Recent Content
CATO always on
Hi, I am currently deploying Cato across my entire organization, transitioning from Fortinet’s VPN platform to Cato’s ZTNA. We are enabling Always On to enforce the use of Cato for all users. However, this feature requires an initial login from the user. How can I force an end user (who does not use any sensitive company services but still needs enforcement as part of ZTNA) to complete the initial login to the Cato Client? Since we are rolling this out company-wide, I do not want to enforce it for all users, but rather for a specific group. Is there an option to do that? Thanks!
Does the Cato API support batch submissions?
I'm looking to add over 200 DHCP reservations to one of our sites. Does the API support batch submissions in the following format or do I need to include the 'accountId" and 'siteId' lines for each host? [ { "accountId": "123456", "siteId": "78910", "input": { "name": "Host1", "ip": "192.168.1.10", "macAddress": "00:1A:2B:3C:4D:5E" } }, { "input": { "name": "Host2", "ip": "192.168.1.11", "macAddress": "00:1A:2B:3C:4D:5F" } } ]Bypass L7 from socket device
Hi community, Like the “Exclude Applications from Split Tunnel Policy Rules” available from the SDP client, is this functionality available from the socket ? Many customers have lot of teams and outlook traffic and need to bypass it directly from the socket. Many reasons for that (improve performance and save bandwitdh to the Cato Cloud) The actual bypass (from/to) IP is not usable for teams and outlook traffic. Thanks
Device Posture-Real Time Protection
I noticed a couple of items in the Device Posture>Device Checks>Anti-Malware section today that I was wanting to bring up. 1. Real Time Protection Enablement Realtime protection is not able to be selected when you have "Any" selected as the Vendor (grayed out in the screenshot shown below): However, if you end up Defining a Vendor and Product, and then revert your Vendor selection back to "Any," Real Time Protection can be enabled (see screenshot below once reverting Vendor back to "Any"): Question Does this mean that Real Time Protection cannot be assessed if you have the "Any" vendor selection, and I just happened to find a bug that allows me to check,....OR....am I supposed to be able to select Real Time Protection when the Vendor selection is set to "Any"? 2. Real Time Protection Definition When reviewing CATO documentation on Device Checks using the following URL: Creating Device Posture Profiles and Device Checks – Cato Learning Center The following is listed: This reads like it is mentioning the frequency that the Client is checking the device for Anti-Malware criteria checks and not that the installed Anti-Malware solution has Real Time Protection enabled. Can I get confirmation that by enabling Real Time Protection in the Anti-Malware device check, this is actually verifying that the installed solution has Real Time Protection configured?
DHCP option to assign Cisco Wireless Controller
Hi Community, We have some sites that I'm trying to set a DHCP option to assign the controller IP to cisco 9105. I have a vendor rule on the AP's that get DHCP from our Microsoft DHCP servers. Was just curious if anyone has configured an option that works through Cato DHCP? Thank you.
How do you make an API request that lists IP address of LAN and WAN interfaces ?
I need to retrieve several pieces of information using API requests : - full list of IP ranges for LAN interfaces (type : Native, VLAN, Routed) [screenshot] - IP addresses of the WAN interfaces (socket IP) In the "entityLookUp" request, I can only find the site's native IP address (VLAN, Routed?) and in the "accountSnapshot" request, there is no internal address. Thank for your time
Cloning Firewall rules
Ever notice how Cato defaults are not Cato best practices. I have a preferred layout for Internet Firewall and WAN Firewall rules. I have them in multiple sections for business rules and best practice rules. I am wanting to created a pristine template that I can apply to a new tenant that sets up all of my preferences. I am pretty fluent with Postman and python. Any bread crumbs or ideas on how to back up the Internet Rules from one tenant and push them in to a net new tenant? Any ideas are greatly appreciated. Thanks, BrianHow To Get All users Regardless Of Current Connection Status
I am trying to retrieve a list of all users including their last connected datetime, which doesnt seem to be included in the results for entity lookup. I do get this field from accountSnapshot, but that only returns a list of users that are currently connected, I need all of them. I am trying to retrieve all user ids via entity lookup and then pass them to the accountSnapshot since you can get non connected users by specifying their ids. Anyonehave any suggestions on how to adjust my query? I am working in C#/DotnetGet Started on Cato Connect
It’s good to have you here. Cato Connect is your space to connect with peers, share insights, and get the most out of your Cato experience. Whether you're here to ask a question, share best practices, propose ideas, or stay up to date with events, you’re in the right place. Where to first? 🔹 Log in – Click “Sign in” at the top right and use your Cato Networks credentials to access all community features. 🔹 Explore the Spaces – We’ve organized the community into three key areas to help you find what you need: Cato Cloud – Discussions, best practices, and information regarding Cato and SASE API – Questions and Answers and information from API experts Community Help – Cato Connect community-specific questions and information. Customer-Only Access As a Cato customer, you’ll have exclusive access to certain areas of the community. Once logged in, you’ll see customer-only discussions and resources designed just for you. Idea Hub – Come explore ideas that other customers have suggested, or bring up topics of your own to help improve Cato Networks. Customer Event Calendar – Come see what’s happening around Cato and sign up for any webinars or events we have coming up. How to Engage ✅ Jump into a discussion or ask a question in any of the Discussions areas. ✅ Follow any spaces that you would like to receive notifications for. ✅ Change your avatar and personalize your settings to get exactly what you want. Check out our Community Help area for more guides – feel free to request any additional documentations via the discussions area. 💡 Need help? If you have any issues logging in or navigating the community, feel free to reach out to the Community team at community@catonetworks.com. We’re excited to build this community with you – let’s get started! 🚀
API Request to get all SDP users
Hi everyone, I'm trying to get all users within my Cato platform. Like in Access > Users when you select SDP Users Activity. I cannot find any direct way to do it, maybe i'm missing something ? I tried with AccountSnapshot but here you can only find connected users, it is also stated that if I want users that are offline I need to specify the ID, is it the only way to do it ? Thanks, Billy
