Bypassing Netskope for improved performance

Method-1 (Sample Configuration): Bypassing using Custom Firewall Application


If the exception traffic destination IP address/subnet/CIDR (or) Domains, protocol (TCP, UDP) and ports are available then this method is preferable.

Important notes:

Configuration Steps:

  1. Create the Custom Firewall Application in Settings > Security Cloud Platform > TRAFFIC STEERING > App Definition with IP addresses/FQDN, Protocols (TCP, UDP) and ports

    image-1746705487809.png

    image-1746705517399.png

  2. Add the custom application to New Application exception in Settings > Security Cloud Platform > TRAFFIC STEERING > Steering Configuration page

    image-1746705612569.png


    Address
    Protocol
    Ports
    Is Bypass Required
    3.238.83.128/25, 3.251.93.0/26, 3.133.18.38/32, 3.135.139.181/32, 13.51.179.176/32, 13.228.200.40/32, 52.76.233.79/32, 52.221.167.63/32, 54.253.118.63/32, 54.253.248.99/32,
    54.253.250.85/32, 54.253.254.161/32, 54.254.43.153/32,
    165.75.5.0/24
    TCP 443,1720,1935,5060-5061,30000-50000 Yes
    "204.141.11.0/24",
    "204.141.12.0/24",
    "204.141.217.0/24"
    TCP 443, 80, 8080 No
    3.238.83.128/25, 3.251.93.0/26, 3.133.18.38/32, 3.135.139.181/32, 13.51.179.176/32, 13.228.200.40/32, 52.76.233.79/32, 52.221.167.63/32, 54.253.118.63/32, 54.253.248.99/32,
    54.253.250.85/32, 54.253.254.161/32, 54.254.43.153/32,
    165.75.5.0/24
    UDP 443,1719,5060,40000-50000 Yes
    "204.141.11.0/24",
    "204.141.12.0/24",
    "204.141.217.0/24"
    UDP 443, 80, 8080 No
    204.141.12.0/24
    3.251.93.0/26
    13.228.200.40/32
    54.254.43.153/32
    52.206.127.180/32
    34.192.154.13/32
    TCP 443, 40000-50000 Yes
    204.141.12.0/24
    3.251.93.0/26
    13.228.200.40/32
    54.254.43.153/32
    52.206.127.180/32
    34.192.154.13/32
    UDP 443, 40000-50000 Yes

Configuration Steps


We will configure GlobalMeet voice traffic bypass using Custom Firewall Application (Method-1).

  1. Create the 2 Custom Firewall Applications in Settings > Security Cloud Platform > TRAFFIC STEERING > App Definition with IP addresses/FQDN, Protocols (TCP, UDP) and ports

    Example: UDP

    image-1746706271221.png


    Example: TCP

    image-1746706331371.png


  2. Add the custom application to New Application exception in Settings > Security Cloud Platform > TRAFFIC STEERING > Steering Configuration page

    image-1746706433376.png


  3. Validate bypass location is at the client in Security Cloud Platform > Traffic Steering > Steering Configuration > Edit > Cloud, Web and Firewall > Bypass exception traffic at “Client”

    image-1746706493670.png



Revision #1
Created 8 May 2025 12:16:38 by Matt Engel
Updated 8 May 2025 12:16:54 by Matt Engel