Netskope Help

Upload Logs using FTPS

If your network allows file transfers using FTPS instead of SFTP or SCP, you can upload log files by enabling FTPS on the appliance.  To do this, you must first generate and install an SSL certificate. Server side certificates are required to enable SSL inspection. You can use either a self-signed certificate or a CA certificate preferably signed by the enterprise's Root or intermediate CA.

Make sure that the server certificate of the appliance uses a fully-qualified domain name as the common name.

  1. Enter the command:

    set log-upload ftps server-cert

    Copy and paste your CA certificate into the buffer, press Enter, then type Ctrl-D to exit.

  2. Enter the command:

    set log-upload ftps server-key

    Copy and paste your private key into the buffer, press the Enter key, and then enter Ctrl-D to exit.

  3. If you are not using a CA and want the appliance to generate a self-signed certificate, use the following command:

    run request certificate generate ftps self-signed city <city> common-name <common-name> country <country> days <days> email-address <email-address> organization <organization> organization-unit <organization-unit> state <state>

    Here's an example command to generate self-signed certificate:

    run request certificate generate ftps self-signed city "Los Altos" common-name "sforwarder.netskope.com"
    organization "netskope" organization-unit "netskope cert authority"
    state "CA" country "US" email-address "admin@netskope.com"
  4. Enable log upload for FTPS:

    set log-upload ftps enable true
  5. Enter save and press Enter to save the configuration.