Netskope Client Interoperability
By design, the Netskope Client establishes a tunnel to steer all configured (web and/or CASB) traffic to the Netskope cloud to perform all required security functions (example: DLP, threat protection, etc). To provide optimal performance, the Client must connect to the closest Netskope POP to steer traffic.
When third-party apps, for example, VPN clients are installed, they establish a full tunnel and steer all traffic from the user’s device to their enterprise security stack. In such a scenario, Netskope Client will tunnel over the VPN tunnel. This results in the following performance issues:
Traffic from the client is steered via a suboptimal path to connect to Netskope POP.
Since the third-party VPN client has no visibility into the Netskope tunnel, it offers no additional security value to the tunnel traffic.
The complete benefits of Netskope security features are not available to the customers.
Interoperability Validation
The best practices guide for various third-party applications ensures that the following Netskope features operate smoothly and as expected:
Netskope Client Features | Use case Description | Third-Party Applications |
|---|---|---|
Deployment | As part of deployment validation, the client was deployed on the same device that had third-party applications using an email invite. To learn more about the different deployment methods, see Netskope Client Deployment Options. | VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance |
Installation Status | Post-deployment, Netskope tenant WebUI received the Client installation status events from devices that had both Netskope Client and supported third-party applications. To learn more about Client status, see Client Status. | VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance |
Traffic Steering | A series of traffic steering tests were conducted to confirm that the Client was able to steer traffic without any conflicts from third-party apps installed in the same device. To learn more about traffic steering, see Steering Configuration. | VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance |
Log Collection | As part of Client troubleshooting tasks, the log collection process was successfully executed from the tenant WebUI. Log files of the Client in a machine that was installed with the third-p party apps were successfully generated. To learn more about Client logs, see Netskope Client Configuration. | VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance |
Client Upgrade | A client configuration with an upgrade option was able to upgrade the Client installed in devices with third-party apps. To learn more about Client Configuration, see Netskope Client Configuration. | - |
Client Enable/Disable | The tenant admin could enable or disable clients installed on devices that had third-party apps. | VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance |
Compatibility Matrix
This section list third-party software that is tested and qualified to work on the same devices with Netskope Client.
Third-party VPN applications require steering configuration exceptions to ensure that the respective VPN application is able to reach their gateway. To learn more about creating VPN exceptions, see Exception Configuration for VPN Applications . For detailed instruction on configuration best practices in the third-party, click on the interop best practices link for your third-party app in the Notes column of the following table.
Application Name | Version | Platform | Notes |
|---|---|---|---|
Cisco AnyConnect | 4.3, 4.4, 4.5, 4.6, 4.8,4.9,4.10 | Windows and Mac | |
Palo Alto GlobalProtect | 4.1.0 | Windows and Mac | |
OpenVPN Cloud | 3.3.1.2222 | Windows Server 2016 DataCenter | |
Microsoft Always-On VPN | Windows 10 Pro with OS build 19044.1586 | Windows Server 2019 | |
FortiGate VPN | FortiOS v7.2.0-b1157 (Server), 7.0.5.0238 (Client) | Widnows 10, macOS Monterey | |
PulseSecure VPN | 9.1R14 (build 16847) (Server), 9.1.14.13525 (Client) | Widnows 10 and 11, macOS Monterey |
To ensure Netskope Client traffic operates smoothly, follow the instructions in Exceptions for Anti Virus Applications.
Application Name | Version | Platform | Notes |
|---|---|---|---|
McAfee Agent | 5.0.5.658 | Windows and Mac | |
McAfee Virus Scan Enterprise | 8.8.9000 | ||
Kaspersky Small Office Security | 17.0.0.611 | ||
Sophos Home | 1.2.12 | ||
Avast Anti Virus Free | 2018 | ||
McAfee End Point Security | 10.5.4 | Mac | |
VMware Carbon Black | 3.8.0.398 | Windows | |
Symantec Endpoint Protection | 14.0.MP1 build 2332 (14.0.2332.0100) | Windows 2016 Server Datacenter | |
CrowdStrike | 6.36.15005 | Windows | |
TrendMicro Maximum Security | 17.7.1243 - USOI202074.Q4EXP | Windows | |
Blackberry Cylance | 2.1.1574(Windows), 3.0.1000.511(macOS) | Windows 10 and macOS Monterey |
Application Name | Version | Platform | Notes |
|---|---|---|---|
Cisco AnyConnect Web Security | 4.3, 4.4, 4.5 | Windows and Mac |
You can mass deploy Netskope Client to Windows and Mac end-user devices using any of the following MDM (mobile device management) tools.
Application Name | Version | Platform | Notes |
|---|---|---|---|
Microsoft SCCM | 2008, 2012 | Windows | |
Microsoft GPO | Windows | ||
Microsoft Endpoint Manager | Windows and Mac | ||
VMWare Workspace One | 9.3.0.7 | Mac | |
JAMF Pro | 10.13.1 | Windows and Mac | |
Kandji | - | Mac |
You can use any of the following proxy applications to steer traffic from any device to the Netskope Cloud. To learn more about how Netskope Client steers traffic via explicit proxies, see Netskope Client in an Explicit Proxy Environment .
Application Name | Version | Platform | Notes |
|---|---|---|---|
WebSense | |||
BlueCoat | |||
Squid | 3.5.12 | Windows 10 | |
Microsoft Forefront TMG Proxy | 2010 SP2 |