Netskope Help

Sophos

This document contains the best practices required in Sophos and Netskope Client to ensure smooth interoperability.

Environment
  • Netskope Client version: 93.0.1.944

  • Sophos

    • Core Agent: 2.20.13

    • Endpoint Advanced: 10.8.11.4

    • Sophos Intercept X: 2.0.24

Specific configurations in Sophos and Netskope tenant web UI ensure processes or traffic from either of the applications are not blocked or directed to the Netskope Cloud.

Configurations In Netskope Client

When installing Netskope Client, configure exceptions in steering configurations to bypass traffic from Sophos. To learn more about adding exceptions, see Exceptions.

To add Sophos as a Certificate Pinned Application on the Netskope UI:

  1. Go to Settings > Security Cloud Platform > Steering Configuration.

  2. Click Default tenant config.

  3. On the Default tenant config page, click EXCEPTION > NEW EXCEPTION > Certificate Pinned Applications.

  4. In the New Exception window, do the following:

    1. From Certificate Pinned App, select the application. To add a new certificate pinned application in the New Certificate Pinned Application window, do the following:

      • Application Name: Enter the name of the application.

      • Platform: Select the operating system where the application is managed.

      • Definition: Provide the domain names that you want to bypass. Here, add the following domains:

        • *.sophos.com

        • *.sophosupd.com

        • *.sophosupd.net

        • *.sophosxl.net

    2. From Custom App Domains, add following URLs that you want to exclude:

      • ocsp.globalsign.com

      • ocsp2.globalsign.com

      • crl.globalsign.com

      • crl.globalsign.net

      • ocsp.digicert.com

      • crl3.digicert.com

      • crl4.digicert.com

      • ocsp.usertrust.com

      • ocsp.sectigo.com

    3. From Actions, select Bypass for all operating systems that you want to allow directly to the destination.

    4. Click ADD.

Sophos Validation

To verify if Sophos features function smoothly:

  1. Ensure that an infected file is detected by Sophos (In the Events tab on the SOPHOS client).

    Verify_Sophos_1.png
  2. Verify that the detected file is uploaded to the Device > Events section on Sophos central.

    Verify_Sophos_2.png
  3. Go to About > Update and ensure that the product update is successful.

Netskope Client Functions

Refer to the list of validated use cases that you can use to verify Client operations.