Story Bank
Bite-sized video Stories to simplify SASE use cases, solve challenges, and maximize valueDiscussions
Discussions and questions regarding Cato Networks and SASEBest Practices
Find Cato Networks best practices, tips, tricks, and other helpful information!
Recent Content
"Record Issue" button - what is it for?
The Cato Windows client has included a "Record Issue" button for a long time - but is it actually of any practical use? Whenever I have submitted a support ticket I am never asked to make use of this, but rather been asked to perform a SSS (which is not at all very convenient, especially when attempting to explain to a remote end user how to perform those steps). I now see that the addition of such a button is touted as a major new feature for the macOS Client v5.8 - does this mean that it might actually have become usable for the Windows client as well?
Setting up custom email alerts for changes in CMA
We would like to see email alerts when either of the following changes are made in the Cato Management App Firewall policies are added/modified Routing changes are made. changes are made to the TLS inspection policy Any other changes that could affect the security profile How can we setup such email alerts
LAN Firewall rules - missing "IP range" in src/dst
Anyone else missing an ability to use Custom IP Range as a source or destination in LAN Firewall rule? We use CATO LAN Firewall to control traffic between two separate network zones terminated on two different internal firewalls. Since this is a local traffic in the site, we don't want to route it to Cato Cloud so it's not dependent on WAN links. That's why we use CATO LAN Firewall (formerly Local Routing). But the only options to set Source or Destination are: Global range, Host, Interface subnet, Network Interface and Any. Would be very useful if we can use Custom IP ranges and Host Groups there.
IPS Whitelist GEO_RESTRICTION using domain name
Is there going to be an option in the future to whitelist geoblock IPS using a domain name? Currently only IP addresses affect geo_restriction, so, whitelisting all Microsoft servers in India is a bit like playing whack-a-mole. You can add a domain, but it throws an error (see screenshot below).Area for users to submit and vote for RFEs
Currently the only option to submit an RFE is to contact CATO representative by email and answer a set of template questions. With this method, different users are not aware of RFEs already opened, their status etc. and it is likely they submit similar or the same ideas independently. I would recommend to create an area in this community portal to submit RFEs, review the ones already opened by others and maybe vote for the ones you appreciate. Vote results could be a way for CATO Team to understand what are the needs and expectations of the customers, and maybe prioritize some RFEs over another. RFEs submitted by users could go through a review/approval process first, so CATO Team checks if something similar was already created in the past (to avoid duplicates) or if provided description is complete and enough to start the process.
App catalog categorizations?
"Resources > App catalog" -view lists all the built-in apps, but what are the "rules" that make up an app? For example, what criteria is used to categorize an app as "Amazon AWS"? URLs? IP ranges? In our PoC we used "Atlassian JIRA and Confluence" in a network rule, but found that the rule does not work, when using a custom FQDN, such as customer.atlassian.net.Containers and Network Rules
Hi! We use an IP container for storing large amounts of IP ranges and reference the container in Internet firewall rules. We have a problem we could overcome by referencing the IP Container in a Network Rule, but apparently, the container can only be used with firewall rules, not network rules. Does anyone have any suggestions on how to work around this? In simple terms, the requirement is to define specific IP ranges, to which traffic would then be routed through a NAT rule and a static IP.
Clarification on Bandwidth Limit with Split Tunnel Policy
Hi CATO Community, I have a question regarding the CATO Bandwidth limit in relation to split tunneling policies. I have purchased a 25 Mbps CATO Bandwidth plan. If an SDP Client connects to the CATO Cloud and I configure a split tunnel policy to route some traffic outside of CATO Cloud (e.g., directly to the internet), will this traffic still be limited to the 25 Mbps bandwidth cap? 2, If the traffic is indeed limited, is there any method to bypass this limit for split tunnel traffic? Specifically, I want the split tunnel traffic to bypass the CATO Cloud entirely, avoid any security checks, and enjoy the full speed of our original internet connection. I would appreciate any insights or advice from those who have experience with this configuration. Thanks in advance for your help!
