Recent Content
API for LDAP Sync
Hi, Team. We have checked the KB and API documents and there are only two ways to sync LDAP users which is through Daily Sync feature and 'Sync Now' button. We have asked to Cato Support that if there is a way to automatically sync in defined minutes or hours. (ex. set 5 minutes to automatically sync LDAP users) The response was we have to RFE for that feature. Then I asked them if there is API for LDAP Sync and they lead me to here. So, currently, is there any API query for LDAP Sync we can use?
Cloning Firewall rules
Ever notice how Cato defaults are not Cato best practices. I have a preferred layout for Internet Firewall and WAN Firewall rules. I have them in multiple sections for business rules and best practice rules. I am wanting to created a pristine template that I can apply to a new tenant that sets up all of my preferences. I am pretty fluent with Postman and python. Any bread crumbs or ideas on how to back up the Internet Rules from one tenant and push them in to a net new tenant? Any ideas are greatly appreciated. Thanks, Brian
Does the Cato API support batch submissions?
I'm looking to add over 200 DHCP reservations to one of our sites. Does the API support batch submissions in the following format or do I need to include the 'accountId" and 'siteId' lines for each host? [ { "accountId": "123456", "siteId": "78910", "input": { "name": "Host1", "ip": "192.168.1.10", "macAddress": "00:1A:2B:3C:4D:5E" } }, { "input": { "name": "Host2", "ip": "192.168.1.11", "macAddress": "00:1A:2B:3C:4D:5F" } } ]
How do you make an API request that lists IP address of LAN and WAN interfaces ?
I need to retrieve several pieces of information using API requests : - full list of IP ranges for LAN interfaces (type : Native, VLAN, Routed) [screenshot] - IP addresses of the WAN interfaces (socket IP) In the "entityLookUp" request, I can only find the site's native IP address (VLAN, Routed?) and in the "accountSnapshot" request, there is no internal address. Thank for your time
Device Posture-Real Time Protection
I noticed a couple of items in the Device Posture>Device Checks>Anti-Malware section today that I was wanting to bring up. 1. Real Time Protection Enablement Realtime protection is not able to be selected when you have "Any" selected as the Vendor (grayed out in the screenshot shown below): However, if you end up Defining a Vendor and Product, and then revert your Vendor selection back to "Any," Real Time Protection can be enabled (see screenshot below once reverting Vendor back to "Any"): Question Does this mean that Real Time Protection cannot be assessed if you have the "Any" vendor selection, and I just happened to find a bug that allows me to check,....OR....am I supposed to be able to select Real Time Protection when the Vendor selection is set to "Any"? 2. Real Time Protection Definition When reviewing CATO documentation on Device Checks using the following URL: Creating Device Posture Profiles and Device Checks – Cato Learning Center The following is listed: This reads like it is mentioning the frequency that the Client is checking the device for Anti-Malware criteria checks and not that the installed Anti-Malware solution has Real Time Protection enabled. Can I get confirmation that by enabling Real Time Protection in the Anti-Malware device check, this is actually verifying that the installed solution has Real Time Protection configured?CATO always on
Hi, I am currently deploying Cato across my entire organization, transitioning from Fortinet’s VPN platform to Cato’s ZTNA. We are enabling Always On to enforce the use of Cato for all users. However, this feature requires an initial login from the user. How can I force an end user (who does not use any sensitive company services but still needs enforcement as part of ZTNA) to complete the initial login to the Cato Client? Since we are rolling this out company-wide, I do not want to enforce it for all users, but rather for a specific group. Is there an option to do that? Thanks!Bypass L7 from socket device
Hi community, Like the “Exclude Applications from Split Tunnel Policy Rules” available from the SDP client, is this functionality available from the socket ? Many customers have lot of teams and outlook traffic and need to bypass it directly from the socket. Many reasons for that (improve performance and save bandwitdh to the Cato Cloud) The actual bypass (from/to) IP is not usable for teams and outlook traffic. Thanks
DHCP option to assign Cisco Wireless Controller
Hi Community, We have some sites that I'm trying to set a DHCP option to assign the controller IP to cisco 9105. I have a vendor rule on the AP's that get DHCP from our Microsoft DHCP servers. Was just curious if anyone has configured an option that works through Cato DHCP? Thank you.
