GRE & IPSec Tunnel Gateway – HTTP(S) Non-Standard Port Support

With cloud firewall support in GRE and IPSec gateway, there is a need to steer HTTP(S) traffic over the non-standard ports in addition to the HTTP(S) standard ports 80/443 to Netskope proxy for tenants who have opted for the cloud firewall service. The rest of the traffic from these tenants will continue to be steered to cloud firewall.

Since the gateway services operate at network layers L3 and L4, they are agnostic to other configuration attributes like user, group, domain that are part of the custom port configuration. So as part of non-standard port configuration, the gateways can only steer traffic based on the L4 port numbers for the TCP protocol. The other configuration like group, domain will be ignored.

In addition to the standard HTTP(S) ports, you can configure non-standard ports to steer HTTP(S) traffic to Netskope proxy for tenants who have opted for the cloud firewall service. To do so, follow the steps below:

Customers who opt for Netskope cloud firewall and use explicit proxy over GRE and IPSec tunnels should configure the explicit proxy IP and port information using the non-standard port configuration work-flow.

The gateway services will continue to steer traffic received from explicit proxy based on the explicit proxy port information available in the non-standard port configuration. The Netskope proxy will handle the non-standard port configuration for explicit proxy as appropriate.