Recent Content
Cato Product Rewind
Join us for Product Rewind, a fast-paced monthly webinar where we break down the most compelling product updates from March 2025. See the latest innovations in action with live demos and get practical insights on how these updates can enhance your experience. Register now in Cato Academy: https://academy.catonetworks.com/product-monthly-rewind-march-2025
API for LDAP Sync
Hi, Team. We have checked the KB and API documents and there are only two ways to sync LDAP users which is through Daily Sync feature and 'Sync Now' button. We have asked to Cato Support that if there is a way to automatically sync in defined minutes or hours. (ex. set 5 minutes to automatically sync LDAP users) The response was we have to RFE for that feature. Then I asked them if there is API for LDAP Sync and they lead me to here. So, currently, is there any API query for LDAP Sync we can use?
Cloning Firewall rules
Ever notice how Cato defaults are not Cato best practices. I have a preferred layout for Internet Firewall and WAN Firewall rules. I have them in multiple sections for business rules and best practice rules. I am wanting to created a pristine template that I can apply to a new tenant that sets up all of my preferences. I am pretty fluent with Postman and python. Any bread crumbs or ideas on how to back up the Internet Rules from one tenant and push them in to a net new tenant? Any ideas are greatly appreciated. Thanks, Brian
Does the Cato API support batch submissions?
I'm looking to add over 200 DHCP reservations to one of our sites. Does the API support batch submissions in the following format or do I need to include the 'accountId" and 'siteId' lines for each host? [ { "accountId": "123456", "siteId": "78910", "input": { "name": "Host1", "ip": "192.168.1.10", "macAddress": "00:1A:2B:3C:4D:5E" } }, { "input": { "name": "Host2", "ip": "192.168.1.11", "macAddress": "00:1A:2B:3C:4D:5F" } } ]
How do you make an API request that lists IP address of LAN and WAN interfaces ?
I need to retrieve several pieces of information using API requests : - full list of IP ranges for LAN interfaces (type : Native, VLAN, Routed) [screenshot] - IP addresses of the WAN interfaces (socket IP) In the "entityLookUp" request, I can only find the site's native IP address (VLAN, Routed?) and in the "accountSnapshot" request, there is no internal address. Thank for your time
Device Posture-Real Time Protection
I noticed a couple of items in the Device Posture>Device Checks>Anti-Malware section today that I was wanting to bring up. 1. Real Time Protection Enablement Realtime protection is not able to be selected when you have "Any" selected as the Vendor (grayed out in the screenshot shown below): However, if you end up Defining a Vendor and Product, and then revert your Vendor selection back to "Any," Real Time Protection can be enabled (see screenshot below once reverting Vendor back to "Any"): Question Does this mean that Real Time Protection cannot be assessed if you have the "Any" vendor selection, and I just happened to find a bug that allows me to check,....OR....am I supposed to be able to select Real Time Protection when the Vendor selection is set to "Any"? 2. Real Time Protection Definition When reviewing CATO documentation on Device Checks using the following URL: Creating Device Posture Profiles and Device Checks – Cato Learning Center The following is listed: This reads like it is mentioning the frequency that the Client is checking the device for Anti-Malware criteria checks and not that the installed Anti-Malware solution has Real Time Protection enabled. Can I get confirmation that by enabling Real Time Protection in the Anti-Malware device check, this is actually verifying that the installed solution has Real Time Protection configured?CATO always on
Hi, I am currently deploying Cato across my entire organization, transitioning from Fortinet’s VPN platform to Cato’s ZTNA. We are enabling Always On to enforce the use of Cato for all users. However, this feature requires an initial login from the user. How can I force an end user (who does not use any sensitive company services but still needs enforcement as part of ZTNA) to complete the initial login to the Cato Client? Since we are rolling this out company-wide, I do not want to enforce it for all users, but rather for a specific group. Is there an option to do that? Thanks!
