Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Content
Cato Rapid7 SIEM API Integration
Followed the configuration steps in the links below, but laid an egg. I mean, the integration still isn’t working https://support.catonetworks.com/hc/en-us/articles/13975273800733-Cato-Data-Third-Party-Supported-Integrations https://docs.rapid7.com/insightidr/cato-networks/ I’ve opened tickets with both Cato and Rapid7 since each points to the other as the root cause. It’s turning into a real whodunit, fun and frustrating at the same time. If anyone has already solved this mystery, please share any insights.
Terraform: IPsec site creation with Responder-only and destination type FQDN possible?
Hi, see subject. When trying to setup an ipsec site (IKEv2) in responder only mode and with destination type FQDN for primary and secondary tunnel, terraform (in fact opentofu), gives this error: │ Error: Cato API error in SiteAddIpsecIkeV2SiteTunnels │ │ with cato_ipsec_site.Vienna, │ on main.tf line 73, in resource "cato_ipsec_site" "Vienna": │ 73: resource "cato_ipsec_site" "Vienna" { │ │ {"networkErrors":{"code":422,"message":"Response body {\"errors\":[{\"message\":\"input: │ variable.updateIpsecIkeV2SiteTunnelsInput.primary.tunnels[0].tunnelId is not a valid │ IPSecV2InterfaceId\",\"path\":[\"variable\",\"updateIpsecIkeV2SiteTunnelsInput\",\"primary\",\"tunnels\",0,\"tunnelId\"]}],\"data\":null}"},"graphqlErrors":[{"message":"input: │ variable.updateIpsecIkeV2SiteTunnelsInput.primary.tunnels[0].tunnelId is not a valid │ IPSecV2InterfaceId","path":["variable","updateIpsecIkeV2SiteTunnelsInput","primary","tunnels",0,"tunnelId"]}]} ╵ That appears when adding the "tunnels" section. Without that section, a deployment if possible. Obviously, the tunnels section is required. --------------------snip-------------------- connection_mode = "RESPONDER_ONLY" identification_type = "IPV4" primary = { destination_type = "FQDN" tunnels = [ { public_site_ip = "10.10.10.10" psk = "abcABC1234567!!" //last_mile_bw = { //downstream = 10 //upstream = 10 } ] } ---------------snap------------------------------------- Is that supported with the terraform provider currently? Thanks, Christian
SDP Users - IPV6
Hi all, We have two users, both located in Germany at the moment for holidays, who can't connect using the Cato SDP client. They get an error about the Device Posture. However, when they switch to a mobile hotspot, it will connect fine, so it's not the device posture checks? The only thing I've noticed is that both clients are getting a IPV6 address from their broadband router. In the Cato Event log I can see their device IP is a 169.254.x.x address when they try and connect and are blocked. I just wanted to check if a IPV6 address could cause an issue like this or if there's some extra config we need to do.
