Netskope is up

You have your Netskope cloud account, now what do you do with it?

Create a basic real-time policy to “watch” traffic
Steer client traffic to your Netskope tenant

Testing tools.

The Netskope notskope site will verify that you are steering your traffic via the Netskope tenant.

https://www.notskope.com/

Once you start blocking traffic a good way to test is with the Netskope Security Check.

https://www.netskopesecuritycheck.com/

Real-time Protection Policy

Policies > Real-time Protection > New Policy > Web Access

I go back and forth on if it is worth putting the system to just monitor. In this one, I list all web traffic and select all activities (browse, download, formpost, login attempt, and upload). I then watch for CCI rating. CCI is Netskope’s Cloud Confidence Index, basically their rating on how safe a cloudapp/website is. Setting the action to Alert will show you activity in the SkopeIT logs. I am always a little surprised about what I see.

It might make more sense to create a policy to block malware but unless you hit some malware, Netskope wouldn’t generate any logs on it.

Fields

Source: leave blank for all users
Destination: Category (select all)
Activities & Constraints: Activity = browse, download,formpost,login attempt,upload
CCL = Excellent, High, Medium, Low, Poor, Unknown
Profile & Action: Action:Alert
Set Policy: <name>

Save and Apply Changes

Steer client traffic

Now you just need to get traffic to the tenant. Of course, you can send a GRE, IPsec, or SD-WAN tunnel to it but in this case, we will use the Netskope Client to steer traffic to it.

At the bottom of the page select > Settings