Discussions
Discussions and questions regarding Cato Networks and SASEBest Practices
Find Cato Networks best practices, tips, tricks, and other helpful information!
Recent Content
Need help with prelogin Intune deployment
Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. So it gets deployed to them, they turn it on and it autopilots from there. The cato sdp client is being deployed with patchmypc and has a script in place with that for the required registry keys. The certificates are being deployed inside of a win32 intune win file with a script to install the certificate. Script for the certificate: yes it is password protected pfx file. (We do not have a certificate authority. (This did work for prelogin on my device.) Import-PfxCertificate -FilePath .\Catoprelogin.pfx -Password (ConvertTo-SecureString -String 'mypassword' -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My All of this was successfully installed, what could I be missing? The certificate is an SSL certificate and I confirmed that it worked prior to the autopilot on my personal work computer without autopiloting it. DOES ANYONE HAVE ADVICE OR SUGGESTIONS ON HOW TO SETUP THE INTUNE AUTOPILOT PROFILE, ENROLLMENT STATUS PAGE, OR ANY OF THE ABOVE TO MAKE THIS WORK? WHETHER IT IS DEPLOYING THE CERT A DIFFERENT WAY OR DEPLOYING THE CERTIFICATE WITH THE CATO CLIENT APPLICATION INSTALL. Thanks,
AI for firewall rules?
I would have expected the Cato AI Assistant to be able to answer relatively simple questions in the account context like "does user x have access to the configured host y over HTTPS" - but that does not appear to be the case. Is the MCP server be able to manage such What-If queries?
Spotify web unable to play music
Hi, We are new to Cato. One issue I just discovered is with the SDP client running and connected to Cato cloud, if I try to play something on Spotify via the web browser, I get error "Spotify can't play this right now". I have tried various browsers, incognito, etc. When I disable the Cato SDP client, refresh the page, then hit the play button, it works. If I enable SDP client, refresh the page, then hit play, it's broken again with the same error above. I can see the Spotify traffic events in Cato CMA. Some events show TCP, TLS and HTTPs. Other events show UDP and QUIC. The action shows 'monitor', so why would this be blocked and prevent music from playing? There may be other apps that are blocked, which we need to make exceptions for, so some advice about troubleshooting this, or making exceptions would be much appreciated. Thanks!How to Uninstall Windows Cato SDP Client Remotely?
Use case: Manual uninstall is only required occasionally. You as an IT desktop admin want to uninstall Cato SDP Client remotely. A typical use case is if your company portal has a different version than what is installed on the user device. Cato client would auto upgrade to higher version. In order to downgrade you will need to uninstall the existing installation first. Prerequisite: Admin privilege on the system you are uninstalling the client on How To? Launch command prompt using privileged mode and then issue following command [screenshot example on Windows 11 attached] or simply execute this command remotely to the system: \Windows\System32\wmic product where name=“Cato Client" call uninstall From time to time support may advise doing a clean install. Here is what you would do for a more elaborate clean removal of the SDP client- Uninstall CATO Client by following the Article How To Uninstall the Windows Client, when uninstalling the CATO Client, kindly delete the cache contents located at "C:\Users\User\AppData\Local\CatoNetworks\Cache" Go to Control Panel > Network and Internet -> Network Connections Ensure that all CATO Adapters and Local Area Connection adapter ( WinTun Userspace Adater) have been removed, if they still exist, manually delete them (disabling them alone will not help).Minimize the Windows ZTNA client when it starts
Have you ever wanted to minimize the windows ZTNA client when it start up? Just add a registry key under: Path: HKEY_CURRENT_USER\Software\CatoNetworksVPN Key: start_minimized Value: 1 (DWORD) Restart the service CatoNetworksVPNService and the setting will be applied. That's it! Enjoy!
Tenant Restriction for Box
Hi Community, I would like to use the tenant restriction feature in CASB to limit Box access to specific tenants. https://support.catonetworks.com/hc/en-us/articles/24373653275165-Managing-Tenant-Restrictions-for-SaaS-Apps After checking Box's public documentation, I could not find information on the parameters to insert into the HTTP headers. Are there anyone using tenant restrictions for Box?Post Quantum Cryptography?
The PQC topic is increasingly being raised - what is the current Cato Networks stance on it? My searches only come up with a rather dismissive blog article from last year (https://www.catonetworks.com/blog/is-recent-quantum-hype-by-google-willows-chip-a-threat-to-rsa-algorithm) while competing vendors (that shall be unnamed) are seemingly taking a very aggressive approach - both for preparing to implement these algorithmes into their products as well as being able to detect/block the use of such protocols currently.
