Netskope Client Overview
Netskope Client Overview
Netskope Client is a simple lightweight application that steers traffic from the end-user device to Netskope Cloud. It provides real-time visibility of the managed devices accessing the cloud and web from any location.
The Client uses Forward Proxy Steering mechanism where the Client creates an SSL tunnel from the end device and terminates it at the Netskope forward proxy in the Cloud. Tunnel carries traffic that is selected by the administrator as part of the steering configuration. All intermediate and root CA Certificates are installed in the system cert store during the Netskope Client installation to facilitate the SSL termination. The steering configuration in the Netskope admin console defines the apps and domains to be steered to the Netskope Cloud. This configuration is distributed to all the Clients and kept up-to-date on a regular basis.
If the Netskope Client is unable to establish a tunnel to the Gateway, it will Fail-Open. This means the Client cannot steer traffic for that duration and continue to attempt to establish the tunnel every 60 seconds.
Netskope Client extends its support for diverse operating systems such as:
- Chrome OS
To learn more, view Netskope Supported OS.
Windows and macOS support single and multi-user environments.
Benefits of deploying Netskope Client:
- Provide visibility to all users on and off premises.
- Provide visibility to all managed and unmanaged applications.
- Inspect browser and native application traffic.
Netskope Client (henceforth referred to as Client in this doc) can be deployed as:
- Installable App – On devices running Windows, macOS, and Android operating system the Client is installed as a lightweight non-intrusive application that steers traffic from the user’s device to the Netskope cloud. You can download the Client from the Download Netskope Client and Scripts page.
- Configuration Profile – On devices running the iOS operating system, the client is deployed as an On-Demand or a Per-App VPN configuration profile.
- Release Number – Netskope Client uses 4-place version number system, for example: 126.96.36.199. The individual digits represent
- Client Golden Release – Golden releases are available every 3-months and support backward compatibility up to two previous versions. To know more about Golden release and download installers, see this Netskope Client Downloads article.
Netskope supports the following options to deploy client on your device:
For the normal functioning of the client, a set of outbound domains and port 443 must be allowed in the user’s firewall or proxy. The client connects to the domain URL after the installation is complete. After the installation is complete:
- Client connects to addon-<tenant>.eu.goskope.com:443.
- Downloads the certificates (root, tenant-specific, and user certificates) and configuration files (nsbranding.json, nsconfig.json, nsdomain.json, nsbypass.json, nsexception.json).
Netskope Client Services
Netskope Client steers traffic to Netskope’s security solutions such as Netskope Private Access, Netskope Cloud Firewall, and so on.
Netskope Client for Netskope Private Access
Netskope Private Access recommends that the Netskope Client be installed on a Windows, Mac, Android, or Chrome OS device. The Client steers private access application traffic to private access gateways. An alternate method is to use Browser Access for Netskope Private Access. To learn more, view Deploy Client for NPA.
Netskope Client for Netskope Cloud Firewall
The Netskope client steers the traffic from the users’ device to the Netskope cloud based on certain rules and policies. HTTP(S) and non-HTTP(S) traffic is sent to Netskope gateway and based on traffic type, HTTP(S) traffic is forwarded to Netskope Proxy and non-HTTP(S) traffic is forwarded to Netskope Cloud Firewall. Netskope cloud performs policy enforcement, and the activity is displayed on the Netskope console in the cloud. To learn more, view Netskope Client in Cloud Firewall.
How it Works
A Steering Configuration is responsible for directing traffic from end-users to the Netskope Cloud. A Netskope tenant steers thousands of apps by default, but to ensure the correct traffic (cloud apps or all web traffic) is steered, modify the default steering configuration, or create a steering configuration; these configurations can be assigned to groups or Organizational Units (OUs) to allow granular steering within an organization.
Click here to read more about Steering Configuration.