Netskope Help

SELinux & FirewallD

The NPA Publisher is configured with SELinux enforcing mode, and firewalld enabled and running. During Publisher installation, the following firewalld configurations are made in order to enable the NPA Publisher to process data packets appropriately.

# Configure firewalld with an NPA specific zone that opens ports 784 and 785
firewall-cmd --reload
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" destination address="191.1.1.1/32" port protocol="tcp" port="784" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" destination address="191.1.1.1/32" port protocol="udp" port="785" accept'
firewall-cmd --reload
# Restart firewalld & the NPA publisher after this configuration
sudo systemctl restart firewalld
sudo pkill npa_publisher

Note

As indicated above, this configuration is applied automatically in all current NPA Publisher releases and is included here for reference/legacy Publishers.