Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Content
Disabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards
Terraform vSocket 2-NIC Module issues
We are in the process of deploying a 2 NIC vSocket cluster in Azure with Terraform. In doing so, we have encountered hurdles, some of which have been solved by a newly published terraform module from cato: https://github.com/catonetworks/terraform-cato-vsocket-azure-ha-vnet-2nic/ However, there is no 2-Nic module that only deploys the VSockets without deploying additional resources. The current 2-NIC module does not allow resource groups or VNETs to be created, but other resources such as subnets, public IP, interfaces, NSG, routing tables etc. are still created. This means that we have to take the module apart and adapt it to our requirements. However, we would like to be able to fall back on a standard module from CATO and not maintain a customized module. Interestingly, this module is already available for the 3-NIC Solution: https://github.com/catonetworks/terraform-cato-vsocket-azure/blob/main/main.tf (Standalone) https://github.com/catonetworks/terraform-cato-vsocket-azure-ha/blob/main/main.tf (HA) What we need is a 2-NIC module, which is analogous to the above without additional Azure resources deployed. Furthermore, the 2-NIC module also limits which options can be used for the azurerm_linux_virtual_machine resource. The following options are missing: - Naming Convention (the option to use completely custom names for the vSockets) - Use of availability zones Is there any information on whether and when something like this is coming?
Potential for abuse of the password reset link with https://cc2.catonetworks.com/forgotAdminPassword
Hi, This is Cato Lab from South Korea. Our customer raised a question. Is there any way to prevent malicious actors from repeatedly entering an email address to trigger password reset emails, potentially spamming or annoying administrators? Their concern is that someone could misuse the reset link mechanism to repeatedly send reset emails, causing inconvenience to the administrators or account owners. Does Cato have any existing protections or recommended best practices to mitigate this type of abuse? It will be really helpful if you guys know any type of protection behavior for administrators regarding using this webpage. Thanks, Best Regards, Cato Lab.
Defender for Identity - VPN Integration
Hi, We frequently get false positives from Microsoft Defender for Identity because it's unable to map the IP address Cato assigns a remote user with their laptop hostname. I guess our on prem Microsoft sensors are unaware of the Cato client range. I think the only way to fix it is to send RADIUS accounting events from Cato to the Microsoft sensor, but I don't think this can be done? https://learn.microsoft.com/en-us/defender-for-identity/vpn-integration
Error when attempting to add pooled license to site via Terraform
Hi, I'm trying to use the new cato_license resource in terraform to automatically add license to a site from our pooled license, but I'm getting the following error message. While investigating, I ran an API call to show all our licenses and noticed that our pooled licenses have an ID of "null" is this perhaps an issue with my licenses?
Microsoft Defender for Endpoint alerts no longer showing in Stories Workbench
I'm seeking advice regarding the integration between Cato XDR and Microsoft Defender for Endpoint (MDE). Previously, MDE alerts were being displayed correctly in Cato XDR (Home > Stories Workbench), but since yesterday, new incidents detected in MDE are no longer appearing in XDR. Below is the current status of our investigation: When an incident occurs on a device, it is properly detected and displayed in MDE. The integration with MDE was successfully completed, and the corresponding application in Entra ID has been granted the following application permissions with admin consent: SecurityAlert.Read.All SecurityIncident.Read.All ThreatHunting.Read.All User.Read (delegated) User.Read.All (application) In Microsoft Entra ID, the Sign-in logs show that all sign-ins by the service principal are marked as "successful." We tried deleting "Microsoft Defender" once from Security > Endpoint Connector and re-integrating it, but the alerts still do not appear in XDR. I would greatly appreciate any advice or insights to help resolve this issue. Thank you very much in advance.
