Skip to main content

Netskope Help

Known Issues In Release 99.0.0

Here is the list of known issues in this release.

Issue Number




DNS Security

Netskope's classification engine classifies TXT and ANY query responses as tunnels for some domains. There is no corresponding DNS profile rule to allow the same, hence these shows as blocked.  However it works for,, etc.


DNS Security

The number of hits for DNS policies in real-time protection page is not accurately reflecting the number of alerts generated for DNS traffic. No workaround is found for this issue.


Platform Services

Real-time Protection and SSL Decryption policies apply changes feature applies changes to profiles or template even though the admin does not have Apply permission.


Platform Services

The request to load pending differences modal time out when there are large number of of policies with pending differences.


Platform Services

When RBACv2 is enabled in Incidents > DLP > Details page new administrators created with rw privilege might not be able to see forensics information. A tenant admin should see the forensics details.


Platform Services

RBAC v2 custom role based admin is not listed in the Assign admin list on the Incident > DLP page.


Platform Services

Forward Proxy page should be set to View, for IPSec and GRE pages to work as expected with Manage privilege.


Platform Services

When a policy is moved from one group to another and reverted Pending Changes icon is displayed.


Platform Services

When an admin without permission to Real-time Protection Policy page edits the Policy Groupundefined policy group picker component is displayed.


Platform Services

QuarantineLegal Hold and Forensic under Predefined Role > Delegated Admin > Profiles has Manage privilege instead of Manage and Apply.


Platform Services

Pending Changes are not visible for Private and Email Outbound policy when role has network location scope.


Platform Services

Permission denied banner hides Add Dashboard side panel.


Remote Browser Isolation (RBI)

RBI does not disable Private Navigation when you disable the control in the RBI template. Therefore, cookies generated in isolation cannot be stored in the end user’s local browser.

The workaround is to create an RBI policy for a custom category with the URL "*".

Navigate to Policies > Profiles > Web > URL List tab > New URL List button


Navigate to Policies > Profiles > Web > Custom Categories tab > New Custom Category button


Navigate to Policies > Real-time Protection > New Policy dropdown > RBI Policy



Traffic Steering

When NS Client is used in an VMware Fusion environment, VMware Fusion forwards all DNS request by NAT, due to which DNS exceptions will fail. To workaround this, use DNS Security as an additional parameter in nat.conf.

Add the parameter below to "/Library/Application Support/VMware Fusion/vmnet8/nat.conf" and restart your Mac device.

prohibitHostLookup = 1


Netskope Private Access (NPA)

Netskope fixed an issue where API throws generic exceptions when invalid parameters are supplied to API Gateway.


Netskope Private Access (NPA)

Tag names are restricted to a limit of 30 characters in the UI, this issue will be fixed in the next release.


Netskope Private Access

Bulk delete operation through API Gateway is not supported. For this release, bulk delete is  supported only through the UI.


Netskope Secure Web Gateway (NG SWG)

When using the newly introduced HTTP headers to block WebDAV traffic, the Perform SNI (Server Name Indication) check option for Client Configuration causes the traffic to be bypassed at the client. This results in no blocks being applied to the WebDAV traffic. To mitigate this issue, disable the Perform SNI (Server Name Indication) check option until this issue is fixed.