Microsoft Always-On VPN
Microsoft Always-On VPN
A Microsoft remote access solution that enables you to access local resources in your corporate network.
This document contains the best practices required in MS Always-On VPN Cloud and Netskope Client to ensure smooth interoperability.
Environment
- Netskope Client version: 93.0.1.944
- Server details: Windows Server 2019
- Client Machine: Windows 10 Pro with OS build 19044.1586
- MS Always-On VPN is set up in full tunnel mode
Specific configurations in MS Always-On and Netskope tenant web UI ensures processes or traffic from either of the applications are not blocked or directed to the Netskope Cloud.
Configurations In Netskope Client
When installing Netskope Client, configure exceptions in steering configurations to bypass traffic from the VPN client. To learn more about adding exceptions, see Adding Exceptions.
To add domain exception on the Netskope UI:
- Go to Settings > Security Cloud Platform > Steering Configuration and select a configuration.
- On the configuration page, click EXCEPTIONS > NEW EXCEPTION > Domains.
- In the New Exception window, go to the Exception Type section and enter the domains that you want to bypass.
- Click ADD.
Note
Add RAS and NPS server FQDN to domain exception.
Best Practices
Netskope recommends that you configure the VPN to bypass Netskope Client tunnels established to Netskope NewEdge Security Cloud. With this configuration, the Netskope Client can establish a direct connection to the Netskope Security Cloud by pinning it to a VPN tunnel. In this way, Netskope can:
- Provide optimal performance.
- Reduce on-premises bandwidth and hardware resource utilization.
To bypass the Netskope Cloud traffic, view Allowed IP Ranges.
Microsoft Always-On VPN validation
Ensure that the VPN traffic is going through the VPN tunnel.
Netskope Client Functions
Refer to the list of validated use cases that you can use to verify Client operations.
