Netskope Client For Linux
Netskope Client for Linux
Netskope now inspects traffic from the devices with Linux operating system (OS) and provisions users similar to Windows and macOS. This document describes the steps to install the Client in a Linux device using CLI (Command-Line Interface), how to configure and steer traffic to the Netskope Cloud.
Note
Netskope Client for Linux now supports Netskope Private Access(NPA). Netskope Cloud Firewall (CFW) is not supported on the Linux Client.
Supported Versions
Refer to Netskope Client Supported OS and Platform to understand the supported versions for Linux.
Netskope Client Installation Methods
Refer to the following sections to install Netskope Client in Linux devices:
Manual Installation
Download Linux Client
Before you begin, download Netskope client installers from the Download Netskope Client and Scripts page.
Linux Client CLI
After you download Netskope Client to the end-user, you can refer to the following options to install the Client.
To learn more, view Windows Support for WSLv2.
Install Netskope Client In Linux Operating System
After you download the Netskope Client to the end-user device, perform the following steps to setup Client and connect to the Netskope Cloud:
- From your terminal, run the following command: sudo ./STAgent.run
- After the installation is complete, a pop-up is displayed to the user to enter the Netskope Tenant name and select the tenant domain. This information is shared with the user by their respective IT admin.
- Click Next to continue with enrollment. The user is redirected to their IdP login screen. Authentication status message is displayed in the browser.
- Once the user enrollment is complete, you can see the Client icon on the taskbar. Click the Client icon to view the configuration details.
Install And Enroll by Email ID
Use the following command to install and enroll using email ID: sudo ./STAgent.run -H <tenant hostname> -o <org key> -m <email address>.For example, sudo ./STAgent.run -H abc.goskope.com -o abc123xyz -m user@example.org
STAgent.run {-H | --tenant-hostname tenant_hostname} {-o | --orgkey orgKey} {-m | --email email_address} [-a | --enroll-auth-token enroll_authentication_token] [-e | --enroll-encrypt-token enroll_encryption_token] [-c | --cli] Options:-H --tenant-hostname: Tenant hostname -o --orgkey: org key -m --email: User email -a --enroll-auth-token: enroll authentication token -e --enroll-encrypt-token: enroll encryption token -c --cli: This is a flag for CLI only mode and no value When this argument is present, UI will not be installed
Note
All arguments mentioned within {} are mandatory.
Install And Enroll By UPN
Use the following command to install and enroll by UPN: sudo ./STAgent.run -H <tenant hostname> -o <org key>. For example, sudo ./STAgent.run -H abc.goskope.com -o abc123xyz.
STAgent.run {-H | --tenant-hostname Tenant_hostname} {-o | --orgkey orgKey} [-u | --upn UPN] [-a | --enroll-auth-token enroll_authentication_token] [-e | --enroll-encrypt-token enroll_encryption_token] [-c | --cli] Options:-u --upn: User UPN
Note
- All arguments mentioned within {} are mandatory.
- Use UPN name in the command line while using UPN for non AD joined devices.The Installer fails and quits if the UPN name is missing.
Install And Enroll By IDP
Use the following command to install and enroll by IDP: sudo ./STAgent.run -i | –idp.
STAgent.run {-i | --idp}
[-t | --tenantname tenant_name]
[-d | --domain tenant_domain]
Options:-i --idp: This is a flag with no value.
When this argument is present,installer will enroll by IDP. All other options will be skipped in IDP mode.
-t --tenantName: tenant name
-d --domain: tenant domain
Note
All arguments mentioned within {} are mandatory.
Uninstall Client
Use the command sudo /opt/netskope/stagent/uninstall.sh to uninstall Netskope Client in Linux.
Additional CLI Commands
Use the ‘help’ command to understand different instructions applicable to Netskope Client in a Linux device. For example:
- To enable Netskope Client in CLI and then to quit:
~$ nsclient start process.... ===== Netskope Client CLI, Version: 200.200.0.100 ===== Copyright(c) 2022 Netskope, Inc. All Rights Reserved. Please enter <help> for available commands. Netskope> enable Enabling Netskope Client... Netskope Client enable success. Netskope> quit
- To display Netskope Client Status
~$ nsclient start process.... ===== Netskope Client CLI, Version: 99.0.0.1090 ===== Copyright(c) 2022 Netskope, Inc. All Rights Reserved. Please enter <help> for available commands. Netskope> show-status Netskope Client enabled
- To display Netskope Client Configuration
Netskope> show-config Show configuration in progress... Netskope Client Configuration Gateway: gateway-qa.de.goskope.com Organization: Netskope Inc Gateway IP: 163.116.140.35, POP: US-SFO1 User Email: jjia@netskope.com Client Configuration: client_config1 Steering Configuration: jjia-mygroup2 Device Classification: unmanaged Tunnel Protocol: TLS Private Access: Connected (User Tunnel) Private Access Gateway IP: 163.116.138.23 On-Premises Check: Remote Traffic Steering Type: All Web Traffic Config Updated: 10:27:26, 1st Dec, 2022 configuration update avaliable.Pleasae use <update-config> command to update latest configuration
- To display the blocked events
Netskope> show-blocked-event Blocked Event: App Name: [opera], Last Access Time: Thu Dec 1 21:01:20 2022
- To update the client configuration
Netskope> update-config Update configuration in progress... startConfigUpdate->bNeedUpdate=1 configuration update avaliable. Please use <update-config> command to update latest configuration
Command | Description |
---|---|
–help | Usage for Netskope Client CLI. |
– enable | Netskope Client status. |
– disable | Disable Netskope Client. |
– show-status | Netskope Client status. |
– show-config | Display Netskope Client configuration. |
– update-config | Update Netskope Client configuration. |
– show-blocked-event | Display Netskope Client blocked event(s). |
– set-log-level | Reset Netskope Client log level, <debug|info|warning|error|critical> |
– save-logs | Save Netskope Client diagnostic information. |
– start-pkt | Start packet capture, <inner|outer> packet <inner len from 0 to 9999 byte|outer size from 0 to 99 MB> Please use the ‘stop-pkt’ command to exit. |
– stop-pkt | Stop packet capture. |
– start-speedtest | Start speed test, testing <download|upload> <1|10|100>MB file. |
– show-pa | Show Private Access status. |
Exception For Certificate Pinned Application
By adding applications as a Certificate Pinned Application exception, the traffic from such applications is bypassed by Netskope cloud. A pinned app stores the public certificate or key of its destination website and presents it to Netskope cloud. When contacting the destination website / server, Netskope cloud verifies the pinned certificate with the server certificate. If they are validated, Netskope cloud bypasses traffic from the pinned application. For more information, view Certificate Pinned Applications.