Skip to main content

Netskope Help

Virtual Appliance Configuration Scenarios

The configuration scenarios explained in this section are:

  • Configure a Netskope Virtual Appliance with Infoblox DNS Server

  • Configure a Netskope Virtual Appliance with Microsoft AD DNS Server

  • Configure a Netskope Virtual Appliance with a 3rd-party Explicit Proxy and PAC File

Configure a Netskope Virtual Appliance with an Infoblox DNS Server

In a network setup where Infoblox DNS servers are deployed, the Virtual Appliance can be configured to automatically create and update Forward Zones for cloud apps that are managed.

To configure the Infoblox DNS server:

  1. Open an nsshell and enter the command configure

  2. Specify the Infoblox Master DNS Server hostname or IP:

    set external-dns infoblox hostname <hostname or IP>
  3. Enter the credentials of a user who has permissions to add and modify Forward Zones:

    set external-dns infoblox username <username>
    set external-dns infoblox password <password>
  4. Save the configuration with the command save, and then press Enter.

    Note

    You must save the configuration prior to enabling the external-dns infoblox process.

Enable the External DNS Infoblox Process

To enable updates to the Infoblox DNS server:

set external-dns infoblox enable <true or false>

Save the entire configuration with the command save, and then press Enter.

Configure a Netskope Virtual Appliance with a Microsoft AD DNS Server

Please refer to Netskope Adapters for details on integrating a Virtual Appliance with Microsoft AD DNS Server.

Note

Ensure that DNS Connector is configured. See Configure DNS Connector for details.

Configure a Netskope Virtual Appliance with a 3rd-party Explicit Proxy and PAC File

A Virtual Appliance can be configured to run as an explicit proxy and all cloud app traffic can be proxied through the Virtual Appliance while other traffic can go through the existing proxy server. To do this, the Virtual Appliance needs to be configured to download the existing PAC file and in turn host a modified PAC file that redirects cloud app traffic to the Virtual Appliance's proxy server and retains the PAC file rules for all other traffic.

If you want to direct the cloud app traffic to the appliance and the web traffic to your existing proxy server, configure the merged PAC file server on the appliance.

  1. Open an nsshell and enter the command configure.

  2. Set the IP address to host the merged PAC file server on the appliance. If not provided, the IP address of the DNS server is used if it is configured:

    set dataplane pac-server listener-ip <PAC server IP>

    In appliance version 58 and higher, run the following command.

    set dataplane pac-server listener-interface <PAC server interface>
  3. Set the TCP port to host the merged PAC file server on the appliance:

    set dataplane pac-server listener-port <PAC server port>
  4. Set the URL of the existing PAC file server:

    set dataplane pac-server url http://wpad.yourdomain.com/wpad.dat
    
  5. Enable the PAC file server:

    set dataplane pac-server enable true
  6. Save the configuration:

    save

    The PAC file will be hosted at http://<PAC server IP>:<pac-server-port>/wpad.dat and http://<PAC server IP>:<pac-server-port> /proxy.pac.

  7. Enable the explicit proxy mode for the appliance by doing the following:

    set dataplane proxy-mode explicit enable true
  8. Optionally, specify the fully-qualified domain name that resolves to the IP configured for the appliance. This host name will be used in the merged PAC file. If this setting is not provided, the appliance IP will be present in the merged PAC file.

    set dataplane pac-server hostname sfproxy.yourdomain.com
  9. Optionally specify the TCP port for hosting the appliance explicit proxy. The default port used by the appliance is 8080.

    set dataplane proxy-mode explicit listener-port <explicit proxy port>
  10. Save the configuration.

    save