Skip to main content

Netskope Help

Secure Forwarder Interfaces

Secure Forwarder has three interfaces: two for receiving and forwarding traffic, and one for management access.

Interface

Description

Guidelines

mp

Management plane interface

We recommend you have the mp interface on a separate network. However, it can be on the same subnet as dp1 and dp2.

dp1

Data plane interface 1. Secure Forwarder receives traffic from the clients on this interface

We recommend you have 60 IP addresses available on the interface on which Secure Forwarder listens for client traffic (dp1).

Note

The 60 IP addresses are required to handle cloud apps that have native clients. If you do not need support for any native clients and require support only for browser-based cloud apps, a single IP address on dp1 will suffice.

It 's not required to assign a full /24 block of IP addresses to dp1. You can assign non-contiguous IP addresses and/or IP address ranges for the dp1 interface configuration.

dp2

Data plane interface 2. This is the cloud interface from which the traffic is sent to the Netskope cloud

Starting with virtual appliance version 58, dp2 interface is DHCP enabled.

The rest of the document walks you through the steps to install this virtual appliance, configure the necessary interfaces, and set up the appropriate server and client side certificate and keys.