Skip to main content

Netskope Help

Using Netskope Client

The end-user client provides the following options

NetskopeClientTrayIcon_97_1.png
  • Enabling or Disabling: By default, for all AD users or devices the client is enabled. However, users can chose to disable the client by selecting the Disable Netskope Client option from the Netskope Client system tray icon.

  • Enable/Disable Private Apps Access: You can allow users to enable or disable the Client for Private Apps Access. Select the option Allow disabling of Private Apps Access from Client Configuration to view this option in the Netskope Client system tray icon.

  • Configuration: During a troubleshooting scenario, user can click the Configuration option to view and share the following configuration details about the installed client.

    • Organization

    • Gateway (in FQDN format)

    • Gateway IP (IP address and POP name)

    • User Email (of the device user)

    • Client Configuration (name of the client configuration)

    • Steering Configuration (name of the steering configuration)

    • Device Classification (if the device is manage or unmanaged)

    • Tunnel Protocol

    • Private Access (status of private access)

    • Private Access Gateway (if private access is enabled, then the IP address of )

    • On-Premise check (displayed when dynamic steering is used)

    • Traffic Steering Type (all traffic, web traffic or cloud-app traffic)

    • Config Updated (date when the client configuration was last updated)

    • Configuration status.

    Users can update Client configuration if an update is available.

    See also: Netskope Client Command Reference for more options.

    On Windows

    On macOS

    winConfig.png
    macConfig.png

  • Save Logs: Use this option to save client logs that can be shared with support team for troubleshooting.

  • Advanced Debugging: Use this option to allow the Client to collect detailed log files like kernel driver logs, Inner packet capture, external packet capture without the need of a 3rd party software.

    Note

    • This option is visible only if the Enable advanced debug option is enabled in the client configuration. The logs collected by the Client will depend on the log level selected for the debug option.

    Warning

    Setting log level to Debug may impact the performance due to high disk operations.

  • Block Events: To view the list of blocked events, right click on the client icon and select View Blocked Events. The resulting pop-up window displays the list of access attempts that are made to any certs pinned and which are configured as blocked by the admin. Use this option to view the list of blocked events relating to certificate pined apps. These are apps that are set to be blocked in the tenant.

Enabling or Disabling
Table 24. Client Icon Status

Icon

Status

Description

client-active.png

Enabled

The client is successfully connected to the Netskope Gateway and the client icon is in full color.

client-disabled-icon.png

Disabled

The Netskope client has failed to download the required configuration. The client will continue to be in this state until the configuration downloaded. Possible causes are: 

  • The client was disabled by end user.

  • The cient was disabled by the admin in the Netskope admin console.

  • The client automatically disables itself due to the presence of a secure Forwarder, a GRE Tunnel, or a Dataplane On-Premises configuration.

  • The client is disabled in a multi-user scenario for the local admin or users who are not provisioned in the tenant.

client-error-icon.png

Disabled due to error

The Client is disabled and the icon is grayed out with an orange circle and an exclamation point. Possible causes are: 

  • The client has connectivity issues to the Netskope Gateway.

  • The health check has failed.

  • The client service is stopped manually.

nskp-icon-red.png

Disabled due to fail close.

The Client is disabled and the icon is in red color. Possible causes:

  • Tunnel connection could not be established.



Client Status

The following table lists various client statuses and their meaning. You can also query client status via the  Get Client Data REST API.

Event

Actor

Status

Meaning

Installed

System

Disabled

Via email invitation, distribution tool (i.e. SCCM, Altiris, JAMF etc)

Tunnel Up

System

Enabled

'Auto' enabled just after install, upgrade or later

Tunnel Down

System

Disabled

disabled - default startup state of client i.e. after installation/upgrade/restart

Tunnel down due to secure forwarder

System

Disabled

'Auto' disabled due to Netskope Secure Forwarder found

Fail close

System

Disabled

The client tunnel could not be established to Netskope gateway.

Tunnel down due to GRE

System

Disabled

'Auto' Disabled due to GRE

Tunnel down due to Data Plane on-premises

System

Disabled

'Auto' Disabled due to on-premises DP

Tunnel down due to config error

System

Disabled

'Auto' disabled due to config errors/missing config

Tunnel down due to error

System

Disabled

'Auto' disabled due to (any other) error

Change in network

System

Disabled

'Auto' disabled due to change in network

System shutdown

System

Disabled

'Auto' disabled due to system restart/ power down

System powerup

System

Disabled/Enabled

'Auto' Tunnel status will be as per actual satus

User Disabled

User

Disabled

User disabled the client from the system tray

User Enabled

User

Enabled

User enabled the client from the system tray

Admin Disabled

Admin

Disabled

Tenant admin disabled the client from the system tray

Admin Enabled

Admin

Enabled

Tenant admin enabled the client from the system tray

Uninstalled

System

Uninstalled

Uninstalled by end user, admin, SCCM admin etc

Installation Failure

System

Disabled

Installation failed