Skip to main content

Netskope Help

Overview of Netskope On-Premises Appliance

Netskope's on-premises Cloud Access Security Broker (CASB) provides the ability to process and maintain data inside an enterprise's perimeter. The N1000, N2000, and N5000 appliances are the cornerstone of this service as they provide a physical footprint.

Note

This document is dedicated to the full on-premises deployment mode; there's a separate guide if you are managing appliances from the cloud.

When installed, your appliances should be using the latest software package.

New N2000 Appliances

The new N2000 Appliances are 1U appliances.

N2000_new_with_bezel.jpg

The front of the unit has a removable bezel.

N2000_new_without_bezel.JPG

When the bezel is removed, you can see a control panel with a power button and status LEDs.

N2000_new_front_labels.jpg

The following table describes the control panel.

Label Number

Name

Description

1

Power button

The main power switch powers on or off the appliance. When switch maintains a standby power from the power supply to the appliance.

2

UID button and LED

The unit identification (UID) button powers on or off the blue light function of the Information LED and a blue LED on the rear of the chassis. The blue LEDs are used to locate the server in large racks.

3

Power LED

Indicates power is being supplied to the system power supply units. This LED is illuminated when the system is operating normally.

4

HDD

Indicates activity on the hard drive when flashing.

5

NIC LED for LAN1

Indicates network activity on LAN1 when flashing.

6

NIC LED for LAN2

Indicates network activity on LAN2 when flashing.

7

Information LED

Alerts operator to several states, as mentioned in the table below.

The following table describes the various states of the Information LED.

Information LED Status

Description

Continuously on and red

An overheating condition has occurred. This may be caused by cable congestion.

Blinking red (1Hz)

Fan failure, check for an inoperative fan.

Blinking red (0.25Hz)

Power failure, check for a non-operational power supply.

Solid blue

UID has been activated locally to locate the server in a rack environment.

Blinking blue

UID has been activated using IPMI to locate the server in a rack environment.

The rear of the unit has several ports with specific purposes.

new_n2000_appliance_back.png

The IPMI port is used for initial setup only, the inbound port is used for log parsing functionality, and the TAP port is used to receive traffic from a decrypting TAP.

N2000_new_back_port_labels.jpg

The following table provides a mapping of the interface to ports on the unit.

Interface

Ports

Speed

IPMI

1g

eth0

Management

1g

eth1

Aux1

1g

eth2

Tap

1g

eth3

Aux2

1g

eth4

Out (Outbound)

10g

eth5

In (Inbound)

10g

N1000 and N2000 Appliances

The N1000 and N2000 are 1U appliances. They are best suited for log parsing and other traffic handling duties but can be used in any capacity.

The front of the units has a power button at the center, and a small bank of LEDs on the right side:

N2000Power.png

Important

Before turning off the appliance using the power button, log in to the appliance (using ssh or IPMI) and enter the command shutdown. Use the power button to turn off the appliance only after issuing this command.

The rear of the unit has several ports with specific purposes.

RearPorts1000And2000.png

In a typical installation, the IPMI port is used for initial setup only, the inbound port is used for log parsing functionality, and the TAP port is used to receive traffic from a decrypting TAP.

On older appliances, the rear of the unit is as shown in the following image.

RearPorts-oldAppliance.png

Two AC power supplies are in the rear left of the chassis and provide redundancy. The following image shows the rear of the N1000 chassis.

N1000PowerSupplies.jpg
N5000 Appliances

The N5000 is a 2U appliance best suited for management duties because of its expanded event retention capabilities but can be used in any capacity.

The front of the unit has a power button at the center, and a small bank of LEDs on the right side:

N5000Power.png

Important

Before turning off the appliance using the power button, log in to the appliance (using ssh or IPMI) and enter the command shutdown. Use the power button to turn off the appliance only after issuing this command.

The rear of the unit has several ports with specific purposes.

RearPorts5000.png

In a typical installation, the IPMI port is used for initial setup only, the inbound port is used for log parsing functionality, and the TAP port is used to receive traffic from a decrypting TAP.

Two AC power supplies are in the rear left of the chassis and provide redundancy. The following image shows the rear of the N5000 chassis.

N5000PowerSupplies.png
Appliance LED Status

The appliance has three LEDs in the front - Power LED, HDD LED, and System Status LED.

The following tables provide details about of various states of the LEDs that indicate the status of the appliance.

Power LED

Color

State

Criticality

Description

Green

Solid on

System OK

System booted and ready.

