Discussions
Discussions and questions regarding Cato Networks and SASEBest Practices
Find Cato Networks best practices, tips, tricks, and other helpful information!
Recent Content
"400 Bad Request" Error Occurs with Okta SSO - Unable to Log in to VPN
I configured SSO authentication with Okta as the IdP for the Cato VPN Client, but when attempting to connect to the VPN, I receive a '400 Bad Request' error and cannot log in. Setup: "Single Sign-On" has been configured in CMA "Cato Portal" configured in Okta A VPN connection has been attempted using the Cato Client During authentication, the following error message appears: Error Message: "400 Bad Request" What I have tried: I found the following information in Okta's Knowledge Base, but I was unable to locate the corresponding setting in the Cato Portal Make sure that the redirect_uri, http://localhost:8080/authorization-code/callback is registered as an allowed Sign-in redirect URI in Open ID Client for the application being used [Reference link] (https://support.okta.com/help/s/article/The-redirect-uri-parameter-must-be-an-absolute-URI?language=en_US) Question: If anyone has encountered and resolved this issue, I would appreciate any insights on key configuration points or possible solutions. Additional Information: I am using Okta's free Developer edition (https://developer.okta.com/login/) for testing.
CATO Response Requested in KB Article Comments
Hey! In the Always-On KB article comments section, someone (Steven Pettitt) posed a question about using the Always-On feature when IP reservations are in use. I was about to give my best crack at a response, but I figured since this is a KB article it might be better for a CATO rep to respond in the comments. Just wanted to call this out in the Community and raise visibility.Cato CMA Presets: How to edit?
Imagine nightmare of memorizing your frequently used Event Types and Sub-Type fields to find the results you are looking for! Cato CMA Preset is synonymous to your saved event query on other management platforms. A very powerful quick action feature that let's you jump directly to your favorite queries showing instant results. How handy when you are in the midst of troubleshooting a P1 issue! There are a few predefined presets (refer to first screenshot towards bottom you will notice them). You can also create your own custom presets (follow the instructions below and the screenshot). You can delete an already created preset or save that as your default preset to run next when you launch your event dashboard each time. How do I edit my saved preset or create a new one? While you cannot edit an existing preset, you can make changes and save using an existing preset. Once you run a preset, modify the arguments you would like and save it as a new preset. Follow the steps below: Go to the Home > Events page Create a custom preset: Set your desired event filters and time frame for your query Click on bookmark icon with plus sign on the far right of the search bar Enter a Name for the preset in the Custom Preset panel Click Apply The preset will be added to the Custom Presets drop-down menu Using an existing presets: Click the Select Presets drop-down menu in the filter bar Choose from predefined event filters for common scenarios or your saved custom presets The filters will automatically be applied and the page will update to show matching events Modify the search Click on bookmark icon with plus sign on the far right of the search bar (refer to the second screenshot) Enter a Name for the preset in the Custom Preset panel Click Apply The preset will be added to the Custom Presets drop-down menu Refer to this article for more information: https://support.catonetworks.com/hc/en-us/articles/4413273461905-Analyzing-Events-in-Your-NetworkCATO client vpn
Hello! I'm a new CATO client user and admin. We want that our users to be always on vpn but i found that if i reboot my laptop and log in, i'm able to go on the internet (Office 365) while my CATO Client is still trying to connect. Everyone have always-on enabled Can we do someting that the user must be on vpn before going on the web? Thanks a lot!
EC2 Instance size selection for use with vSocket.
Hi all, Is there any guideline on selecting the EC2 Instance size for use with vSocket? According to the following KB article, the supported instance sizes are listed. KB:https://support.catonetworks.com/hc/en-us/articles/16150140007069-Deploying-a-vSocket-Site-from-the-AWS-Marketplace However, there is no guide on which instance to select. I would be grateful if there was a guidance such as "Use t3.large for up to 100Mbps." Thank you. Yoshihiro ToyomasuCan the User Awareness feature be used simultaneously with the SRT?
Can the User Awareness be used simultaneously with the SRT (Static Range Translation) ? I have the following concerns: When the Identity Agent reports sets of IP address and username to CatoCloud, the IP address should not be translated, so the user can not be recognized correctly. Similarly, with AD Query, will there be a discrepancy between the IP address authenticated by AD (a translated value in major cases) and the IP recognized by CatoCloud? regards, Yoshihiro Toyomasu
How to use the IP range of the PCAP?
Hi all, I try to capture with sockets by referring to the Capture Traffic instructions in the knowledge base below. https://support.catonetworks.com/hc/en-us/articles/4413265670673-How-to-Capture-Traffic-on-a-Socket In Packet Syntax Rule, it seems that in range<> can be used as possible_operators, but I don't know how to use this. Does anyone know how to specify Range? Thank you. Takumi Takeuchi
Citrix
Has anyone tried publishing Citrix apps/desktop through the browser access portal? I see that RDP/SSH is coming in the next few weeks which looks really interesting but if we could publish Citrix through it we've got a number of use cases where this would be incredibly handy and tighten the security up too.
