Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Content
Cato Connect Event: AMA with Professional Services
Ever wish you could get direct time with the experts? On June 3rd, 2025 at 11:00 AM EDT, you’ll get just that — a live AMA with two of our Principal Consultants from the Cato Professional Services team. We’ll cover topics like: Designing and implementing a CMA deployment Best practices we’ve seen across real-world environments Your questions — seriously, bring them Here’s how to get the most out of it: Go here to find the registration link and get the calendar invite and join us live (must be logged in to Cato Connect to view the registration link) Post your questions below in the comments — we’ll answer pre-submitted ones first, before tackling live chat during the session + See a question you like? Give it a “like” to help it rise to the top Note: We won’t be able to look at specific CMA instances — demos will be done using internal environments. That’s it — register, post your questions, and we’ll see you there! Presenters: Principal Consultant Professional Services, Italy Principal Consultant Professional Services, USA If you run into any issues, @mention me or email us at community@catonetworks.comAnnouncement: Introducing Cato Connect's new Idea Hub
We’re excited to introduce the Idea Hub to Cato Connect! This is a space where you can share your ideas, collaborate with fellow members, and vote on suggestions that resonate with you. What is the Idea Hub? The Idea Hub is a forum for brainstorming and discussing ideas that could enhance our products, services, or overall customer experience. Explain your use-case and issue in detail so your fellow Cato Connect members can expound on the idea or even share workaround or solutions. By voting and commenting, we can surface the ideas that are truly important to our community with context and relevant use cases and examples. What happens once an idea is created? The Idea Hub is the beginning of a journey - a starting point for a discussion. Once you have submitted an idea to the Idea Hub, your fellow Cato Connect members will vote and comment on the idea. Perhaps they might even offer a solution or a workaround, or point you to another idea in the Hub about a similar problem to the one you noticed. Each comment and vote creates a more robust story for the Cato Networks Team to discuss, so don't skimp on the details. How Does It Differ from RFEs (Requests for Enhancements)? Idea Hub: A collaborative space for discussion, exploration, and voting on ideas. It’s designed to capture a wide range of feedback and innovation. RFEs: A formal process for submitting specific, detailed enhancement requests - opened by Cato Networks Employees on behalf of customers in certain circumstances. By keeping these two processes separate, we ensure that both can operate effectively to meet your needs. Further FAQs can be found here. Thank you for contributing to this new initiative! We can’t wait to see your creativity and insights in action. Stay SASE - Your Cato Networks Team
X1700 Sockets running 22.0.19219 breaks HA
More of a caution, over the weekend we upgraded our sockets to 22.0.19219. No issues with our X1500's but sites running X1700's in an HA pair caused us some trouble. The HA keepalive no longer works, which was causing traffic to switch between Primary and Secondary sockets. Both sockets are showing as master. Engineering has discovered the root cause and are working on new version of the firmware, but wanted to let you all know in cause you plan to upgrade soon. Sockets can't reach each other via IP, but both sockets are pingable from other devices on the network.
Area for users to submit and vote for RFEs
Currently the only option to submit an RFE is to contact CATO representative by email and answer a set of template questions. With this method, different users are not aware of RFEs already opened, their status etc. and it is likely they submit similar or the same ideas independently. I would recommend to create an area in this community portal to submit RFEs, review the ones already opened by others and maybe vote for the ones you appreciate. Vote results could be a way for CATO Team to understand what are the needs and expectations of the customers, and maybe prioritize some RFEs over another. RFEs submitted by users could go through a review/approval process first, so CATO Team checks if something similar was already created in the past (to avoid duplicates) or if provided description is complete and enough to start the process.
