Anyone else missing an ability to use Custom IP Range as a source or destination in LAN Firewall rule? We use CATO LAN Firewall to control traffic between two separate network zones terminated on two different internal firewalls. Since this is a local traffic in the site, we don't want to route it to Cato Cloud so it's not…
We currently have an on-premises Active Directory and have Pre-Login enabled with connect at boot enabled. We defined internal destinations (domain domain controllers) as allowed destinations, so the devices can reach the domain controllers before the user has logged in. This worked fine so far. However, now we want to…
Dear All, I get malicious domain and IPs to block from my regulator. Instead of manually adding IPs and domain, I created Container and than get it sync with Raw Github for both IPs and FQDN. The FQDN and IPs are syncing correctly in CMA. To test, I added "linkedin.com" to malicious domain in container and created Internet…
Professional Services AMA – March 2026 Thank you to everyone who joined our March AMA session! Below is a clean, easy‑to‑scan recap of every question asked, along with brief summaries of the answers shared during the call. If you’d like the full context, you can view the recording below. IPsec & Tunnel Behavior Are IPsec…
Just watvhed a training video that states there is an option for Active/Active SLA settings globally but when I log into teh CMA all I see is Actrve/Passive. I checked at the site level and its only Active/Passive. How is this enabled? Or is this still in early availability?
It takes about 40 minutes once the user is deleted from from the IDP. Are there any other options for disabling a SCIM user? My thought was to create a WAN firewall rule to deny the user access until the scim update happens. Currently user are setup for split tunneling so I wouldnt need an Internet FW rule but if split…
Hi Team, We have a new site coming online, and I’d like to gather your insights regarding our network design. Which approach would you recommend for the deployment? * Cato Network as the Layer 3, or * HPE Aruba Switch performing Layer 3 Is anyone here currently using Cato as the Layer 3? If so, what advantages or…
Why aren't there options for selecting TCP or UDP in Remote Port Forwarding?
How do I monitor how much of an assigned pool a site is utilizing? For instance, If I assign a site 100mbps, I'd like to know how much of that 100mbps is being used over time so I can determine if I should re-allocate some to another site.
Most of Cato's competitors now have native ARM versions of their VPN clients - but for Cato it's not even on the roadmap? I suppose the X64 version will not run in emulation mode on a Snapdragon based Copilot+ Windows computer?
It looks like you're new here. Sign in or register to get started.