Docy

Configure Netskope SMTP Proxy with Gmail

Configure Netskope SMTP Proxy with Gmail

When you configure Netskope SMTP Proxy with Gmail, all outgoing emails from Gmail are sent to Netskope SMTP Proxy for policy evaluation.

The configuration involves the following steps,

Configure the Gmail Server and the upstream MTA in the Netskope Tenant

  1. In the Netskope UI, go to Settings > Security Cloud Platform > SMTP.
  2. On the SMTP page, click the Google Gmail app.
  3. Under Google Gmail, click Edit.
  4. In the Edit Google Gmail Settings window:
    • Email Server Setting: Copy and enter this FQDN in Google Admin console to route emails through the Netskope Cloud. You will require this FQDN when configuring Netskope SMTP Proxy as a connector in the Google Admin console.
    • Domain: Enter and verify the Gmail domain you want to use for email processing. You can enter a domain, subdomain, or a wildcard domain (e.g., abc.com, cde.abc.com, and *.abc.com). To learn more about finding the Gmail domain in the Google Admin console see: Finding the Gmail domain in the Google Admin console.

      Caution

      Configure each of your MAIL FROM domains. If not, emails from the domain will be rejected.

    • Next Hop: Enter the IP address/FQDN as smtp-relay.gmail.com and the port as 587.

    Click +Add to add multiple domain entries. Select Set Tenant ID and Next Hop for Each Domain if you want to enter a unique next hope for each domain entry.

  5. Click Save.

Finding the Gmail Domain in the Google Admin Console

  1. Log into the Google Admin console and click the main menu google_admin_main_menu.png to view the left pane.
  2. Go to Account > Domains > Manage domains. You can see a list of domains you can use to configure Netskope SMTP proxy.
The Manage domains page in the Google Admin console.

Configure Netskope SMTP Proxy in Google admin center

  1. Log into the Google Admin console and click Apps > Google Workspace > Gmail.
  2. On the Settings for Gmail page, click Hosts to define the host that Gmail will use to connect to the Netskope SMTP Proxy.
  3. Under Hosts click Add Route.
  4. In the Add mail route dialog box, specify the host name and paste the Netskope domain name you copied from the Netskope tenant.
    gmail_add_host.png
  5. Click Test TLS connection to verify that the connection to the host was successful. Click Save.

Configure Content Compliance to send traffic from Gmail to Netskope

  1. On the Settings for Gmail page, click Advanced settings.
  2. On the General Settings page, go to the Compliance section.
  3. Mouseover Content compliance and click Add Another to add a new entry.
  4. In the Add setting dialog box, set the following:
    1. Under step 1, Email messages to affect, select Outbound.
    2. Under step 2, Add expressions that describe the content you want to search for in each message,
      1. Click Add to add a new expression and select Advanced content match.
      2. Under Location, select Full header and under Match type, select Not contains text.
      3. Enter the following content, x-netskope-inspected. Click Save.
    3. Under step 3, If the above expressions match, do the following, select Change route and select the Netskope host from the drop-down list.
      gmail_add_compliance_settings_1.png
    4. In the Encryption (onward delivery only) section of step 3, select Require secure transport (TLS).
    5. Click Show options and under step B. Account types to affect, select Users, Groups and, Unrecognized / Catch-all.
      gmail_add_compliance_setting_2.png
    6. Click Add Setting.
Share this Doc
In this topic ...