Recent Content
Use Case: Block Youtube category but allow some specific youtube video ID(full path url)
Hi All, I am exploring the way to block all youtube but allow some specific youtube video id. The full path url is configured in Application Control policy with action allow and the youtube category is block in Internet Firewall policy. It is not working because application control only take effect with the traffic is allowed in Internet Firewall policy. FYI, full path url is not configureable in Internet Firewall policy. Appreciate if anyone from community can give some ideas. Thanks.
unable to block windows update
My network is getting choked as more than 2 TB download has happened in last 2 weeks. I want to block windows update so that the network is not choked due to auto windows update. I even created Internet Firewall Policy to block Application "windows update" and also added all domains/FQDN used for windows update but still the same is getting downloaded. Though I can see block action in most of the events but looks Cato has defined "Windows update" application under various categories like "Business Systems", "Software Updates", "General", " Computers and Technology". Please let me know how to block complete windows update for all so that there is no data downloaded for the same as already all my users are facing slowness in accessing any web URLs and looks this as of the reasons.
Cato API with Gradio
Hello, During the "AMA about Cato API" webinar, you presented a demo of API usages with Gradio. Will you eventually share the code examples that you used to make these dashboards ? I would like to reproduce something similar (hit rules, detected applications by rules..) Regards, PierreAPI get statut Topology
Hello Cato team, I am looking for a solution to monitor certain statuses on your API. The objective is to obtain the status and counter "Connected," "Degraded," or "Disconnected" present in the topology. I am looking for the URL request that can provide this. For better understanding of the reason for this request, I use a ticketing tool that can make API requests. I use this to check the API statuses, and based on the results, open ITSM tickets. Thank for you timeHey, Robin! I currently use Okta to manage my users. How complicated is this to set up with Cato?
You know those situations where someone asks you a question, and you think to yourself "this is something that's going to be asked multiple times?" Yeah, this is one of them. While I was talking with a future Cato Customer, they asked a simple question about how difficult it would be to provision their users with SCIM into the Cato Management Application. Naturally they were hesitant (as this can be a mammoth task with many vendors), but with us, it's a pretty light-lift. Being the egotistical buffoon I am, I thought to record a video in a dimly lit hotel room. Of course we have fantastic product documentation that explains this procedure in detail, but some people are visual learners who want to see the 'final product' instead of the steps along the way. Remember, 5 hours of troubleshooting can often save you 10 minutes of reading the documentation 😀
Robin_Johns3 days agoCato Employee
Need help with prelogin Intune deployment
Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. So it gets deployed to them, they turn it on and it autopilots from there. The cato sdp client is being deployed with patchmypc and has a script in place with that for the required registry keys. The certificates are being deployed inside of a win32 intune win file with a script to install the certificate. Script for the certificate: yes it is password protected pfx file. (We do not have a certificate authority. (This did work for prelogin on my device.) Import-PfxCertificate -FilePath .\Catoprelogin.pfx -Password (ConvertTo-SecureString -String 'mypassword' -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My All of this was successfully installed, what could I be missing? The certificate is an SSL certificate and I confirmed that it worked prior to the autopilot on my personal work computer without autopiloting it. DOES ANYONE HAVE ADVICE OR SUGGESTIONS ON HOW TO SETUP THE INTUNE AUTOPILOT PROFILE, ENROLLMENT STATUS PAGE, OR ANY OF THE ABOVE TO MAKE THIS WORK? WHETHER IT IS DEPLOYING THE CERT A DIFFERENT WAY OR DEPLOYING THE CERTIFICATE WITH THE CATO CLIENT APPLICATION INSTALL. Thanks,All members of group is not syncing from Azure AD
Recently we integrated CMA with our Azure AD and synced 3 groups. But some users started reporting that they are not able to login to SDP login and when we did analysis, we found that those users were not reflecting in CMA users and groups module, however at same time, I checked my Azure AD under Enterprise Applications for Cato Networks, I found those users are member of the group which we have synced with CMA. Now there are almost 100 users who are present in the group at Azure AD but same are not reflecting in CMA due to which I am unable to provide access to SDP client. Pls suggest what to do?Restricting traffic to PoP based out of the country
One peculiar thing I am noticing that traffic goes to outside country when there is 2 POP location based out of India. I want to restrict traffic going outside my country boundary as then it raises multiple queries from regulator. Is there anyway to restrict or prefer POP of my country only unless user is traveling outside country. I have both site as well as SDP users . One network rule has been created to NAT egress traffic for specific application but what will happen if user is connected to PoP outside India.