What's new at Cato? 25th November 2024
"Hey Robin, what's new at Cato Networks this week?" Great question, have a sub-1 minute video giving you a digest of the latest and greatest. Naturally, you can find a full list on our Knowledge Base here:https://support.catonetworks.com/hc/en-us/articles/23222708288157-Product-Update-November-25-2024 Don't forget - it's Thanksgiving in the US this Thursday, so let's reflect on the things we're thankful for: 1) Cato's rapid product development which helps keep us secure, protected and connected 2) Star Wars 3) Memes Happy Monday ya'll! 🦃
Hey, Robin! I currently use Okta to manage my users. How complicated is this to set up with Cato?
You know those situations where someone asks you a question, and you think to yourself "this is something that's going to be asked multiple times?" Yeah, this is one of them. While I was talking with a future Cato Customer, they asked a simple question about how difficult it would be to provision their users with SCIM into the Cato Management Application. Naturally they were hesitant (as this can be a mammoth task with many vendors), but with us, it's a pretty light-lift. Being the egotistical buffoon I am, I thought to record a video in a dimly lit hotel room. Of course we have fantastic product documentation that explains this procedure in detail, but some people are visual learners who want to see the 'final product' instead of the steps along the way. Remember, 5 hours of troubleshooting can often save you 10 minutes of reading the documentation 😀
Notifications on Cato Connect
If you’d like to change your notification settings, just click on your avatar, choose “my settings” Then click on "Follow & Notifications" Then make the changes you would like to make to your notification settings. If you’d like to receive email notifications, make sure this button is toggled on. Otherwise, your notifications will be only in the bell icon on Cato Connect. Everything here is set to immediate, but you can choose to get a daily or even weekly digest of information, totally up to you. Don’t forget to check out the advanced options at the very bottom of the page. We’re glad you’re here and we want to make Cato Connect as useful and engaging as possible. Start a discussion or email us with any ideas or questions!Simplifying TLS Inspection with Cato's ML-driven Wizard
You made the first step, this is THE place to learn more, get your questions answered and share your experiences with other Cato customers. Our TLS Wizard is designed with a clear purpose: intelligently determine which traffic to bypass and which to inspect, giving you immediate visibility into the most-commonly used applications and websites in your network. We leverage real-world customer traffic insights to identify which traffic works well with TLS inspection and which might be problematic. What Traffic Should Not Be Inspected? Four types of traffic should typically bypass TLS inspection: Certificate Pinned Applications - These applications require specific certificates and will fail when inspected. Cato automatically bypasses known problematic OS, applications and URLs using our default bypass rule — without requiring the Wizard! Embedded OS Devices - IoT devices like printers, cameras, and smart TVs don't support certificate installation and won't work with TLS inspection. Sensitive Categories - While Cato never stores payload data, bypassing health, medical, and financial categories helps ensure privacy and compliance. Traffic originating from Guest networks (or other devices that do not have the Cato certificate installed) – typically it’s not possible to inspect traffic from guest devices as they will not have the Cato certificate installed and will therefore generate an error if inspected. The TLS Wizard adds bypass rules for embedded OS and sensitive categories automatically. The bypass of guest networks will need to be created manually as this is not a generic rule that applies to all customers. What Traffic Should Be Inspected? The Wizard recommends inspecting these five categories: General, Business Information, Computers and Technology categories Popular cloud applications Cato-recommended domains (approximately 6,000 domains verified to work with TLS inspection) Malicious and suspicious categories Uncategorized and undefined categories Remember, these are suggestions that you can customise during setup. You might want to start by testing with specific users or groups. Best Practice for the Default Inspection rule To prevent unexpected traffic inspection, we recommend configuring your default TLS inspection rule to bypass. After running the Wizard, you'll be: Bypassing known problematic sources and destinations Inspecting known-good, high-value destinations Bypassing everything else by default You can customise and expand upon this foundation later, we recommend adding the bypass for the guest networks in the appropriate section of the TLS inspection policy as a starting point. See the TLS Wizard in Action: Watch the demonstration - https://www.youtube.com/watch?v=zYVoxHA09NY&t=14s Visit our Knowledge base article Have questions? Use the "comment" option at the bottom of this page. We're monitoring closely and ready to assist you on your journey
