Skip to main content

Netskope Help

Netskope Client Interoperability

By design, the Netskope Client establishes a tunnel to steer all configured (web and/or CASB) traffic to the Netskope cloud to perform all required security functions (example: DLP, threat protection, etc). To provide optimal performance, the Client must connect to the closest Netskope POP to steer traffic.

When third-party apps, for example, VPN clients are installed, they establish a full tunnel and steer all traffic from the user’s device to their enterprise security stack. In such a scenario, Netskope Client will tunnel over the VPN tunnel. This results in the following performance issues:

  • Traffic from the client is steered via a suboptimal path to connect to Netskope POP.

  • Since the third-party VPN client has no visibility into the Netskope tunnel, it offers no additional security value to the tunnel traffic.

  • The complete benefits of Netskope security features are not available to the customers.

Interoperability Validation

The best practices guide for various third-party applications ensures that the following Netskope features operate smoothly and as expected:

Netskope Client Features

Use case Description

Third-Party Applications

Deployment

As part of deployment validation, the client was deployed on the same device that had third-party applications using an email invite.

To learn more about the different deployment methods, see Netskope Client Deployment Options.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance

Installation Status

Post-deployment, Netskope tenant WebUI received the Client installation status events from devices that had both Netskope Client and supported third-party applications.

To learn more about Client status, see Client Status.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance

Traffic Steering

A series of traffic steering tests were conducted to confirm that the Client was able to steer traffic without any conflicts from third-party apps installed in the same device.

To learn more about traffic steering, see Steering Configuration.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance

Log Collection

As part of Client troubleshooting tasks, the log collection process was successfully executed from the tenant WebUI. Log files of the Client in a machine that was installed with the third-p party apps were successfully generated.

To learn more about Client logs, see Netskope Client Configuration.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance

Client Upgrade

A client configuration with an upgrade option was able to upgrade the Client installed in devices with third-party apps.

To learn more about Client Configuration, see Netskope Client Configuration.

-

Client Enable/Disable

The tenant admin could enable or disable clients installed on devices that had third-party apps.

VMware Carbon Black, Symantec Endpoint Protection, Palo Alto GlobalProtect, Cisco AnyConnect, McAfee Endpoint Security, OpenVPN Cloud, TrendMicro, Kaspersky Security Cloud, CrowdStrike, Microsoft Always-On VPN, Sophos, Squid Proxy, Fortigate VPN, PulseSecure VPN, Blackberry Cylance

Compatibility Matrix

This section list third-party software that is tested and qualified to work on the same devices with Netskope Client.

Third-party VPN applications require steering configuration exceptions to ensure that the respective VPN application is able to reach their gateway. To learn more about creating VPN exceptions, see Exception Configuration for VPN Applications . For detailed instruction on configuration best practices in the third-party, click on the interop best practices link for your third-party app in the Notes column of the following table.

Application Name

Version

Platform

Notes

Cisco AnyConnect

4.3, 4.4, 4.5, 4.6, 4.8,4.9,4.10

Windows and Mac

Cisco AnyConnect

Palo Alto GlobalProtect

4.1.0

Windows and Mac

Palo Alto GlobalProtect

OpenVPN Cloud

3.3.1.2222

Windows Server 2016 DataCenter

OpenVPN Cloud

Microsoft Always-On VPN

Windows 10 Pro with OS build 19044.1586

Windows Server 2019

Microsoft Always-On VPN

FortiGate VPN

FortiOS v7.2.0-b1157 (Server), 7.0.5.0238 (Client)

Widnows 10, macOS Monterey

FortiGate VPN

PulseSecure VPN

9.1R14 (build 16847) (Server), 9.1.14.13525 (Client)

Widnows 10 and 11, macOS Monterey

PulseSecure VPN

To ensure Netskope Client traffic operates smoothly, follow the instructions in Exceptions for Anti Virus Applications.

Application Name

Version

Platform

Notes

McAfee Agent

5.0.5.658

Windows and Mac

McAfee Virus Scan Enterprise

8.8.9000

Kaspersky Small Office Security

17.0.0.611

Sophos Home

1.2.12

Sophos

Avast Anti Virus Free

2018

McAfee End Point Security

10.5.4

Mac

McAfee Endpoint Security

VMware Carbon Black

3.8.0.398

Windows

VMware Carbon Black

Symantec Endpoint Protection

14.0.MP1 build 2332 (14.0.2332.0100)

Windows 2016 Server Datacenter

Symantec Endpoint Protection

CrowdStrike

6.36.15005

Windows

CrowdStrike

TrendMicro Maximum Security

17.7.1243 - USOI202074.Q4EXP

Windows

Trend Micro Maximum Security

Blackberry Cylance

2.1.1574(Windows), 3.0.1000.511(macOS)

Windows 10 and macOS Monterey

Blackberry Cylance

Application Name

Version

Platform

Notes

Cisco AnyConnect Web Security

4.3, 4.4, 4.5

Windows and Mac

Cisco AnyConnect

You can mass deploy Netskope Client to Windows and Mac end-user devices using any of the following MDM (mobile device management) tools.

Application Name

Version

Platform

Notes

Microsoft SCCM

2008, 2012

Windows

Microsoft Endpoint Configuration Manager

Microsoft GPO

Windows

Microsoft Group Policy Object (GPO)

Microsoft Endpoint Manager

Windows and Mac

Microsoft Intune

VMWare Workspace One

9.3.0.7

Mac

VMware Workspace ONEVMWare Workspace One

JAMF Pro

10.13.1

Windows and Mac

JAMF

Kandji

-

Mac

Kandji

You can use any of the following proxy applications to steer traffic from any device to the Netskope Cloud. To learn more about how Netskope Client steers traffic via explicit proxies, see Netskope Client in an Explicit Proxy Environment .

Application Name

Version

Platform

Notes

WebSense

BlueCoat

Squid

3.5.12

Windows 10

Squid Proxy

Microsoft Forefront TMG Proxy

2010 SP2