Off

N/A

Not ready

AC power is off.

HDD LED

Color

State

Criticality

Description

Amber

Solid on

HDD OK

HDD is active.

Amber

Blink

HDD OK

HDD is transferring data.

Off

N/A

Not ready

HDD is inactive.

System Status LED (Alert LED)

Color

State

Criticality

Description

Action

Red

Blink

Non-critical

Non-fatal alarm - system is likely to fail:

  • Critical temperature threshold asserted

    • CA TERR asserted

    • Critical voltage threshold asserted

    • VRD hot asserted

    • SMI Timeout asserted

Contact Netskope support.

Red

Solid on

Critical, non-recoverable

Fatal alarm - system has failed or shut down

  • CPU Missing

  • Thermal Trip asserted

    • Non-recoverable temperature threshold asserted

    • Non-recoverable voltage threshold asserted

    • Power fault/Power Control Failure

    • Fan redundancy lost, insufficient system cooling. This does not apply to non-redundant systems.

    • Power supply redundancy lost insufficient system

Note

This state also occurs when AC power is first applied to the system. This indicates the BMC Is booting.

Contact Netskope support.

Off

N/A

Not ready

AC power off, if no degraded, non-critical, critical, or non-recoverable conditions exist.

  • System is powered down or S5 states, if no degraded, non-critical, critical, or non-recoverable conditions exist.

  • If the system is functioning properly, disregard the LED caveat.

No action

System Specifications
appliances_system_spec.png
Outbound Ports

Use these ports for management connectivity and log uploads.

Note

In release 46 domain names changed. Using version 46 and later requires using the new domain names. Existing deployments (release 45 and prior) do not require the new domain names, but using them are recommended. The one required update is for auto-updates; either turn off auto-update or use the new download-<tenant hostname>.goskope.com domain name. New deployments with release 46 and higher do need to use the new domain names.

For management connectivity:

Domain

Description

Port

New:config-<tenant hostname>.goskope.com

Old: config.goskope.com

Use for configuration updates. The domain needs to be SSL allowlisted if you have SSL decryption enabled.

443

New: download-<tenant hostname>.goskope.com

Old: download.goskope.com

Use for software upgrades.

443

New: messenger-<tenant hostname>.goskope.com

Old: messenger.goskope.com

Use for reporting and status updates in the UI. The domain needs to be SSL allowlisted if you have SSL decryption enabled.

443

New: callhome-<tenant hostname>.goskope.com

Old: callhome.goskope.com

Use for receiving metrics from on-premises appliances and forwarding them to cloud tenants, as well as receiving event data from an on-premises dataplane appliances. Also for receiving custom user attributes from user endpoints. The domain needs to be SSL allowlisted if you have SSL decryption enabled.

443

defupdate.goskope.com

Note

There is no change in the domain name.

Use for downloading anti-malware definitions successfully.

443

Note

For international deployments, use ~ -<tenant hostname>.eu.goskope.com or ~ -<tenant hostname>.de.goskope.com.

For log uploads:

Domain

Description

Port

New: upload-<tenant hostname>.goskope.com

Old: upload.goskope.com

Use for sending logs to the Netskope cloud with SFTP. This is the default port for log uploads.

22

No change: logupload-<tenant hostname>.goskope.com

Use for sending logs to the Netskope cloud with HTTPS. This port is enabled by default.

443

No change: <tenant hostname>.goskope.com

Use for fetching the REST API token with HTTPS.

443

Note

For international deployments, use ~ -<tenant hostname>.eu.goskope.com or ~ -<tenant hostname>.de.goskope.com.

Inbound Ports

Service

Description

Port

Syslog

Use for receiving syslog traffic.

514

AD Connector

Use for getting IP-to-user mapping with the Netskope AD connector.

4400

SFTP and SCP

Use for management connectivity and log uploads to the log parser appliance.

22

FTPS

Use for management connectivity and log uploads to the log parser appliance.

21 (using explicit SSL)

Note

Netskope does not support implicit ssl over port 990.

Prerequisites

Before you begin the installation, make sure you meet these hardware and software requirements:

  • Hardware Requirements: To perform a successful install, you will need one temporary network cable for the IPMI port. You will also need two permanent network cables, one for the management interface port and one for the inbound interface port.

  • Software Requirements: To access the remote console for the appliance over the IPMI interface, you will need to a working Java Runtime Environment. If you don't have this, you can download it from http://www.java.com.