Netskope Security - FAQs

SUMMARY


The purpose of this FAQ is to answer common questions about Netskope.If you require further assistance or are experiencing an issue not listed in this FAQ, please contact the IT Helpdesk for immediate assistance.


Details

Q: What is the main difference between Netskope and Global Protect?

A: Netskope utilizes a cloud-native architecture with Zero Trust Network Access (ZTNA),enabling remote users to connect securely to cloud resources and internal applications

without full network tunneling. When using Netskope, users will NOT have an IP on the internal network and will use “Publishers” to proxy internal traffic. Global Protect (GP) utilizes a more of a traditional VPN approach. When using GP, users will have an IP address on the internal network.

Q: What are some known issues or caveats with using Netskope as opposed to traditional VPN?

A. 1. Since users do not have an IP on the internal network, all communication to internal resources flow through internal connectors (Publishers). As a result of this, any server-to-client initiated communication will not function. Examples of this include Internet Control Message Protocol (ICMP) which is commonly used for Ping and Traceroute. If you require ICMP, you will need to connect to an internal resource such as a Jump Server or VMWare Horizons in order to use the protocol. 2. Since internal traffic flows through publishers, the source IP of the traffic from an internal application perspective will be the IP of one of the publishers.

Q: How can I confirm I have transitioned to the new Netskope configuration to replace Global Protect?

A: The way to know if you have transitioned fully to Netskope is to check “Traffic Steering Type” in configuration when you right click on the Netskope icon. If it says “All Traffic” then you have been transitioned. If it says “Cloud Apps only” then you have not been transitioned and should continue to use Global Protect.

Q: What does “Internet Security” and “Private Access” mean in regards to Netskope?

A: Internet Security means all Internet-bound traffic is proxied through Netskope. Private access is the VPN replacement and enables access to Intranet applications through

publishers.

Q: What is the expected Netskope Config while I am on Prem and when I am remote?

A: Netskope client configuration will show “On-Premises Check: Remote” when the user is remote and “On-Premises Check: On-Premises” while in a Colgate-Palmolive Office.

If your settings are not matching, please reach out to the IT helpdesk for assistance.

Q: Can I continue to use Global Protect after the transition to Netskope?

A: Once you are transitioned to Netskope “All Traffic” config, you should no longer be using Global Protect. If Global Protect is still launching automatically, just disconnect it and inform the IT helpdesk. If you face any issues while on Netskope you should reach out to the IT helpdesk and they can assist with documenting the issue and will instruct you to use Global Protect temporarily while the issue is investigated.

Q: What do I do if Netskope is not present or enabled on my system?

A: Contact IT helpdesk.

Q: What do I do if both Netskope and Global Protect are enabled?

A: If Global Protect is still launching automatically, just disconnect it and inform the IT helpdesk.

Q: What do I do if Private Access does not enable when I am remote?

A: Try a reboot of your PC, If the issue persists contact the IT helpdesk.

Q: What do I do if Private Access does not enable when I am remote?

A: Try a reboot of your PC, If the issue persists contact the IT helpdesk.

Q: What should Netskope Config look like when I am not on the CP Network?

A: While remote, Netskope client configuration should have both “Internet Security” and “Private Access” enabled. If it does not please contact the IT helpdesk.

Q: What Should I do if Private Access is enabled while on the CP Network?

A: Private Access should not be enabled while on the CP Network. If this is occurring, Contact the IT helpdesk.

Q: What should I do if I’m getting a certificate warning while accessing a website or application on Netskope?

A: Contact IT helpdesk.

Q: Does Netskope have dedicated IP addresses for my traffic? Can I force traffic for a specific application to source from a dedicated IP Address?

A: Yes, but this needs to be reviewed with the Netskope team. You can open an IT Helpdesk request for additional assistance.

Q: Can I disable Netskope Internet Security or Private Access?

A: If you face any issues while on Netskope you should reach out to the IT helpdesk and they can assist with documenting the issue and they will assist you with disabling

Netskope services if appropriate.

Q: Will Business Partners without CP-issued laptops also utilize Netskope?

A: In the future, Business Partners will be transitioned to Netskope. Currently Business partners are still using Global Protect.

Q: Can I change Netskope gateways?

A: No. Netskope automatically selects the best gateway based on metrics.

Q: How does Intranet access work in Netskope for Users in a CP office?

A: While in office, intranet traffic goes directly to applications and systems hosted in ESC and other clouds (GCP, AWS)

Q: How does Intranet access work in Netskope for Remote Users?

A: Publisher servers are deployed in all cloud environments (AWS, GCP). Netskope uses these publishers to access intranet applications on behalf of users.

Q: What should I do if I am being served websites from other countries instead of my local country?

A: Contact IT helpdesk.

Q: When will GlobalProtect be decommissioned fully?

A: By April 2026.

Q. What is this new Netskope Enterprise Browser on my laptop ?

A. Netskope Enterprise Browser is a secure, managed browser environment for controlled and compliant remote access. It is an alternative to a full VPN client (like Global Protect) for certain Business Partners.

Q. How do I install or login into the Netskope Enterprise Browser ?

A. Business Partner accounts meeting the criteria are automatically assigned the browser. An email with download links and setup instructions is sent to their company email address.

Q. Which all applications are accessible through the Netskope Enterprise Browser ?

A. Any SaaS application that is accessible from the Okta Dashboard.

Q. How to access SAP GUI through the Netskope Enterprise Browser ?

A. If Business Partners dont have access then the Sponsor should submit a VMware Horizon Access request on behalf of the Business Partner to assign them to Oomnitza Horizon.

Q. How to do remote access (RDP/SSH) to internal systems through the Netskope Enterprise Browser ?

A. Sponsor should submit a VMware Horizon Access request on behalf of the Business Partner to assign them to Oomnitza Horizon.

Q. I am facing issue while opening the Netskope Enterprise Browser ?

A. Business Partner creates a Fresh Service incident and needs to specify that they are using the Enterprise Browser as well as the nature of the issue.

Q. I need access to the Netskope console.

A. Sponsor should submit a Service Request - GIS Eng Netskope - Request.

Q. I want to ask some questions to the Netskope team ?

A. Sponsor should submit a Service Request - GIS Eng Netskope - Request

Q. I am unable to open website on the Netskope Enterprise Browser. Error "Blocked Website" ?

A. Sponsor/User submits a Firewall URL Exception Request. The user must indicate that the Enterprise Browser is the source of the block.