fails.

  • Self-Signed Server Certificate: Between the Netskope Cloud Proxy and the internet server, when the server’s certificate is self-signed.

  • Incomplete Certificate Trust Chain: Between the Netskope Cloud Proxy and the internet server, when the server’s certificate chain is incomplete.

  • Untrusted Root Certificate: Between the Netskope Cloud Proxy and the internet server, when the server’s certificate is not trusted.

  • Malformed HTTP: Between the Netskope Client and the Netskope Cloud Proxy, when the HTTP request received by the Netskope Cloud Proxy is invalid.

  • SSL-Pinned Certificate: For the Netskope Client to bypass a certificate-pinned application.

  • SSL Host Mismatch: Between the Netskope Cloud Proxy and the internet server, when the domain name of the server doesn’t match the common name in a server’s certificate. Netskope does termination for this error and performs a deep packet inspection for SSL Host mismatch. Bypass option will only ignore mismatch and failures.

SteeringErrorSettings.png

Once error settings are configured, the steering configuration consumes this information and starts bypassing or blocking extranet services.

Note

Netskope does not perform SSL inspection for traffic that is bypassed based in the configuration here.