Welcome to the Cato Connect Community

Discuss, share, and learn from peers using Cato Networks platform to make all the SASE difference.

Explore the Community

Cato Cloud

Cato and SASE discussions and best practices.

API

API questions-and-answers, discussions, and best practices.

Community Help

Start here with any Cato Connect questions! Community guides and information.

Recent Content

DSCP Markers in Microsoft Teams
I have been reading the following article which shows it was updated 6 months ago and so I think it must still be relevant: https://support.catonetworks.com/hc/en-us/articles/4408901533073-Implementing-QoS-using-Microsoft-Teams-and-Cato Our app analytics only show the Skype and MS Teams application, rather than being broken down into these: We use Cisco switches, and for the ports connected to the socket we use the following: switchport trunk native vlan 99 switchport mode trunk ip device tracking maximum 0 no access-session monitor spanning-tree portfast edge trunk ip dhcp snooping trust We do have GPO/InTune that sets the DCSP on our laptops. Do we need to configure anything on the Cisco switches for this to work? Or is there another reason I haven't thought of?
Nath
Meteor
16 hours agoPlace Discussions
5Views
0likes
2Comments
updateBgpPeer
Is there anyone who could use the api to update a site IPsec site that has two BGP peers. We are getting the message: "errors": [ { "message": "Value must be consistent across all neighbors", "path": [ "site", "updateBgpPeer" ] } ], "data": { "site": { "updateBgpPeer": null } } }
Ton
Comet
2 days agoPlace API Discussions
14Views
0likes
1Comment
Microsoft Defender for Endpoint alerts no longer showing in Stories Workbench
I'm seeking advice regarding the integration between Cato XDR and Microsoft Defender for Endpoint (MDE). Previously, MDE alerts were being displayed correctly in Cato XDR (Home > Stories Workbench), but since yesterday, new incidents detected in MDE are no longer appearing in XDR. Below is the current status of our investigation: When an incident occurs on a device, it is properly detected and displayed in MDE. The integration with MDE was successfully completed, and the corresponding application in Entra ID has been granted the following application permissions with admin consent: SecurityAlert.Read.All SecurityIncident.Read.All ThreatHunting.Read.All User.Read (delegated) User.Read.All (application) In Microsoft Entra ID, the Sign-in logs show that all sign-ins by the service principal are marked as "successful." We tried deleting "Microsoft Defender" once from Security > Endpoint Connector and re-integrating it, but the alerts still do not appear in XDR. I would greatly appreciate any advice or insights to help resolve this issue. Thank you very much in advance.
Solved
Naoki
Meteor
3 days agoPlace Discussions
analytics
API
monitoring
43Views
0likes
2Comments
Disabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards
Rpe
Comet
4 days agoPlace Discussions
38Views
0likes
1Comment
Question About the "Internet as a Transport" Setting in Link Health Rules
In Link Health Rules, there is a setting called "Internet as a Transport." Specifically, what types of links does this refer to? Does this include Off-Cloud or Alt.WAN links?
KojiroZaitsu
Meteor
5 days agoPlace Discussions
monitoring
network
13Views
0likes
1Comment
ARM version?
Most of Cato's competitors now have native ARM versions of their VPN clients - but for Cato it's not even on the roadmap? I suppose the X64 version will not run in emulation mode on a Snapdragon based Copilot+ Windows computer?
JM
Meteor
6 days agoPlace Discussions
64Views
0likes
3Comments
What is 'Disable ACL For SIP' in Site Configuration.
Hi, Does anyone know what the ‘Disable ACL For SIP’ feature is in Site Configuration? What is the behavior when this feature is enabled?
Minato
Comet
9 days agoPlace Discussions
network
47Views
0likes
4Comments
Terraform vSocket 2-NIC Module issues
We are in the process of deploying a 2 NIC vSocket cluster in Azure with Terraform. In doing so, we have encountered hurdles, some of which have been solved by a newly published terraform module from cato: https://github.com/catonetworks/terraform-cato-vsocket-azure-ha-vnet-2nic/ However, there is no 2-Nic module that only deploys the VSockets without deploying additional resources. The current 2-NIC module does not allow resource groups or VNETs to be created, but other resources such as subnets, public IP, interfaces, NSG, routing tables etc. are still created. This means that we have to take the module apart and adapt it to our requirements. However, we would like to be able to fall back on a standard module from CATO and not maintain a customized module. Interestingly, this module is already available for the 3-NIC Solution: https://github.com/catonetworks/terraform-cato-vsocket-azure/blob/main/main.tf (Standalone) https://github.com/catonetworks/terraform-cato-vsocket-azure-ha/blob/main/main.tf (HA) What we need is a 2-NIC module, which is analogous to the above without additional Azure resources deployed. Furthermore, the 2-NIC module also limits which options can be used for the azurerm_linux_virtual_machine resource. The following options are missing: - Naming Convention (the option to use completely custom names for the vSockets) - Use of availability zones Is there any information on whether and when something like this is coming?
Michael447
Comet
11 days agoPlace API Discussions
28Views
1like
2Comments
Potential for abuse of the password reset link with https://cc2.catonetworks.com/forgotAdminPassword
Hi, This is Cato Lab from South Korea. Our customer raised a question. Is there any way to prevent malicious actors from repeatedly entering an email address to trigger password reset emails, potentially spamming or annoying administrators? Their concern is that someone could misuse the reset link mechanism to repeatedly send reset emails, causing inconvenience to the administrators or account owners. Does Cato have any existing protections or recommended best practices to mitigate this type of abuse? It will be really helpful if you guys know any type of protection behavior for administrators regarding using this webpage. Thanks, Best Regards, Cato Lab.
catolab
Comet
11 days agoPlace Discussions
14Views
0likes
0Comments
Defender for Identity - VPN Integration
Hi, We frequently get false positives from Microsoft Defender for Identity because it's unable to map the IP address Cato assigns a remote user with their laptop hostname. I guess our on prem Microsoft sensors are unaware of the Cato client range. I think the only way to fix it is to send RADIUS accounting events from Cato to the Microsoft sensor, but I don't think this can be done? https://learn.microsoft.com/en-us/defender-for-identity/vpn-integration
DavidG
Meteor
14 days agoPlace Discussions
15Views
0likes
0Comments

Featured Content

Voices Behind the Stack: Nick and Jack of Redner’s
2 months ago
yumdarling