Welcome to the Cato Connect Community

Discuss, share, and learn from peers using Cato Networks platform to make all the SASE difference.

Explore the Community

Cato Cloud

Cato and SASE discussions and best practices.

API

API questions-and-answers, discussions, and best practices.

Community Help

Start here with any Cato Connect questions! Community guides and information.

Recent Content

Meraki Integration?
in the 4/27/2026 product announcements it says: Cisco Meraki Access Point Events in Experience Monitoring: Integrate Wi-Fi access point events from Cisco Meraki and correlate them with user experience data to improve troubleshooting of office connectivity issues. Requires a DEM license and configuration of the Cisco Meraki connector We have the required DEM license, but It references setting up the Meraki connector Cisco Meraki: Creating the Experience Monitoring Connector – Cato Learning Center but when we go to set up the Meraki integration there does not seem to be a Meraki integration to configure. What am I missing?
ddaniel
Staying Involved
3 hours agoPlace Discussions
7Views
0likes
1Comment
I could use some help with a Powershell script for the events feed.
For some work I am doing trying to track DHCP events, I have been looking at the Events Feed API and am having trouble getting code working in Powershell. I know my API key/Account ID are good because I have other scripts/tasks running daily, but I am struggling on the event feed. I would rather avoid Python because I already have other things happening in Powershell and am not very comfortable in Python. I think I have events enabled in my account correctly. I asked ChatGPT to review my efforts and add debugging and this is my current script. It returns 0 events. you can toggle $DEBUG_MODE = $true/$false as needed Can someone let me know if you return results with this code? thanks. # start script ----------------------------------------------------------------------------- # ====== CONFIGURATION ====== $API_URL = "https://api.catonetworks.com/api/v1/graphql2" $API_KEY = "YOUR_CATO_API_KEY" $ACCOUNT_ID = "YOUR_ACCOUNT_ID" $DEBUG_MODE = $true $MAX_LOOPS = 3 # =========================== $query = @" query EventsFeed(`$accountIDs: [ID!], `$marker: String) { eventsFeed(accountIDs: `$accountIDs, marker: `$marker) { marker fetchedCount accounts { id records { time fieldsMap } } } } "@ function Write-DebugLog { param( [string]$Message, $Data = $null ) if (-not $DEBUG_MODE) { return } Write-Output "[DEBUG] $Message" if ($null -ne $Data) { try { if ($Data -is [string]) { Write-Output $Data } else { $json = $Data | ConvertTo-Json -Depth 20 Write-Output $json } } catch { Write-Output "[DEBUG] Could not serialize debug data." Write-Output ($Data | Out-String) } } Write-Output ("=" * 80) } function Print-Event { param($Record) $timeStr = $Record.time try { $dt = [datetime]::Parse($Record.time) $timeStr = $dt.ToUniversalTime().ToString("yyyy-MM-dd HH:mm:ss 'UTC'") } catch {} $f = $Record.fieldsMap Write-Output "[$timeStr] $($f.event_type) / $($f.event_sub_type): $($f.message)" Write-Output " User: $($f.user_display_name)" Write-Output " App: $($f.application)" Write-Output " Src: $($f.src_ip)" Write-Output " Dst: $($f.dest_ip)" Write-Output ("-" * 80) } function Fetch-Events { $headers = @{ "x-api-key" = $API_KEY "Content-Type" = "application/json" } $marker = "" $totalEvents = 0 $loopCount = 0 while ($true) { $loopCount++ if ($loopCount -gt $MAX_LOOPS) { Write-Output "[INFO] Reached MAX_LOOPS limit ($MAX_LOOPS)." break } $variables = @{ accountIDs = @($ACCOUNT_ID) marker = $marker } $bodyObject = @{ query = $query variables = $variables } $body = $bodyObject | ConvertTo-Json -Depth 20 try { Write-DebugLog "Request URI" $API_URL Write-DebugLog "Request headers" @{ "x-api-key" = "***REDACTED***" "Content-Type" = "application/json" } Write-DebugLog "Request variables" $variables Write-DebugLog "Request body object" $bodyObject Write-DebugLog "Request body JSON" $body $response = Invoke-RestMethod ` -Uri $API_URL ` -Method Post ` -Headers $headers ` -Body $body ` -TimeoutSec 30 Write-DebugLog "Parsed API response" $response } catch { Write-Error "[ERROR] API request failed: $($_.Exception.Message)" if ($_.ErrorDetails -and $_.ErrorDetails.Message) { Write-Output "[DEBUG] ErrorDetails:" Write-Output $_.ErrorDetails.Message Write-Output ("=" * 80) } break } if ($response.errors) { Write-Error "[ERROR] API returned GraphQL errors." Write-DebugLog "GraphQL errors" $response.errors break } if (-not $response.data) { Write-Output "[DEBUG] Response has no 'data' property." Write-DebugLog "Full parsed response" $response break } $feed = $response.data.eventsFeed if (-not $feed) { Write-Output "[DEBUG] Response has no 'data.eventsFeed'." Write-DebugLog "Full parsed response" $response break } Write-DebugLog "eventsFeed object" $feed $batchCount = 0 if (-not $feed.accounts) { Write-Output "[DEBUG] eventsFeed.accounts is null or empty." } else { Write-Output "[DEBUG] Number of accounts returned: $($feed.accounts.Count)" } foreach ($account in $feed.accounts) { Write-Output "[DEBUG] Inspecting account id: $($account.id)" if (-not $account.records) { Write-Output "[DEBUG] No records returned for this account." continue } Write-Output "[DEBUG] Records returned for account $($account.id): $($account.records.Count)" foreach ($record in $account.records) { if ($DEBUG_MODE -and $batchCount -lt 3) { Write-DebugLog "Sample record" $record if ($record.fieldsMap) { Write-DebugLog "Sample fieldsMap keys" ($record.fieldsMap.PSObject.Properties.Name) } } Print-Event $record $totalEvents++ $batchCount++ } } Write-Output "[INFO] Batch fetched: $($feed.fetchedCount)" Write-Output "[DEBUG] Batch printed: $batchCount" Write-Output "[DEBUG] Next marker: $($feed.marker)" if (($feed.fetchedCount -eq 0) -or [string]::IsNullOrWhiteSpace($feed.marker)) { Write-Output "[INFO] Stopping because fetchedCount is 0 or marker is empty." break } $marker = $feed.marker } Write-Output "[INFO] Total events retrieved: $totalEvents" } Fetch-Events # end script -----------------------------------------------------------------------------
Solved
ddaniel
Staying Involved
21 hours agoPlace API Discussions
92Views
1like
8Comments
Terraform: IPsec site creation with Responder-only and destination type FQDN possible?
Hi, see subject. When trying to setup an ipsec site (IKEv2) in responder only mode and with destination type FQDN for primary and secondary tunnel, terraform (in fact opentofu), gives this error: │ Error: Cato API error in SiteAddIpsecIkeV2SiteTunnels │ │ with cato_ipsec_site.Vienna, │ on main.tf line 73, in resource "cato_ipsec_site" "Vienna": │ 73: resource "cato_ipsec_site" "Vienna" { │ │ {"networkErrors":{"code":422,"message":"Response body {\"errors\":[{\"message\":\"input: │ variable.updateIpsecIkeV2SiteTunnelsInput.primary.tunnels[0].tunnelId is not a valid │ IPSecV2InterfaceId\",\"path\":[\"variable\",\"updateIpsecIkeV2SiteTunnelsInput\",\"primary\",\"tunnels\",0,\"tunnelId\"]}],\"data\":null}"},"graphqlErrors":[{"message":"input: │ variable.updateIpsecIkeV2SiteTunnelsInput.primary.tunnels[0].tunnelId is not a valid │ IPSecV2InterfaceId","path":["variable","updateIpsecIkeV2SiteTunnelsInput","primary","tunnels",0,"tunnelId"]}]} ╵ That appears when adding the "tunnels" section. Without that section, a deployment if possible. Obviously, the tunnels section is required. --------------------snip-------------------- connection_mode = "RESPONDER_ONLY" identification_type = "IPV4" primary = { destination_type = "FQDN" tunnels = [ { public_site_ip = "10.10.10.10" psk = "abcABC1234567!!" //last_mile_bw = { //downstream = 10 //upstream = 10 } ] } ---------------snap------------------------------------- Is that supported with the terraform provider currently? Thanks, Christian
Deckel
Joining the Conversation
3 days agoPlace API Discussions
171Views
0likes
4Comments
Cato Connect Event: DevOps/API Live - May 2026
We’re back with a live session focused on DevOps and API workflows designed for customers and partners who want to build, automate, and scale with Cato. During this session, we’ll walk through practical, real-world use cases and tooling, including: API explorer and code generation Terraform bulk rule and site provisioning Brownfield deployments MCP Server, custom reports, and analysis CatoCLI, troubleshooting, and bulk configuration management And time for questions Join us on: May 7, 2026 1:00 PM ET Register here Presenters: Brian Anderson Global Field CTO Joe Fontes Major Sales Sales Engineer John Farthing Professional Services Consultant
yumdarling
Community Manager
5 days agoPlace API Discussions
22Views
2likes
0Comments
Mismatch in User Count: Cato Report vs GraphQL API Output
This is to update that we are encountering an issue with the User GraphQL query. For example, when we generate a manual report from Cato, we receive approximately 1,750 users. However, when fetching data via the API, we are only getting around 768 users. It appears that the API is returning only users with an active Cato connection. We are not receiving data for assets or users that are currently not connected. Could you please confirm if this is an expected limitation of the API, or if there is a way to retrieve all users, including those that are not currently not connected?
Mukeshkumar20
Making Connections
6 days agoPlace API Discussions
114Views
0likes
15Comments
LDAP Integration – Is Password from AD or Local SDP?
