Virtual Appliance Configuration Scenarios
The configuration scenarios explained in this section are:
Configure a Netskope Virtual Appliance with Infoblox DNS Server
Configure a Netskope Virtual Appliance with Microsoft AD DNS Server
Configure a Netskope Virtual Appliance with a 3rd-party Explicit Proxy and PAC File
Configure a Netskope Virtual Appliance with an Infoblox DNS Server
In a network setup where Infoblox DNS servers are deployed, the Virtual Appliance can be configured to automatically create and update Forward Zones for cloud apps that are managed.
To configure the Infoblox DNS server:
Open an nsshell and enter the command
configure
Specify the Infoblox Master DNS Server hostname or IP:
set external-dns infoblox hostname <hostname or IP>
Enter the credentials of a user who has permissions to add and modify Forward Zones:
set external-dns infoblox username <username> set external-dns infoblox password <password>
Save the configuration with the command
save
, and then press Enter.Note
You must save the configuration prior to enabling the external-dns infoblox process.
Enable the External DNS Infoblox Process
To enable updates to the Infoblox DNS server:
set external-dns infoblox enable <true or false>
Save the entire configuration with the command save
, and then press Enter.
Configure a Netskope Virtual Appliance with a Microsoft AD DNS Server
Please refer to Netskope Adapters for details on integrating a Virtual Appliance with Microsoft AD DNS Server.
Note
Ensure that DNS Connector is configured. See Configure DNS Connector for details.
Configure a Netskope Virtual Appliance with a 3rd-party Explicit Proxy and PAC File
A Virtual Appliance can be configured to run as an explicit proxy and all cloud app traffic can be proxied through the Virtual Appliance while other traffic can go through the existing proxy server. To do this, the Virtual Appliance needs to be configured to download the existing PAC file and in turn host a modified PAC file that redirects cloud app traffic to the Virtual Appliance's proxy server and retains the PAC file rules for all other traffic.
If you want to direct the cloud app traffic to the appliance and the web traffic to your existing proxy server, configure the merged PAC file server on the appliance.
Open an nsshell and enter the command
configure
.Set the IP address to host the merged PAC file server on the appliance. If not provided, the IP address of the DNS server is used if it is configured:
set dataplane pac-server listener-ip <PAC server IP>
In appliance version 58 and higher, run the following command.
set dataplane pac-server listener-interface <PAC server interface>
Set the TCP port to host the merged PAC file server on the appliance:
set dataplane pac-server listener-port <PAC server port>
Set the URL of the existing PAC file server:
set dataplane pac-server url http://wpad.yourdomain.com/wpad.dat
Enable the PAC file server:
set dataplane pac-server enable true
Save the configuration:
save
The PAC file will be hosted at
http://<PAC server IP>:<pac-server-port>/wpad.dat
andhttp://<PAC server IP>:<pac-server-port> /proxy.pac
.Enable the explicit proxy mode for the appliance by doing the following:
set dataplane proxy-mode explicit enable true
Optionally, specify the fully-qualified domain name that resolves to the IP configured for the appliance. This host name will be used in the merged PAC file. If this setting is not provided, the appliance IP will be present in the merged PAC file.
set dataplane pac-server hostname sfproxy.yourdomain.com
Optionally specify the TCP port for hosting the appliance explicit proxy. The default port used by the appliance is 8080.
set dataplane proxy-mode explicit listener-port <explicit proxy port>
Save the configuration.
save