Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Content
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
TLS Inspection and RBI
Hello, I'm new on Cato Cloud and I don't understand the behavior of the Security feature... I have created a local SDP user and assigned it a license, I'm able to connect to the tenant through the client. I've enabled the Internet Firewall, TLS inspection and RBI : Split tunneling is not enabled. I just wanted to test RBI, all other internet traffic is blocked : But when I access https://rbicheck.com which is an uncategorised website, sometimes the site isn't isolated at all like in the simulator, the automatic download is done and the certificate isn't replaced. And sometimes, the website is blocked like any other website : I don't know if I'm missing something, I understood that the changes I make on the CMA takes a few minutes to be acknowledged, the logs aren't helping me... I would be very thankful if someone could help me
Account Access Request's mutation API
Hi everyone, The new account access request method enables us to manage permissions flexibly, but has also complicated the workflow. Manually requesting permissions for multiple support members and order members when an account is created is a significant burden. We are considering whether this could be simplified using the API, but we have not found any relevant commands. Have these been implemented, or being planning? Thank you,How can I ping or perform health checks on the Cato Socket's WAN interface from the public internet?
We’d like to monitor WAN availability externally (e.g., via public ping or other health check methods). Is there a supported way to reach and test the Socket’s WAN interface from outside the Cato network?Cato Connect Event: AMA with Professional Services
Ever wish you could get direct time with the experts? On June 3rd, 2025 at 11:00 AM EDT, you’ll get just that — a live AMA with two of our Principal Consultants from the Cato Professional Services team. We’ll cover topics like: Designing and implementing a CMA deployment Best practices we’ve seen across real-world environments Your questions — seriously, bring them Here’s how to get the most out of it: Go here to find the registration link and get the calendar invite and join us live (must be logged in to Cato Connect to view the registration link) Post your questions below in the comments — we’ll answer pre-submitted ones first, before tackling live chat during the session + See a question you like? Give it a “like” to help it rise to the top Note: We won’t be able to look at specific CMA instances — demos will be done using internal environments. That’s it — register, post your questions, and we’ll see you there! Presenters: Principal Consultant Professional Services, Italy Principal Consultant Professional Services, USA If you run into any issues, @mention me or email us at community@catonetworks.comHey Siri.... Find me these Cato events....... AI Powered Natural Language Search.
Imagine as a SASE admin (already busy hunting critical threats and protecting your org from on-prem and cloud threats) how much you would hate if you have to write complex queries for simple searches? No one more Yet another query language please! But this is how our competitors did it by making you learn their syntax and their version of Regex to find events. For a simple search to find all traffic to 'google' and 'microsoft' or all phishing URLs why does it have to be so difficult? We took a radically innovative approach to finding results- very close to Apple's 'Hey Siri'! We have now made it even better with our innovative AI powered Natural Language Search feature. Simply click the magnifying glass on far right and write your queries in your own words. Sure you can use our filters and presets (check out my previous article on custom presets) but cool yeh? Where: Event Monitoring > Far right magnifying glass (note the far right magnifying glass icon in the screenshot on the top) NLS ability is now extended to Audit Logs as well! [If it isn't already, contact your Cato Networks representative if you would like this feature enabled in your account] Key Features of AI powered NLS: Uses everyday language to find relevant data Translates natural language queries into specific filters Automatically formats table results to show relevant columns Example Queries Show me all RDP blocked traffic Show me all DNS traffic Show me Internet firewall security events from phishing category URLs Show recent security incidents and alerts related to application vulnerabilities Show me security alerts where data was sent from computer 10.0.0.1 to 10.0.0.2 Power of Cato powered networks! Explore more: https://support.catonetworks.com/hc/en-us/articles/21585563225757-Filtering-Events-with-Natural-Language-Search PS: 'Hey Siri' or other products mentioned here are trademarks of Apple or their respective vendors.
Updating resource group names
I have noticed that if I go to Resources > Groups and change a group's name, that changed group name does not reflect in any firewall rules that reference that group. For instance, I create a group named group_1. I create an Internet Firewall rule with group_1 as the source. If I go back to and change the name of the group to group_one, the group name group_1 is still listed as the source in the Internet Firewall rule (it seems like it should update to group_one when he group's name is changed). If I change a group name that is referenced in a firewall rule, do I need to manually update the group reference in the firewall rule? If not, how long does it usually take for a firewall rule to update it's group name if the group name changes?
