Using Netskope Client
The end-user client provides the following options
Enabling or Disabling: By default, for all AD users or devices the client is enabled. However, users can chose to disable the client by selecting the Disable Netskope Client option from the Netskope Client system tray icon.
Enable/Disable Private Apps Access: You can allow users to enable or disable the Client for Private Apps Access. Select the option Allow disabling of Private Apps Access from Client Configuration to view this option in the Netskope Client system tray icon.
Configuration: During a troubleshooting scenario, user can click the Configuration option to view and share the following configuration details about the installed client.
Organization
Gateway (in FQDN format)
Gateway IP (IP address and POP name)
User Email (of the device user)
Client Configuration (name of the client configuration)
Steering Configuration (name of the steering configuration)
Device Classification (if the device is manage or unmanaged)
Tunnel Protocol
Private Access (status of private access)
Private Access Gateway (if private access is enabled, then the IP address of )
On-Premise check (displayed when dynamic steering is used)
Traffic Steering Type (all traffic, web traffic or cloud-app traffic)
Config Updated (date when the client configuration was last updated)
Configuration status.
Users can update Client configuration if an update is available.
See also: Netskope Client Command Reference for more options.
On Windows
On macOS
Save Logs: Use this option to save client logs that can be shared with support team for troubleshooting.
Advanced Debugging: Use this option to allow the Client to collect detailed log files like kernel driver logs, Inner packet capture, external packet capture without the need of a 3rd party software.
Note
This option is visible only if the Enable advanced debug option is enabled in the client configuration. The logs collected by the Client will depend on the log level selected for the debug option.
Warning
Setting log level to Debug may impact the performance due to high disk operations.
Block Events: To view the list of blocked events, right click on the client icon and select View Blocked Events. The resulting pop-up window displays the list of access attempts that are made to any certs pinned and which are configured as blocked by the admin. Use this option to view the list of blocked events relating to certificate pined apps. These are apps that are set to be blocked in the tenant.
Enabling or Disabling
Icon | Status | Description |
---|---|---|
Enabled | The client is successfully connected to the Netskope Gateway and the client icon is in full color. | |
Disabled | The Netskope client has failed to download the required configuration. The client will continue to be in this state until the configuration downloaded. Possible causes are:
| |
Disabled due to error | The Client is disabled and the icon is grayed out with an orange circle and an exclamation point. Possible causes are:
| |
Disabled due to fail close. | The Client is disabled and the icon is in red color. Possible causes:
|
Client Status
The following table lists various client statuses and their meaning. You can also query client status via the Get Client Data REST API.
Event | Actor | Status | Meaning |
---|---|---|---|
Installed | System | Disabled | Via email invitation, distribution tool (i.e. SCCM, Altiris, JAMF etc) |
Tunnel Up | System | Enabled | 'Auto' enabled just after install, upgrade or later |
Tunnel Down | System | Disabled | disabled - default startup state of client i.e. after installation/upgrade/restart |
Tunnel down due to secure forwarder | System | Disabled | 'Auto' disabled due to Netskope Secure Forwarder found |
Fail close | System | Disabled | The client tunnel could not be established to Netskope gateway. |
Tunnel down due to GRE | System | Disabled | 'Auto' Disabled due to GRE |
Tunnel down due to Data Plane on-premises | System | Disabled | 'Auto' Disabled due to on-premises DP |
Tunnel down due to config error | System | Disabled | 'Auto' disabled due to config errors/missing config |
Tunnel down due to error | System | Disabled | 'Auto' disabled due to (any other) error |
Change in network | System | Disabled | 'Auto' disabled due to change in network |
System shutdown | System | Disabled | 'Auto' disabled due to system restart/ power down |
System powerup | System | Disabled/Enabled | 'Auto' Tunnel status will be as per actual satus |
User Disabled | User | Disabled | User disabled the client from the system tray |
User Enabled | User | Enabled | User enabled the client from the system tray |
Admin Disabled | Admin | Disabled | Tenant admin disabled the client from the system tray |
Admin Enabled | Admin | Enabled | Tenant admin enabled the client from the system tray |
Uninstalled | System | Uninstalled | Uninstalled by end user, admin, SCCM admin etc |
Installation Failure | System | Disabled | Installation failed |