Secure Forwarder Interfaces
Secure Forwarder has three interfaces: two for receiving and forwarding traffic, and one for management access.
Interface | Description | Guidelines |
|---|---|---|
mp | Management plane interface | We recommend you have the mp interface on a separate network. However, it can be on the same subnet as dp1 and dp2. |
dp1 | Data plane interface 1. Secure Forwarder receives traffic from the clients on this interface | We recommend you have 60 IP addresses available on the interface on which Secure Forwarder listens for client traffic (dp1). Note The 60 IP addresses are required to handle cloud apps that have native clients. If you do not need support for any native clients and require support only for browser-based cloud apps, a single IP address on dp1 will suffice. It 's not required to assign a full /24 block of IP addresses to dp1. You can assign non-contiguous IP addresses and/or IP address ranges for the dp1 interface configuration. |
dp2 | Data plane interface 2. This is the cloud interface from which the traffic is sent to the Netskope cloud | Starting with virtual appliance version 58, dp2 interface is DHCP enabled. |
The rest of the document walks you through the steps to install this virtual appliance, configure the necessary interfaces, and set up the appropriate server and client side certificate and keys.