Netskope Help

Exceptions

Navigate to Settings > Security Cloud Platform > Traffic Steering > Steering Configuration > Default tenant config > Exceptions tab to view the Exceptions list page.

Exception configurations are not a single global list for the entire account, they are part of each Steering Configuration workflow. Exceptions are configured by first selecting a steering configuration, and then clicking Exceptions, which enables you to specify the traffic you want to bypass the Netskope Cloud.

Steering configuration controls what kind of traffic gets steered to Netskope for real-time deep analysis and what kind of traffic gets bypassed. Admins can configure a set of firewall apps to bypass processing using the Exceptions feature.

When using exceptions, consider these factors:

  • In order to use this beta feature, you must configure the steering exception to steer all traffic.

  • Netskope Client will not steer traffic to the Netskope cloud for any apps in the exception list. However, the Netskope proxy and app-firewall can still receive traffic matching this exception list in the following scenarios:

    • when traffic is steered to the Netskope cloud through GRE or IPSec tunnels, or,

    • when the Netskope Client detects an upstream GRE/IPSec tunnel and goes dormant and does not process exceptions, or,

    • when the steering and exception configuration are updated in the Netskope UI and the new version takes too long to reach the Netskope Client but the Netskope proxy and app-firewall have the new version already.

To configure Exceptions:

  1. Select Default Tenant Configuration, and click Exceptions. You may see other steering configurations and exceptions but you must use the ‘Default Tenant Configuration’ which applies to all users and 'Application' (for exceptions). These are the two options applicable for beta.

  2. Select Application from the New Exception dropdown list.

  3. The Add Exception panel opens. The Exception type chosen is shown in the top dropdown list. 

    ExceptionAdd.png
  4. Select an application by entering text in the search field and selecting one of the options that appear in the dropdown list.

  5. For Applications, search for and select the applications to bypass. Available applications display in the list.

    The Action is to bypass the configured apps, sending all traffic straight to the destination.

  6. Optionally, you can add any notes to describe this exception.

  7. When finished, click Add.

The Exception you just created appears on the Exceptions list page. To show the exceptions on the page by type or last modified, use the Type dropdown list. Click the gear icon to further fine-tune the exceptions on the page (show / hide columns).

Bypass Network Events

By default Exceptions are not logged in SkopeIT Events. To see the bypassed traffic for Exceptions in SkopeIT, you need to enable this feature on the Steering Configuration page.

BypassTraffic.jpg

Click the pencil icon to view the Log Bypassed Traffic window. Enable the Log radio button and click Save.

LogTraffic.jpg

Navigate to SkopeIT > Network Events to view your bypassed applications.

BypassApps.jpg