Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Content
Minimize the Windows ZTNA client when it starts
Have you ever wanted to minimize the windows ZTNA client when it start up? Just add a registry key under: Path: HKEY_CURRENT_USER\Software\CatoNetworksVPN Key: start_minimized Value: 1 (DWORD) Restart the service CatoNetworksVPNService and the setting will be applied. That's it! Enjoy!
Clients get Cato cloud DHCP leases on the wrong subnet range vlan
Looking for a solution to our wireless clients getting DHCP leases on the wrong subnet / range / vlan. Some of our clients getting Cato cloud DHCP leases on the same subnet as the access points on trunk native VLAN. VLAN is native VLAN on truk between access points and switches.Cato Connect Recognition – Ranks
Ranks are a way for you to be able to see a Cato Connect member’s role and activity while also celebrating your own accomplishments. Ranks progress as a member becomes more active and helpful on the community and are visible throughout Cato Connect. We also use ranks to keep an eye out for the most passionate and active members so we can recognize them throughout the community and within Cato Networks. Where do the ranks appear? You can find the ranks under a member’s name on their profile: Or next to their names on posts: List of Ranks: Wondering where you are on the ladder of ranks? Here’s a list of our current ranks. Note: On September 12, 2025, we changed the rank names to be more in theme with our community and make more sense in sequence. Level Rank Name 1 Just Arrived 2 Looking Around 3 Settling In 4 Hanging Out 5 Here to Stay 6 Here for Good 7 Joining the Conversation 8 Making Connections 9 Staying Involved 10 Finding a Voice 11 Getting Noticed 12 Building Trust 13 Adding Value 14 Making an Impact 15 Role Model 16 Building a Brand 17 Community Star 18 Big Deal Around Here 19 Legend in the Making 20 Local Hero Cool right? And while the names and the ranking order are public, how you move from rank to rank will remain a mystery (it adds to the fun, trust me). You’ll get an email as you reach a new rank, and we’d love to see you back and rising through these and forcing us to create even more. Stay SASE
Azure Virtual Desktop - Always on policy
Hello! What is best practise for implementing the always on policy for Windows 11 VMs (hybrid domain joined). At the moment if a user session expires the Cato tunnel seems to break. The AVD shows as unavailable in Azure and the user is no longer able to login. Only workaround so far is using the serial console to disable the Cato network adapter or uninstall Cato altogether. Is there a way for the session to still expire while making the domain and other prerequisite AVD features still accessible? Thanks!How to Uninstall Windows Cato SDP Client Remotely?
Use case: Manual uninstall is only required occasionally. You as an IT desktop admin want to uninstall Cato SDP Client remotely. A typical use case is if your company portal has a different version than what is installed on the user device. Cato client would auto upgrade to higher version. In order to downgrade you will need to uninstall the existing installation first. Prerequisite: Admin privilege on the system you are uninstalling the client on How To? Launch command prompt using privileged mode and then issue following command [screenshot example on Windows 11 attached] or simply execute this command remotely to the system: \Windows\System32\wmic product where name=“Cato Client" call uninstall
Tenant Restriction for Box
Hi Community, I would like to use the tenant restriction feature in CASB to limit Box access to specific tenants. https://support.catonetworks.com/hc/en-us/articles/24373653275165-Managing-Tenant-Restrictions-for-SaaS-Apps After checking Box's public documentation, I could not find information on the parameters to insert into the HTTP headers. Are there anyone using tenant restrictions for Box?
IPSec Tunnel Active-Active Configuration Packet Loss Issue
Hi All, We configured with IPSec Tunnel Active-Active Configuration but we are facing packet loss post Active-Active configuration on IPSec and forced to work on Active- Passive configuration which results in not using both links in the branch. We are using 2 Network links in the Branch and we have Fortinet SDWAN at Branch and IPSec tunnel is created to route all internet to Cato PoP . We are trying to leverage "Multiple Active Tunnels for IPsec Sites "
