Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Content
Cato Device Posture Profile problems.. What are others using?
We've been working for several weeks to setup our Device Posture Profiles (DPPs) to be used as a way to block/allow access to certain resources. Our goal was to have the Cato client check to see if the following processes were running: Microsoft Intune MDM (for Windows and Macs) Microsoft Defender ATP (for Windows and Macs) We've found all sorts of inconsistencies and problems when applying these DPPs. Many times the Cato client won't realize the process are running (even thought they are). It will detect one of the processes but not the other sometimes. Sometimes it will work after users reboot and connect to Cato other times it won't. We are confused how often the Cato client checks for the postures . We have the "Enable Advance Posture Checks" option set to 5min, but see different behavior when machines come out of Sleep mode, etc. So now we are thinking it's asking too much of the Cato client to verify Defender and Intune are actually running , So we may have to settle for verifying if they are simply "installed" on the machine (via registry entry possibly)? We would like to hear how other companies are using the Device Posture Profiles/Checks to add security to their user's access. I'm guessing most companies are just putting a Cert on the machines and looking for that to allow access to Cato? Any suggestions would be appreciated.
Always on VPN and troubleshooting connectivity issues
Hi, I wanted to check if anyone else have experienced issues with the users enabled for Always On when their SDP client can not connect. Ocasionaly we see clients can not connect showing different errors, like username not recognized, can not connect, etc. The problem is that our Zoho Assist remote management software is not available if the user laptop is not connected to Internet which it is not when using Always On. How do you guys provide support in this scenario? What we usually do is first disable Always on policy for that user and then re-install the CAto client using either local admin or service desk user account. The problem is that we need to change the passwords to those accounts after giving out to the user by phone. Basically we just need Zoho Assist client traffic to bypass Cato tunnel, we will be testing split tunnel feature and adding Zoho IPs to bypass. Curious to hear your thoughts. Thanks!URL - Category over-ride not taking effect?
Is your URL category over-ride not taking effect? When configuring firewall rules by domain you do not need to specify the subdomains. Firewall rules will even cover the subdomains if you specify a Top Level Domain e.g. "uk" would cover all the subdomains such as bbc.co.uk). Category over-ride from CMA for an domain / FQDN applies just to the that domain or FQDN. Any subdomains must be specified with its own FQDN. E.g. over-riding category for http://catonetworks.com to a category of your choice does not change the category for http://www.catonetworks.com Hope you find this helpful.Cato Connect Event: AMA with Professional Services - November 2025
Did you join our last AMA with Professional Services and want more? Did you miss the last one and have been waiting for us to drop more dates? Well your request is our command, and we are back with another event for our customers and partners. We're doing things a little differently this time: First of all, we'll be honing in on specifics around CASB and TLSi, we will even have a short demo at the beginning to help you start using, or get the most out of, your investment. (We'll still take general questions from the audience) The other change is that this time, we're offering ~*options*~ Join us on: November 4th, 2025 at 3pm HKT or November 6th, 2025 at 11am EST During this live AMAs with members of our talented Professional Services team we’ll cover topics like: The latest versions of TLSi and CASB Best practices we’ve seen across real-world environments Your questions... seriously, bring them Here’s how to get the most out of it: Register for the November 4th or November 6th meetings and get the calendar invite and join us live Post your questions below in the comments — we’ll answer pre-submitted ones first, before tackling live chat during the session + See a question you like? Give it a “like” to help it rise to the top Note: We won’t be able to look at specific CMA instances — demos will be done using internal environments. That’s it — register, post your questions, and we’ll see you there! Presenters: Steven Wong Professional Services Engineer Kushtrim Kelmendi Principal Consultant Professional Services, EMEA Martin Guerrero Commercial Sales Engineer If you run into any issues, @mention me or email us at community@catonetworks.com
Cato Client - manual PoP addressing
Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location. Not sure where this detail is stored on windows for the client, regkey or config file? Even a cato cli client with a switch to set it? I tried using fqdns as the pop name and having it resolve to a PoP IP in the hosts file, then using a script to change the hosts file entry to the desired PoP IP.... but the client cant use fqdns as the PoP to connect to :DWindows CA with Cato for Device Posture Check
I’m looking for guidance on configuring a Windows CA to issue and validate RSA certificates for device posture verification in Cato. Has anyone implemented this integration?What’s the best approach for certificate management? Should we use self-signed certificates or purchase individual device certificates from DigiCert or another vendor? If anyone has implemented this, please share the pros and cons.Python script to add or delete a network in a site
Hy, I am trying to create a Python script to delete a network from one site and create it on another site. Do you have any examples of Python scripts available to make these changes? This page https://support.catonetworks.com/hc/en-us/articles/360013823477-Example-Scripts-Using-the-Cato-API-with-Python no longer exists. Best regards, Maël JAUBERT
