Recent Discussions
Use Case- Bypass internal application access through CATO when in office
I have been using Netskope where there is feature of split tunneling wherein when it detects that you are in office network then you can disable remote access and the traffic to internal application will be routed using your office MPLS/ILL thus only internet traffic going to CATO but when same users are working from home then both remote access as well as internet traffic goes via Netskope. Now with CATO, there is no option with me to exclude traffic going to CATO POP except IP ranges but I want the same experience that when users is in office, only internet traffic goes through CATO and not private access. I want this spliting done through CATO SDP client as I dont have any site license.- MikeOrtega2 months ago
Cato Employee
All members of group is not syncing from Azure AD
Recently we integrated CMA with our Azure AD and synced 3 groups. But some users started reporting that they are not able to login to SDP login and when we did analysis, we found that those users were not reflecting in CMA users and groups module, however at same time, I checked my Azure AD under Enterprise Applications for Cato Networks, I found those users are member of the group which we have synced with CMA. Now there are almost 100 users who are present in the group at Azure AD but same are not reflecting in CMA due to which I am unable to provide access to SDP client. Pls suggest what to do?
Hey, Robin! I currently use Okta to manage my users. How complicated is this to set up with Cato?
You know those situations where someone asks you a question, and you think to yourself "this is something that's going to be asked multiple times?" Yeah, this is one of them. While I was talking with a future Cato Customer, they asked a simple question about how difficult it would be to provision their users with SCIM into the Cato Management Application. Naturally they were hesitant (as this can be a mammoth task with many vendors), but with us, it's a pretty light-lift. Being the egotistical buffoon I am, I thought to record a video in a dimly lit hotel room. Of course we have fantastic product documentation that explains this procedure in detail, but some people are visual learners who want to see the 'final product' instead of the steps along the way. Remember, 5 hours of troubleshooting can often save you 10 minutes of reading the documentation 😀
Robin_Johns15 days ago
Need help with prelogin Intune deployment
Hello, I need to understand how to get prelogin to work for my environment so users can sign in when off of the network. We are deploying devices from intune using the enrollment status page. So it gets deployed to them, they turn it on and it autopilots from there. The cato sdp client is being deployed with patchmypc and has a script in place with that for the required registry keys. The certificates are being deployed inside of a win32 intune win file with a script to install the certificate. Script for the certificate: yes it is password protected pfx file. (We do not have a certificate authority. (This did work for prelogin on my device.) Import-PfxCertificate -FilePath .\Catoprelogin.pfx -Password (ConvertTo-SecureString -String 'mypassword' -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My All of this was successfully installed, what could I be missing? The certificate is an SSL certificate and I confirmed that it worked prior to the autopilot on my personal work computer without autopiloting it. DOES ANYONE HAVE ADVICE OR SUGGESTIONS ON HOW TO SETUP THE INTUNE AUTOPILOT PROFILE, ENROLLMENT STATUS PAGE, OR ANY OF THE ABOVE TO MAKE THIS WORK? WHETHER IT IS DEPLOYING THE CERT A DIFFERENT WAY OR DEPLOYING THE CERTIFICATE WITH THE CATO CLIENT APPLICATION INSTALL. Thanks,
EC2 Instance size selection for use with vSocket.
Hi all, Is there any guideline on selecting the EC2 Instance size for use with vSocket? According to the following KB article, the supported instance sizes are listed. KB:https://support.catonetworks.com/hc/en-us/articles/16150140007069-Deploying-a-vSocket-Site-from-the-AWS-Marketplace However, there is no guide on which instance to select. I would be grateful if there was a guidance such as "Use t3.large for up to 100Mbps." Thank you. Yoshihiro ToyomasuHow does Cato use AI?
Great Question! I've heard a few of our customers and partners ask this question, especially as Cato has appeared in the press more frequently with AI awards. So instead of writing a longform article, I thought I'd start explaining with a high-level overview of what AI/ML is, as well as giving you some examples on how it's applied here at Cato. This is by no means exhaustive (far from it), but we all have to start somewhere....
Robin_Johns17 days ago
Use Case: Block Youtube category but allow some specific youtube video ID(full path url)
Hi All, I am exploring the way to block all youtube but allow some specific youtube video id. The full path url is configured in Application Control policy with action allow and the youtube category is block in Internet Firewall policy. It is not working because application control only take effect with the traffic is allowed in Internet Firewall policy. FYI, full path url is not configureable in Internet Firewall policy. Appreciate if anyone from community can give some ideas. Thanks.Restricting traffic to PoP based out of the country
One peculiar thing I am noticing that traffic goes to outside country when there is 2 POP location based out of India. I want to restrict traffic going outside my country boundary as then it raises multiple queries from regulator. Is there anyway to restrict or prefer POP of my country only unless user is traveling outside country. I have both site as well as SDP users . One network rule has been created to NAT egress traffic for specific application but what will happen if user is connected to PoP outside India.unable to block windows update
My network is getting choked as more than 2 TB download has happened in last 2 weeks. I want to block windows update so that the network is not choked due to auto windows update. I even created Internet Firewall Policy to block Application "windows update" and also added all domains/FQDN used for windows update but still the same is getting downloaded. Though I can see block action in most of the events but looks Cato has defined "Windows update" application under various categories like "Business Systems", "Software Updates", "General", " Computers and Technology". Please let me know how to block complete windows update for all so that there is no data downloaded for the same as already all my users are facing slowness in accessing any web URLs and looks this as of the reasons.
