Recent Content
Cato SDP Client to be auto intelligent to login instead of manual logging
I have recently migrated from Netskope to Cato Networks. One issue we have noticed is that users need to login once to Cato SDP client and then "Always-on policy" gets enabled. But users are smart, they don't login to SDP client itself as many sites gets blocked as per policy which they don't want so they don't login once also to SDP client thus making us non-compliant as absence of SDP client makes them vulnerable as they can browse malicious sites as well as can upload company data on public sites which typically gets blocked when connected over SDP client. In Netskope, we just had to push agents to the laptop and no user intervention was required, it automatically detects logged in user credentials so there was no scope for user to not login or bypass security controls. Can't we make zero touch experience for user so that there is no room for escape or delay as now we are totally dependent on user.101Views0likes11CommentsUse Case- Bypass internal application access through CATO when in office
I have been using Netskope where there is feature of split tunneling wherein when it detects that you are in office network then you can disable remote access and the traffic to internal application will be routed using your office MPLS/ILL thus only internet traffic going to CATO but when same users are working from home then both remote access as well as internet traffic goes via Netskope. Now with CATO, there is no option with me to exclude traffic going to CATO POP except IP ranges but I want the same experience that when users is in office, only internet traffic goes through CATO and not private access. I want this spliting done through CATO SDP client as I dont have any site license.100Views0likes2CommentsIPS Whitelist GEO_RESTRICTION using domain name
Is there going to be an option in the future to whitelist geoblock IPS using a domain name? Currently only IP addresses affect geo_restriction, so, whitelisting all Microsoft servers in India is a bit like playing whack-a-mole. You can add a domain, but it throws an error (see screenshot below).100Views0likes10CommentsWhat do you think about the new Cato Community?
What do you think about the new Cato Community?SolvedMikeOrtega4 months agoCato Employee100Views3likes8CommentsSplit Tunnel basis FQDN/Domain
I am facing some issue wherein I am not able to browse some government site. There was an article on the same as well. As of now , I have configured split tunnel basis exclude IP and I have excluded IP address of one of the website of Government but this is not going to work as I have multiple websites of government which is not opening. Why there is no option to bypass or split tunnel basis FQDN or domain then I can exclude traffic for Government sites as it becomes a task for doing split tunnel basis individual IP address. Is it on road map as well or not?94Views0likes3CommentsNeed help with prelogin Intune deployment
Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. So it gets deployed to them, they turn it on and it autopilots from there. The cato sdp client is being deployed with patchmypc and has a script in place with that for the required registry keys. The certificates are being deployed inside of a win32 intune win file with a script to install the certificate. Script for the certificate: yes it is password protected pfx file. (We do not have a certificate authority. (This did work for prelogin on my device.) Import-PfxCertificate -FilePath .\Catoprelogin.pfx -Password (ConvertTo-SecureString -String 'mypassword' -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My All of this was successfully installed, what could I be missing? The certificate is an SSL certificate and I confirmed that it worked prior to the autopilot on my personal work computer without autopiloting it. DOES ANYONE HAVE ADVICE OR SUGGESTIONS ON HOW TO SETUP THE INTUNE AUTOPILOT PROFILE, ENROLLMENT STATUS PAGE, OR ANY OF THE ABOVE TO MAKE THIS WORK? WHETHER IT IS DEPLOYING THE CERT A DIFFERENT WAY OR DEPLOYING THE CERTIFICATE WITH THE CATO CLIENT APPLICATION INSTALL. Thanks,90Views0likes2CommentsClarification on Bandwidth Limit with Split Tunnel Policy
Hi CATO Community, I have a question regarding the CATO Bandwidth limit in relation to split tunneling policies. I have purchased a 25 Mbps CATO Bandwidth plan. If an SDP Client connects to the CATO Cloud and I configure a split tunnel policy to route some traffic outside of CATO Cloud (e.g., directly to the internet), will this traffic still be limited to the 25 Mbps bandwidth cap? 2, If the traffic is indeed limited, is there any method to bypass this limit for split tunnel traffic? Specifically, I want the split tunnel traffic to bypass the CATO Cloud entirely, avoid any security checks, and enjoy the full speed of our original internet connection. I would appreciate any insights or advice from those who have experience with this configuration. Thanks in advance for your help!lo31 days agoComet77Views0likes1CommentLAN Firewall rules - missing "IP range" in src/dst
Anyone else missing an ability to use Custom IP Range as a source or destination in LAN Firewall rule? We use CATO LAN Firewall to control traffic between two separate network zones terminated on two different internal firewalls. Since this is a local traffic in the site, we don't want to route it to Cato Cloud so it's not dependent on WAN links. That's why we use CATO LAN Firewall (formerly Local Routing). But the only options to set Source or Destination are: Global range, Host, Interface subnet, Network Interface and Any. Would be very useful if we can use Custom IP ranges and Host Groups there.71Views0likes3CommentsInquiry About Application Traffic Routing and Network Rules in CATO SASE
Hi all, I have a question regarding configuring application traffic routing in the CATO SASE platform. Specifically, I would like to direct some application traffic to the CATO Cloud while routing other application traffic locally. I understand that this can be achieved using Bypass or Split Tunnel Policies, but I noticed that only five applications can be selected in these policies. Given that the Network Rules function offers a broader selection of applications, can Network Rules be used to achieve the same routing objectives? If so, I’d appreciate guidance on how to configure this effectively. Thank you for your assistance, and I look forward to your insights.68Views0likes5Comments