Explore the Community
Cato Cloud
Cato and SASE discussions and best practices.
API
API questions-and-answers, discussions, and best practices.
Recent Discussions
Cato Device Posture Profile problems.. What are others using?
We've been working for several weeks to setup our Device Posture Profiles (DPPs) to be used as a way to block/allow access to certain resources. Our goal was to have the Cato client check to see if the following processes were running: Microsoft Intune MDM (for Windows and Macs) Microsoft Defender ATP (for Windows and Macs) We've found all sorts of inconsistencies and problems when applying these DPPs. Many times the Cato client won't realize the process are running (even thought they are). It will detect one of the processes but not the other sometimes. Sometimes it will work after users reboot and connect to Cato other times it won't. We are confused how often the Cato client checks for the postures . We have the "Enable Advance Posture Checks" option set to 5min, but see different behavior when machines come out of Sleep mode, etc. So now we are thinking it's asking too much of the Cato client to verify Defender and Intune are actually running , So we may have to settle for verifying if they are simply "installed" on the machine (via registry entry possibly)? We would like to hear how other companies are using the Device Posture Profiles/Checks to add security to their user's access. I'm guessing most companies are just putting a Cert on the machines and looking for that to allow access to Cato? Any suggestions would be appreciated.Cato Connect Event: AMA with Professional Services - November 2025
Did you join our last AMA with Professional Services and want more? Did you miss the last one and have been waiting for us to drop more dates? Well your request is our command, and we are back with another event for our customers and partners. We're doing things a little differently this time: First of all, we'll be honing in on specifics around CASB and TLSi, we will even have a short demo at the beginning to help you start using, or get the most out of, your investment. (We'll still take general questions from the audience) The other change is that this time, we're offering ~*options*~ Join us on: November 4th, 2025 at 3pm HKT or November 6th, 2025 at 11am EST During this live AMAs with members of our talented Professional Services team we’ll cover topics like: The latest versions of TLSi and CASB Best practices we’ve seen across real-world environments Your questions... seriously, bring them Here’s how to get the most out of it: Register for the November 4th or November 6th meetings and get the calendar invite and join us live Post your questions below in the comments — we’ll answer pre-submitted ones first, before tackling live chat during the session + See a question you like? Give it a “like” to help it rise to the top Note: We won’t be able to look at specific CMA instances — demos will be done using internal environments. That’s it — register, post your questions, and we’ll see you there! Presenters: Steven Wong Professional Services Engineer Kushtrim Kelmendi Principal Consultant Professional Services, EMEA Martin Guerrero Commercial Sales Engineer If you run into any issues, @mention me or email us at community@catonetworks.com
Windows CA with Cato for Device Posture Check
I’m looking for guidance on configuring a Windows CA to issue and validate RSA certificates for device posture verification in Cato. Has anyone implemented this integration?What’s the best approach for certificate management? Should we use self-signed certificates or purchase individual device certificates from DigiCert or another vendor? If anyone has implemented this, please share the pros and cons.
Cato Deployment Scenario
I am trying to find a documentation in the Cato portal regarding different methods of deployment and their drawbacks. For example, if I want to setup X1500 sockets in two separate buildings and achieve HA what are the pluses and minuses of this setup. In case of loss of connectivity between buildings how do each socket operate now they are no longer in pair. These are the information I want to find in the portal but not having any luck.Python script to add or delete a network in a site
Hy, I am trying to create a Python script to delete a network from one site and create it on another site. Do you have any examples of Python scripts available to make these changes? This page https://support.catonetworks.com/hc/en-us/articles/360013823477-Example-Scripts-Using-the-Cato-API-with-Python no longer exists. Best regards, Maël JAUBERTCato Client - manual PoP addressing
Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location. Not sure where this detail is stored on windows for the client, regkey or config file? Even a cato cli client with a switch to set it? I tried using fqdns as the pop name and having it resolve to a PoP IP in the hosts file, then using a script to change the hosts file entry to the desired PoP IP.... but the client cant use fqdns as the PoP to connect to :DAI for firewall rules?
I would have expected the Cato AI Assistant to be able to answer relatively simple questions in the account context like "does user x have access to the configured host y over HTTPS" - but that does not appear to be the case. Is the MCP server be able to manage such What-If queries?