Events Filtering
Good day, I had been trying to use the catocli to pull events based on destination IP addresses and it only return 1 event, while I can see multiple matching events within the same time frame in CATO portal. I wonder if anyone had come across similar problem and had found a solution to it json query { "eventsDimension": [ { "fieldName": "dest_ip" } ], "eventsFilter": [ { "fieldName": "dest_ip", "operator": "is", "values": "5******8" } ], "eventsMeasure": [ { "aggType": "any", "fieldName": "action" }, { "aggType": "any", "fieldName": "src_ip" }, { "aggType": "any", "fieldName": "src_port" }, { "aggType": "any", "fieldName": "subnet_name" }, { "aggType": "any", "fieldName": "dest_ip" }, { "aggType": "any", "fieldName": "dest_port" } ], "eventsSort": [ { "fieldName": "action", "order": "asc" } ], "timeFrame": "last.P14D" } catocli command catocli query eventsFeed "json input from variable column" Response { "data": { "events": { "from": "2025-12-09T09:00:00Z", "id": "*******", "records": [ { "fieldsMap": { "action": "Monitor", "dest_ip": "************", "dest_port": "****", "src_ip": "*******", "src_port": "*****", "subnet_name": "**********" }, "fieldsUnitTypes": [ "none", "none", "none", "none", "none", "none" ], "flatFields": [ [ "action", "Monitor" ], [ "dest_ip", "****************" ], [ "dest_port", "************" ], [ "src_ip", "**************" ], [ "src_port", "***********" ], [ "subnet_name", "***************" ] ], "prevTimeFrame": null, "trends": null } ], "to": "2025-12-23T10:00:00Z", "total": 1, "totals": { "action": "********", "dest_ip": *****, "dest_port": *****, "src_ip": "********", "src_port": ****, "subnet_name": "***********" } } } } If anyone have any ideas, do kindly share. Thanks vm.Degraded Sockets in High Availability
I have multiple customers that have a LTE sim card just for the main socket. This will have the sockets identify asymmetric WAN connections causing the DEGRADED alert. What can I do to disable the DEGRADED alarm from the site? could it be possible to disable the interfaces so the asymmetric connections don't show as alarmed?December 2025 Winner - @Nath
3 MIN READ Congratulations to Nath for winning the Cato SWIFT award for community excellence and achievement for December 2025! Name and Job Title Nathan, Network Engineer How long have you been in IT/Software/Cybersecurity? I’ve been working in IT for just over seven years, building up experience across networking, security, and infrastructure. Most of that time has been focused on enterprise network operations and secure connectivity. What’s your favorite part of your job right now? The favourite part of my job is implementing new Cato features, especially when they’re ones we’ve been waiting for via the roadmap, or that originated from our own feature requests (there's been a few!). It’s always satisfying to see those improvements come to life and make a real impact in production. How long have you worked with Cato? I’ve worked with Cato for around four and a half years. I was involved in the initial selection of Cato as our SD-WAN/SASE vendor and played a key role in implementing the migration. Since then, I’ve continued to stay hands-on with the platform through operations, feature testing, and early access programs. What is the number one thing Cato has helped you achieve? Cato has given us a true single pane of glass for managing our network and security policies. Users now get a consistent experience wherever they connect from, with the same policies applied globally. It’s brought real consistency and simplification across the environment, and troubleshooting issues is now much quicker and easier. We still get the occasional incident that initially stumps up - but MTTR is significantly less) What do you want to see more of on the Cato Connect Community? I’d love to see more technical deep-dives and interactive sessions around upcoming features — for example, workshops where Cato shares what’s on the roadmap and customers can give input on how those features might impact their environments or influence GUI design. Real-world deployment stories or troubleshooting case studies from other customers would also be great to learn from - especially because there are so many legacy topologies out there that necessitate a different migration approach than which was necessary for us. What do you do for fun when you’re not working? I recently completed a part-time Masters degree in Advanced Networking, which was challenging but really rewarding. Outside of that, I’m a bodybuilder and train in the gym around six times a week — it’s a big part of my lifestyle. I also enjoy playing the piano as a creative outlet away from work and training. Any other comments/stories/anything else you’d like to say? I’ve really enjoyed being on the Cato journey. As a customer, we joined around four and a half years ago, and the progress since then has been incredible. Big shout-out to the Cato Support team — they’re phenomenal. Always responsive, helpful, and quick to get issues escalated to the right team and resolved promptly. Thank you so much for being such a big part of our Cato Connect Community journey! We appreciate you and enjoy watching you learn and grow on Cato Connect and beyond :)
User group specified reports
We need to schedule a daily report for users who log in from a specific user group. The report should capture all users who have logged in on a daily basis from the identified group. Kindly confirm the feasibility and share the steps or requirements to enable this reporting. Additionally, while exporting the overall users list, the respective user group details should also be included in the report. Kindly confirm the feasibility and share the required steps or prerequisites to enable this.
