Skip to main content

Netskope Help

Firewall/Proxy Rules

The Netskope CE platform needs access to GitHub, Docker Hub, Netskope tenant, partners platforms and other 3rd-party platforms you wish to integrate with. Do evaluate network configurations like HTTP Proxy setup, Firewall rules, etc., to ensure the connectivity is available. The Netskope CE stack needs connectivity to these Public URLs.

For fetching third party plugins:

  • https://github.com

For fetching alerts and events from Netskope tenant:

  • https://*.goskope.com

For fetching web transactions from Netskope datalake:

  • https://*.googleapis.com

  • https://*.pubsublite.googleapis.com

  • Note: currently, Netskope web transaction logs are retrieved from http://us-west1-pubsublite.googleapis.com/ or http://europe-west3-pubsublite.googleapis.com/ However, these addresses are subject to change - thus the recommendation to use wildcards to ensure reachability

For reporting analytics to Netskope AWS service:

  • https://reporting.netskope.tech

For pulling docker images from Docker Hub (connectivity to additional hosts may be required since the docker images will be behind a CDN):

  • https://hub.docker.com

  • https://auth.docker.io

  • https://registry-1.docker.io

  • https://index.docker.io/

  • https://dseasb33srnrn.cloudfront.net/

  • https://production.cloudflare.docker.com/

If you are behind an HTTP or HTTPS proxy server, for example in corporate settings, you need to add the proxy configuration in the Docker systemd service file. Refer to https://docs.docker.com/config/daemon/systemd/#httphttps-proxy for details.

  • Netskope Log Shipper 1.0.0

    • https://*.goskope.com

  • Netskope WebTx 1.0.0

    • Connectivity to subscription path

  • ArcSight 1.1.1

    • Connectivity to ArcSight Server

  • AWS S3 1.0.0

    • https://*.s3.amazonaws.com/

  • Azure Cloud Storage 1.0.0

    • Connectivity to Azure Connection String

  • Azure Sentinel 1.0.0

    • https://*.ods.opinsights.azure.com/

  • Chronicle 1.3.1

    • https://malachiteingestion-pa.googleapis.com

  • Elastic 1.1.0

    • Connectivity to Elastic Server Address

  • Google Cloud SCC 1.0.1

    • https://securitycenter.googleapis.com/v1/organizations

    • https://cloudresourcemanager.googleapis.com/v1/projects

  • Google Cloud Storage 1.0.0

    • https://cloud.google.com/storage

  • Microsoft Defender for Cloud Apps 1.1.0

    • https://*/api/v1/discovery/upload_url/

  • LogRhythm 1.1.1

    • Connectivity to LogRhythm Server

  • QRadar 1.1.1

    • Connectivity to QRadar Server

  • Rapid7 1.1.1

    • Connectivity to Rapid7 Server

  • Syslog 1.1.1

    • Connectivity to SIEM Server

  • Netskope Ticket Orchestrator (ITSM) 1.0.0

    • https://*.goskope.com

  • Cloud Exchange 1.0.0

    • Connectivity to Netskope Cloud Exchange URL

  • JIRA ITSM 1.0.1

    • Connectivity to Jira Cloud Instance URL

  • Microsoft Teams 1.0.1

    • Connectivity to Webhook URL

  • Notifier 1.0.1

    • Connectivity to respective platform URL

  • ServiceNow 1.0.2

    • Connectivity to ServiceNow Instance URL

  • Netskope Threat Exchange 1.0.0

    • https://*.goskope.com

  • Carbon Black 1.0.4

    • https://defense.conferdeploy.net

  • CrowdStrike 1.0.0

    • https://api.crowdstrike.com

    • https://api.eu-1.crowdstrike.com

    • https://api.laggar.gcw.crowdstrike.com

    • https://api.laggar.gcw.crowdstrike.com

  • Cybereason 1.0.1

    • https://integration.cybereason.net:8443

  • Digital Shadows 1.0.1

    • https://api.searchlight.app/

  • GitHub DLP 1.0.0

    • https://api.github.com

  • Microsoft Defender for Cloud Apps 1.0.1

    • https://{url}/api/discovery_block_scripts/

  • Microsoft Defender for Endpoint 1.1.0

    • https://graph.microsoft.com/beta/security/tiIndicators

    • https://graph.microsoft.com/.default

    • https://login.microsoftonline.com/

  • Mimecast 1.0.0

    • https://us-api.mimecast.com/

  • Misp 1.0.0

    • Connectivity to MISP Base URL

  • Proofpoint 1.0.0

    • https://tap-api-v2.proofpoint.com

  • SentinelOne 1.1.0

    • Connectivity to management URL

  • ServiceNow Threat Intelligence Plugin 1.0.0

    • https://*.service-now.com

  • STIX/TAXII 2.0.0

    • Connectivity to Discovery URL

  • ThreatConnect 1.0.0

    • Connectivity to ThreatConnect Base URL

  • ThreatQ 1.0.2

    • Connectivity to ThreatQ URL

  • Netskope Risk Exchange 1.0.0

    • https://*goskope.com

    • Connectivity to SCIM URL

  • CrowdStrike CRE 1.0.0

    • https://api.crowdstrike.com

    • https://api.eu-1.crowdstrike.com

    • https://api.laggar.gcw.crowdstrike.com

    • https://api.laggar.gcw.crowdstrike.com

  • Google BeyondCorp 1.0.0

    • https://cloudidentity.googleapis.com/v1

  • Microsoft Azure AD 1.0.1

    • https://graph.microsoft.com/

  • Mimecast CRE 1.0.0

    • https://us-api.mimecast.com

  • Okta CRE 1.0.0

    • Connectivity to your okta domain

  • Proofpoint 1.0.0

    • Connectivity to Proofpoint URL

  • Security Advisor 1.0.0

    • https://www.securityadvisor.io