Recent Content
CATO client vpn
Hello! I'm a new CATO client user and admin. We want that our users to be always on vpn but i found that if i reboot my laptop and log in, i'm able to go on the internet (Office 365) while my CATO Client is still trying to connect. Everyone have always-on enabled Can we do someting that the user must be on vpn before going on the web? Thanks a lot!
How do I filter AccountSnapshot by site?
Hy everyone, I'm trying to filter the ‘AccountSnapshot’ results by site. I'm trying to use the ‘siteIDs’ field to target a site. I tried using the IDs in "AccountSnapshot > sites > id" but it's failed. However, all the IDs I've used don't work. Do you know what GraphicQL query I can use to find this ‘siteIDs’? Thank for your timeIs It Okay to Apply Double TLS Inspection?
I am considering connecting a Cato PoP and an on-premises firewall via IPSec while applying TLS Inspection on both sides. Could this setup cause any issues with communication functionality? Some security products do not necessarily discourage double TLS Inspection, while others may advise against it. However, I could not find any reference to this in Cato's Knowledge Base. If anyone has experience operating with a similar configuration, I would appreciate it if you could share any insights on how it works in practice and any issues to be aware of.
Email alert when a domain is no longer accessible
We have a custom application configured with a set of FQDNs and a handful of destination IP's. Recently, one of the domains resolved to an IP that wasn't included in the application rule, preventing access to the domain. Is there a way to send an email alert when traffic to an allowed domain no longer makes it through? Something similar to Link Health Rule for destination IPs/Domains?
Auto disabling of "Secured Private Access" when user in office
In Cato, there is "Cato Connectivity Policy" wherein we can either allow "Allow Internet" or "Allow WAN and Internet" or "Block". We have MPLS in our offices and we wants to have only SWG i.e "Allow Internet" when user is in office so that internal applications go through MPLS and only internet traffic goes through Cato but when same user goes out of office than automatically both Internet and WAN traffic should go through the Cato. We had similar arrangement when we were with Netskope. In Netskope, there is a feature called “Enabling Dynamic Steering” [Refer https://docs.netskope.com/en/enabling-dynamic-steering/] wherein we could decide if users is “On-Premise” then what all traffic needs to be steered to Netskope and whether Private access needs to be enabled or not or only internet traffic is need to be steered. Can this be achieved in similar fashion ?
EC2 Instance size selection for use with vSocket.
Hi all, Is there any guideline on selecting the EC2 Instance size for use with vSocket? According to the following KB article, the supported instance sizes are listed. KB:https://support.catonetworks.com/hc/en-us/articles/16150140007069-Deploying-a-vSocket-Site-from-the-AWS-Marketplace However, there is no guide on which instance to select. I would be grateful if there was a guidance such as "Use t3.large for up to 100Mbps." Thank you. Yoshihiro ToyomasuCan the User Awareness feature be used simultaneously with the SRT?
Can the User Awareness be used simultaneously with the SRT (Static Range Translation) ? I have the following concerns: When the Identity Agent reports sets of IP address and username to CatoCloud, the IP address should not be translated, so the user can not be recognized correctly. Similarly, with AD Query, will there be a discrepancy between the IP address authenticated by AD (a translated value in major cases) and the IP recognized by CatoCloud? regards, Yoshihiro Toyomasu