Hi, In a setup where LDAP (Active Directory) is configured in Cato for user provisioning only, and no SSO is in place: - Is LDAP also used implicitly for authentication (LDAP bind)? - Or is authentication handled locally by Cato (separate SDP credentials)? There doesn’t seem to be a clear setting indicating LDAP auth vs provisioning-only. Would like to confirm the expected login behavior. Thanks.
Soon
Joining the Conversation
8 days agoPlace Discussions
42Views
0likes
3Comments
IP Containers in Firewall Rule
Acording to the KB, "The Internet firewall inspects traffic between the WAN and the Internet and lets you create rules to control this traffic." Dumb question but then is the firewall one directional? WAN to Internet? I ask because other firewalls have rules/policies that are bi-directional. When I tried to create an Internet firewall rule in CATO and tried to select an IP Container (bad source IP's) it did not have an option, which indicates to me that the Internet Firewall rules are WAN to Internet only. In that case how do I apply an IP Container to block for inbound traffic from the Internet?
georgerod
Finding a Voice
11 days agoPlace Discussions
71Views
0likes
4Comments
HTTP/2 and /3
When using CATO and navigating the internet through a browser, does CATO support protocols above HTTP1. (HTTP/2 and HTTP/3)? A website a user is trying to use only supports these new protocols, and so when connected to the network it shows him in a slowdown mode I have included the site for reference with a support page for this issue https://www.sanity.io/docs/help/http1-performance-issues
exaltacorey
Joining the Conversation
15 days agoPlace Discussions
55Views
0likes
1Comment
App Analytics Dashboard not having all filters
Currently App Analytics Dashboard covers all the application or traffic going to Cato PoP. I have users who also uses Cato SDP in mobile phone but those are BYOD devices. Now when I see analytics dashboard, it shows various applications which are blocked in windows/MAC OS like whatsApp. But in App Analytics Dashboard, it also shows application like "WhatsApp" with almost traffic in 10-15GB which is unnecessarily flagged by auditors wherein these are allowed from personal mobile device . There is no filter currently in dashboard to filter insights bases device OS type so that I can remove IOS from device type so that it shows correct picture. I asked this in Ask AI feature and it said :- Unfortunately, based on the Cato documentation, there is no built-in feature to completely exclude specific devices or device types from traffic monitoring and analytics. Current Limitations App Analytics shows all traffic: The App Analytics page includes data for all traffic flowing through the Cato Cloud, including blocked apps and traffic from all device types. According to the documentation: "The App Analytics page includes data for blocked apps. This is because the PoP allows the client device trying to access the app to send multiple packets to the PoP, so it can identify the app and apply the block rule." No device-type exclusion from analytics: While you can filter analytics by device type (iOS, Android, etc.), you cannot exclude specific device types from being collected or displayed in analytics altogether. Workaround - Contact Cato Support: This might be a feature request worth submitting to Cato, as BYOD privacy concerns are common in enterprise environments. Can Cato Team looks into this?
PrakashRIndia
Staying Involved
19 days agoPlace Discussions
analytics
39Views
0likes
1Comment
URL - Category over-ride not taking effect?
Is your URL category over-ride not taking effect? When configuring firewall rules by domain you do not need to specify the subdomains. Firewall rules will even cover the subdomains if you specify a Top Level Domain e.g. "uk" would cover all the subdomains such as bbc.co.uk). This is not the case when using domains to override a category though! Category over-ride from CMA for an domain / FQDN applies just to the that domain or FQDN. Any subdomains must be specified with its own FQDN. E.g. over-riding category for http://catonetworks.com to a category of your choice does not change the category for http://www.catonetworks.com Hope you find this helpful. Thanks Nath based on your comment I have added following article that shows how to add a custom app to get around having to override individual domains. Add the custom app in a rule and place it above the rule that blocks the traffic. https://support.catonetworks.com/hc/en-us/articles/4413265662993-Working-with-Custom-Apps Reference Article: https://connect.catonetworks.com/kb/cato-cloud-best-practices/how-to-block-a-tld-top-level-domain-or-a-specific-country/374
CATOM
Cato Employee
19 days agoPlace Best Practices
enablement
getting started
SWG
278Views
3likes
3Comments