Is your URL category over-ride not taking effect? When configuring firewall rules by domain you do not need to specify the subdomains. Firewall rules will even cover the subdomains if you specify a Top Level Domain e.g. "uk" would cover all the subdomains such as bbc.co.uk). This is not the case when using domains to…
Issue:Intermittent IPSec disconnects; Packet loss; TLSi disabled. Symptoms: * Timeline shows 'unable to decrypt' packets intermittently * CMA events show TLS Inspection disabled subsequently * Session with a server / host behind IPSec Azure gateway lost. * IPSec Timeline shows following in the logs Unable to decrypt packet…
Use case: * I have a TLS bypass rule for a domain that I would like removed. I added this rule because the certificate is not trusted. Now I need to grab certificate details. * I have a certificate that appears to be missing from Cato TLS store. I want to report the same to Cato Support. Although I have p7b file which only…
* Use Case 1- How do I block traffic to all *.info websites using TLD? * Use Case 2- How do I block traffic to and form a country? Security > IPS > GeoCato has a very powerful IPS feature to block both inbound and outbound traffic to a specific country which some of our competitors can't do. They usually will only block…
Unlike most other competitors we have this awesome tool available from CMA - With other vendors you would to login to a CLI shell, elevate and run some intrusive tcpdumps. It makes IPsec troubleshooting far easier. PCAPs and Timelines are available in the CMA next to the IPSEC configuration page. Networks > Sites > IPSec >…
Have you ever wanted to minimize the windows ZTNA client when it start up? Just add a registry key under: Path: HKEY_CURRENT_USER\Software\CatoNetworksVPN Key: start_minimized Value: 1 (DWORD) Restart the service CatoNetworksVPNService and the setting will be applied. That's it! Enjoy!
Use case: * Although manual uninstall may not be required frequently, there may be instance where you have a user with corrupt installation and you must uninstall remotely. * Another typical use case I cam across recently - your company self service portal (e.g. Intune or Kandji) has a different version than what is…
Overview If I interpret the latest comments on SSE Gartner MQ '25, SASE is going to devour the SSE soon. Use case mentioned here is one such instance that SSE alone can't implement without fancy private access or ZTNA or steering hooks. Let alone the publishers that are required to be hosted and maintained by the customers…
You made the first step, this is THE place to learn more, get your questions answered and share your experiences with other Cato customers. Our TLS Wizard is designed with a clear purpose: intelligently determine which traffic to bypass and which to inspect, giving you immediate visibility into the most-commonly used…
Issue: -I have editor permission under Networks and Access rows, yet I can’t export the sites or SDP users into CSV. -Export button is grayed out. Background: Cato CMA (Cato Management Application) has extensive RBAC (role-based access control) permissions. Since we introduced RBAC set of permissions have continued to be…
It looks like you're new here. Sign in or register to get started.