Discussions
Discussions and questions regarding Cato Networks and SASE
Best Practices
Find Cato Networks best practices, tips, tricks, and other helpful information!
Recent Content
Use Case: Block Youtube category but allow some specific youtube video ID(full path url)
Hi All, I am exploring the way to block all youtube but allow some specific youtube video id. The full path url is configured in Application Control policy with action allow and the youtube category is block in Internet Firewall policy. It is not working because application control only take effect with the traffic is allowed in Internet Firewall policy. FYI, full path url is not configureable in Internet Firewall policy. Appreciate if anyone from community can give some ideas. Thanks.
unable to block windows update
My network is getting choked as more than 2 TB download has happened in last 2 weeks. I want to block windows update so that the network is not choked due to auto windows update. I even created Internet Firewall Policy to block Application "windows update" and also added all domains/FQDN used for windows update but still the same is getting downloaded. Though I can see block action in most of the events but looks Cato has defined "Windows update" application under various categories like "Business Systems", "Software Updates", "General", " Computers and Technology". Please let me know how to block complete windows update for all so that there is no data downloaded for the same as already all my users are facing slowness in accessing any web URLs and looks this as of the reasons.
Hey, Robin! I currently use Okta to manage my users. How complicated is this to set up with Cato?
You know those situations where someone asks you a question, and you think to yourself "this is something that's going to be asked multiple times?" Yeah, this is one of them. While I was talking with a future Cato Customer, they asked a simple question about how difficult it would be to provision their users with SCIM into the Cato Management Application. Naturally they were hesitant (as this can be a mammoth task with many vendors), but with us, it's a pretty light-lift. Being the egotistical buffoon I am, I thought to record a video in a dimly lit hotel room. Of course we have fantastic product documentation that explains this procedure in detail, but some people are visual learners who want to see the 'final product' instead of the steps along the way. Remember, 5 hours of troubleshooting can often save you 10 minutes of reading the documentation 😀
Need help with prelogin Intune deployment
Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. So it gets deployed to them, they turn it on and it autopilots from there. The cato sdp client is being deployed with patchmypc and has a script in place with that for the required registry keys. The certificates are being deployed inside of a win32 intune win file with a script to install the certificate. Script for the certificate: yes it is password protected pfx file. (We do not have a certificate authority. (This did work for prelogin on my device.) Import-PfxCertificate -FilePath .\Catoprelogin.pfx -Password (ConvertTo-SecureString -String 'mypassword' -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My All of this was successfully installed, what could I be missing? The certificate is an SSL certificate and I confirmed that it worked prior to the autopilot on my personal work computer without autopiloting it. DOES ANYONE HAVE ADVICE OR SUGGESTIONS ON HOW TO SETUP THE INTUNE AUTOPILOT PROFILE, ENROLLMENT STATUS PAGE, OR ANY OF THE ABOVE TO MAKE THIS WORK? WHETHER IT IS DEPLOYING THE CERT A DIFFERENT WAY OR DEPLOYING THE CERTIFICATE WITH THE CATO CLIENT APPLICATION INSTALL. Thanks,All members of group is not syncing from Azure AD
Recently we integrated CMA with our Azure AD and synced 3 groups. But some users started reporting that they are not able to login to SDP login and when we did analysis, we found that those users were not reflecting in CMA users and groups module, however at same time, I checked my Azure AD under Enterprise Applications for Cato Networks, I found those users are member of the group which we have synced with CMA. Now there are almost 100 users who are present in the group at Azure AD but same are not reflecting in CMA due to which I am unable to provide access to SDP client. Pls suggest what to do?Restricting traffic to PoP based out of the country
One peculiar thing I am noticing that traffic goes to outside country when there is 2 POP location based out of India. I want to restrict traffic going outside my country boundary as then it raises multiple queries from regulator. Is there anyway to restrict or prefer POP of my country only unless user is traveling outside country. I have both site as well as SDP users . One network rule has been created to NAT egress traffic for specific application but what will happen if user is connected to PoP outside India.
EC2 Instance size selection for use with vSocket.
Hi all, Is there any guideline on selecting the EC2 Instance size for use with vSocket? According to the following KB article, the supported instance sizes are listed. KB:https://support.catonetworks.com/hc/en-us/articles/16150140007069-Deploying-a-vSocket-Site-from-the-AWS-Marketplace However, there is no guide on which instance to select. I would be grateful if there was a guidance such as "Use t3.large for up to 100Mbps." Thank you. Yoshihiro ToyomasuWhat's New at Cato this week?
“Hey Robin! What’s new at Cato Networks this week?” I hear you ask. Well you could read the release notes, but here’s the key points in under a minute 😀 Let me know if you like this type of video with a reaction, repost or comment. If you think it’s worthwhile, I’ll turn it into a weekly series. Bonus points if you can guess where in the world where this was recorded… Read this weeks full release notes here.How does Cato use AI?
Great Question! I've heard a few of our customers and partners ask this question, especially as Cato has appeared in the press more frequently with AI awards. So instead of writing a longform article, I thought I'd start explaining with a high-level overview of what AI/ML is, as well as giving you some examples on how it's applied here at Cato. This is by no means exhaustive (far from it), but we all have to start somewhere....
