Netskope Client Interoperability

Netskope Client Interoperability

By design, the Netskope Client establishes a tunnel to steer all configured (web and/or CASB) traffic to the Netskope cloud to perform all required security functions (example: DLP, threat protection, etc). To provide optimal performance, the Client must connect to the closest Netskope POP to steer traffic.

When third-party apps, for example, VPN clients are installed, they establish a full tunnel and steer all traffic from the user’s device to their enterprise security stack. In such a scenario, Netskope Client will tunnel over the VPN tunnel. This results in the following performance issues:

  • Traffic from the client is steered via a suboptimal path to connect to Netskope POP.
  • Since the third-party VPN client has no visibility into the Netskope tunnel, it offers no additional security value to the tunnel traffic.
  • The complete benefits of Netskope security features are not available to the customers.

Interoperability Validation

The best practices guide for various third-party applications ensures that the following Netskope features operate smoothly and as expected:

Netskope Client FeaturesUse case DescriptionThird-Party Applications
DeploymentAs part of deployment validation, the client was deployed on the same device that had third-party applications using an email invite.

To learn more about the different deployment methods, see Netskope Client Deployment Options.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance
Installation StatusPost-deployment, Netskope tenant WebUI received the Client installation status events from devices that had both Netskope Client and supported third-party applications.

To learn more about Client status, see Client Status.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance
Traffic SteeringA series of traffic steering tests were conducted to confirm that the Client was able to steer traffic without any conflicts from third-party apps installed in the same device.

To learn more about traffic steering, see Steering Configuration.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance
Log CollectionAs part of Client troubleshooting tasks, the log collection process was successfully executed from the tenant WebUI. Log files of the Client in a machine that was installed with the third-p party apps were successfully generated.

To learn more about Client logs, see Netskope Client Configuration.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance
Client UpgradeA client configuration with an upgrade option was able to upgrade the Client installed in devices with third-party apps.

To learn more about Client Configuration, see Netskope Client Configuration.

Client Enable/DisableThe tenant admin could enable or disable clients installed on devices that had third-party apps.VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance

Compatibility Matrix

This section list third-party software that is tested and qualified to work on the same devices with Netskope Client.

VPN Applications

Third-party VPN applications require steering configuration exceptions to ensure that the respective VPN application is able to reach their gateway. To learn more about creating VPN exceptions, see Exception Configuration for VPN Applications . For detailed instruction on configuration best practices in the third-party, click on the interop best practices link for your third-party app in the Notes column of the following table.

Application NameVersionPlatformNotes
Cisco AnyConnect4.3, 4.4, 4.5, 4.6, 4.8,4.9,4.10Windows and MacCisco AnyConnect
Palo Alto GlobalProtect4.1.0Windows and MacPalo Alto GlobalProtect
OpenVPN Cloud3.3.1.2222Windows Server 2016 DataCenterOpenVPN Cloud
Microsoft Always-On VPNWindows 10 Pro with OS build 19044.1586Windows Server 2019Microsoft Always-On VPN
FortiGate VPNFortiOS v7.2.0-b1157 (Server), 7.0.5.0238 (Client)Windows 10, macOS MontereyFortiGate VPN
PulseSecure VPN9.1R14 (build 16847) (Server), 9.1.14.13525 (Client)Widnows 10 and 11, macOS MontereyPulseSecure VPN

Anti Virus Applications

To ensure Netskope Client traffic operates smoothly, follow the instructions in Exceptions for Anti Virus Applications.

Application NameVersionPlatformNotes
McAfee Agent 5.0.5.658Windows and Mac
McAfee Virus Scan Enterprise 8.8.9000
Kaspersky Small Office Security17.0.0.611
Sophos Home 1.2.12Sophos
Avast Anti Virus Free 2018
McAfee End Point Security10.5.4MacMcAfee Endpoint Security
VMware Carbon Black3.8.0.398WindowsVMware Carbon Black
Symantec Endpoint Protection14.0.MP1 build 2332 (14.0.2332.0100)Windows 2016 Server DatacenterSymantec Endpoint Protection
CrowdStrike6.36.15005WindowsCrowdStrike
TrendMicro Maximum Security17.7.1243 – USOI202074.Q4EXPWindowsTrend Micro Maximum Security
Blackberry Cylance2.1.1574(Windows), 3.0.1000.511(macOS)Windows 10 and macOS MontereyBlackberry Cylance

Web Security Agent

Application NameVersionPlatformNotes
Cisco AnyConnect Web Security4.3, 4.4, 4.5Windows and MacCisco AnyConnect

Deployment Applications

You can mass deploy Netskope Client to Windows and Mac end-user devices using any of the following MDM (mobile device management) tools.

Application NameVersionPlatformNotes
Microsoft SCCM2008, 2012WindowsMicrosoft Endpoint Configuration Manager
Microsoft GPOWindowsMicrosoft Group Policy Object (GPO)
Microsoft Endpoint ManagerWindows and MacMicrosoft Intune
VMWare Workspace One9.3.0.7MacVMware Workspace ONEVMWare Workspace One
JAMF Pro10.13.1Windows and MacJAMF
KandjiMacKandji

Explicit Proxies

You can use any of the following proxy applications to steer traffic from any device to the Netskope Cloud. To learn more about how Netskope Client steers traffic via explicit proxies, see Netskope Client in an Explicit Proxy Environment .

Application NameVersionPlatformNotes
WebSense
BlueCoat
Squid3.5.12Windows 10Squid Proxy
Microsoft Forefront TMG Proxy2010 SP2
Share this Doc

Netskope Client Interoperability

Or copy link

In this topic ...