Netskope Help

Netskope IPSec with VeloCloud Orchestrator

VMware SD-WAN integrates with Netskope Netskope Secure Web Gateway to provide organizations with comprehensive cloud-enabled security in addition to optimized connectivity. VMware SD-WAN provides networking services by delivering high-performance, reliable branch access to cloud services, private data centers, and SaaS-based enterprise applications, while Netskope provides the complementary security services, such as a Next Gen SWG, a CASB with both API-enabled and real-time protections, and together they provide advanced data and threat protection for users, applications, and data. VMware SD-WAN Edges can be deployed as a physical appliance or a virtual machine at the customer site. These devices communicate via secure IPSec to the Netskope Security Cloud.

When accessing public clouds like AWS or Azure, or SaaS applications like Office 365 and Workday, the VMware SD-WAN Gateways handoff traffic to the Netskope Security Cloud, whereby granular security controls, plus advanced data and threat protection are applied. More specifically, this extends users’ virtual access to the New Edge global network infrastructure that serves as the network foundation for the Netskope Security Cloud and provides high-capacity, and low-latency access to cloud apps and websites for a highly performant user experience.

image1.jpg

Collectively, Netskope and VMware tightly integrate security and SD-WAN features delivering network optimization services (like acceleration, QoS, de-jitter) along with cloud-native, converged single-pass security controls (like CASB, SWG, DLP, ZTNA) to offer organizations with a highly-scalable, fast, and secure environment that protects users and data inside and outside the traditional corporate perimeter.

Overview of the Joint Solution

This guide provides instructions for configuring Netskope Secure Web Gateway and VeloCloud Orchestrator. The examples in this guide help explain how to provision a new service with Netskope and with VeloCloud.

The prerequisites to using this guide are:

Netskope Secure Web Gateway
  • An active Netskope tenant

  • Administrator login credentials

  • Ability to configure a real-time policy for web categories.

VeloCloud Orchestrator

Enterprise account access to VeloCloud Orchestrator Administrator login credentials.

Supported Integrations

VMware and Netskope have tested the following scenarios:

  • IKEv2-based NSD Tunnel from Gateway: Netskope POP for a Single tenant.

  • IKEv2-based NSD Tunnels from Gateway: Multiple tunnels for Multiple Tenants using the same Source (VCG IP) and Destination (Netskope POP-based on Strongswan 5.71) using FQDN.

  • Passing traffic from multiple tenants using the above IPSec tunnels and apply different Netskope policies to each tenant. Bring up the tunnels in a redundant fashion both from Velocloud and Netskope POP perspective, and test failover scenarios Test IKEv2 based NSD Tunnel from Edge to Netskope POP.