Loading Wird geladen Cargando 正在加载 Chargement en cours 載入 Carregando 読み込み中 로드 중 Caricamento in corso Загрузка  

Sorry

Your web browser doesn't support some required capabilities.

This interactive demo works best with the latest version of Chrome, Firefox, or Safari.

Sorry

An error occurred. Please reload the page or download again from the VMware Demo Library:

For VMware partners:
www.vmware.com/go/partnerdemos

For VMware employees:
www.vmware.com/go/demos

Sorry

Visit the VMware Demo Library
to get more demos!

For VMware partners:
www.vmware.com/go/partnerdemos

For VMware employees:
www.vmware.com/go/demos

Sorry

Unable to initialize the simulation player:

This demo file may be incomplete or damaged. Please reload the page or download again from the VMware Demo Library:

For VMware partners:
www.vmware.com/go/partnerdemos

For VMware employees:
www.vmware.com/go/demos

X

This is an interactive demo

Drive it with your mouse, your finger, or just use the arrow keys.

Use Learn mode to learn the demo. The orange boxes show where to click.

Use Present mode to hide the orange boxes and notes.

Click a Shortcut to jump to a specific part of the demo.

X

This Demo will show the user how to set up NVS IPsec tunnels and service chain traffic from a VeloCloud appliance to the Netskope next Gen Secure Web Gateway.Netskope's Next Gen Secure Web Gateway delivers advanced, cloud-based web security defenses. It detects malicious activity and threats with pre-execution script analysis and heuristics, dynamic sandboxing, and machine learning anomaly detection to protect data and users as they use and traverse the web.


 

Let us start by confirming the Tunnel configurations on the Netskope end 


Login to the Netskope Portal and verify that the IPSec tunnel shows UP on the Neskope end .


Next , let us verify the Tunnel on the Velocloud end . 



Log into the VeloCloud Orchestrator. 

 

  • Navigate to Configure > Network Services. 
  • Scroll down to Non-VeloCloud Sites. 
  • Select  Netskope
  •  Name should be an alias for this tunnel. In this case, we will name it Netskope. 
  •  Type should be Generic IKEv2 Router.
  • Primary VPN Gateway should be the current IP address of your first tunnel.
  •  Secondary VPN Gateway should be the current IP address of your second tunnel.  
  •  Check additional settings  

·       Enable Tunnel(s) should be checked. 

·       Authentication should be set to None. 

·       Site Subnets should remain empty. This means that Internet access is protected by Netskope 

·       Set the Tunnel Settings for Primary VPN Gateway: 

·       PSK should be set to this Pre-Shared Key: 

·       Encryption should be set to AES 256. 

·       DH Group should be set to 2. 

·       PFS should be set to 2.

 

 

  • Set the Tunnel Settings for Secondary VPN Gateway: 

 

·       PSK should be set to this Pre-Shared Key: 

·       Encryption should be set to AES 256. 

·       DH Group should be set to 2. 

·       PFS should be set to 2. 

·       Redundant VeloCloud Cloud VPN should be unchecked 

  

  •  Click View IKE/IPsec Template to go over command-line description of your settings so far.
  • Click on Monitor.
  • Click on Netskope.

 

 

 

Let us now Configure Use case # 1 -  Web Filtering use case involving blocking Gambling sites.

 

 

 

We will follow three steps mainly to demonstrate this use case


  • Show the Policy.
  • Visit Website and show that its being blocked.
  • Show the Alert logs in SkopeIT.
  • Navigate to Policies - Inline in the Netskope portal.
  • Click on Velocloud Demo - Block Gambling category
  • Notice that the category is Gambling and the action is Block. 
  • Now open a new browser window and go to www.bet365.com.
  • We get a Non-compliant action notice.
  • Click on OK.
  • Click on SkopeIT.
  • Click on Application Events and you will see the Event blocking the Gambling website.

 

Let us now Configure Use case # 2 -  Protecting against PCI data leaking into unmanaged Cloud Apps , but allowing it for managed Cloud App instances.


 

  • Show inline policy to block PCI data by going to Cloud storage by Navigating to Policies>Inline and showing the Second Policy. 
  • Click in Velocloud Demo- Allow DLP PCI uploads
  • Notice that the Allowed App is Onedrive for business.
  • Now we will upload a file containing Credit Card numbers to Onedrive for Business.
  • We notice that the file upload succeeds.
  • Next , we will try to upload the same file to a personal Dropbox account.
  • We notice that this upload fails as per the policy.
  • Go into application events and exapand into the event with the Onedrive for business upload.
  • Click on the Expand icon.
  • Next let us verify from the logs about the Dropbox upload blocked . 
  • Click on Expand icon and verify the blocked action.

Let us now Configure Use case # 3 -  Blocking malware from infecting users via Box sync client.

  • Click on Inline within Policies. 
  • Verify the policy named as "Velocloud demo - Block malware to and from cloud storage"
  • Next attempt to move the file "Important File" to dropbox . This file contains malware . 
  • We see that this ends up in an Error. 
  • Next we will try to upload this file to Onedrive for Business and notice that this too ends up in error.
  • Next we will verify via the Application events these two blocked events.


 

Summary 


In this Demo we integrated Velocloud SD-WAN with Netskope Next Gen Cloud Web Security service. We used IPsec protocol to connect a Velocloud branch to a cloud service managed by Netskope, in order to apply Netskope's cybersecurity for branch office users. We used Netskope portal management and Velocloud Orchestrator.We verified three main use cases using this integration.

 

 

 


How likely is it that you would recommend this demo to a friend or colleague?
Not at all likely Extremely likely
Thanks, we appreciate your feedback!