Recent Discussions
Relocate of Old Socket to new location
Hi Cato Community Has anyone previously attempted to relocate an old socket to a new site or location? We are looking for the best method to move the existing socket without impacting its current configuration. In addition to relocating the old socket, we will also be deploying a new socket at the new site—resulting in two sockets operating in the new location. Any guidance or recommendations based on your experience would be greatly appreciated.SolvedCarlson3 months agoMaking Connections94Views0likes3CommentsQuestion About the "Internet as a Transport" Setting in Link Health Rules
In Link Health Rules, there is a setting called "Internet as a Transport." Specifically, what types of links does this refer to? Does this include Off-Cloud or Alt.WAN links?SolvedKojiroZaitsu11 months agoMaking Connections158Views0likes1Comment
Microsoft Defender for Endpoint alerts no longer showing in Stories Workbench
I'm seeking advice regarding the integration between Cato XDR and Microsoft Defender for Endpoint (MDE). Previously, MDE alerts were being displayed correctly in Cato XDR (Home > Stories Workbench), but since yesterday, new incidents detected in MDE are no longer appearing in XDR. Below is the current status of our investigation: When an incident occurs on a device, it is properly detected and displayed in MDE. The integration with MDE was successfully completed, and the corresponding application in Entra ID has been granted the following application permissions with admin consent: SecurityAlert.Read.All SecurityIncident.Read.All ThreatHunting.Read.All User.Read (delegated) User.Read.All (application) In Microsoft Entra ID, the Sign-in logs show that all sign-ins by the service principal are marked as "successful." We tried deleting "Microsoft Defender" once from Security > Endpoint Connector and re-integrating it, but the alerts still do not appear in XDR. I would greatly appreciate any advice or insights to help resolve this issue. Thank you very much in advance.SolvedNaoki11 months agoMaking Connections191Views0likes2CommentsFalse positives with Cato's anti-malware.
Hello, Is there a point of contact to send specimens when false positives occur with Cato's anti-malware?SolvedMinato11 months agoJoining the Conversation159Views0likes2Comments
Local VLAN routing
I have configured multiple VLANs at site. Client on VLAN A is unable to ping VLAN B interface on the same socket. Decided to use the Local Firewall rules to allow Any Any between VLAN A and B but still unable to ping. Note: No issue with IP assignment and Clients can ping their gateways. What could I be missing? Another question. From the KB, the default behavior for the Socket is to forward all traffic to the PoP for security inspection. My question is - what is the default policy on the PoP side if a LAN firewall rule is not configured?SolvedAbn1 year agoMaking Connections260Views0likes6CommentsSeamless SSO with External vs. Embedded Browser – Conditional Access & Compliance Issues
Hi Community, I'm currently testing Seamless SSO with Cato and ran into an issue that I’d appreciate some input on. When using an external browser for authentication, Conditional Access (CA) policies work as expected, and compliant devices are recognized. However, when trying to authenticate via the embedded browser, the device fails to report compliance, which leads to failed Conditional Access checks. My questions are: Is Seamless SSO currently supported when using the external browser flow with full Conditional Access and device compliance evaluation? Is there any official support or workaround for enabling embedded browser authentication with Conditional Access and device compliance checks? For example, is there any roadmap item or setting that might allow the embedded browser to pass device compliance state? I’ve reviewed the official SSO guide, but it doesn’t address this specific scenario. Thanks in advance for any insights or guidance!SolvedArben1 year agoJoining the Conversation276Views1like2CommentsIs the App Activities Integration for MS Apps unavailable with the M365 Business plan?
Hi, I would like to visualize data within M365 using App Activity. According to the following online document, it seems that a "Microsoft 365 E3 license" is required. Could you please confirm whether this feature is not supported with "Microsoft 365 Business Premium" ? Reference: Microsoft Apps (Including Copilot): Configuring the App Activities Integrations https://support.catonetworks.com/hc/en-us/articles/24373065734045-Microsoft-Apps-Including-Copilot-Configuring-the-App-Activities-Integrations Thank you in advance.SolvedNaoki1 year agoMaking Connections103Views0likes1CommentDoes Cato perform application identification based solely on ports?
We'd like to understand how deep Cato's application awareness goes. For example: If someone establishes an SSH connection over a non-standard port (e.g., TCP 222), would it still be recognized as SSH? If we block "SSH" as a service, could a user bypass this by using a custom port? Does blocking SMTP also cover traffic not using the default ports (25, 465, 587)? To allow SSH only over port 22, what would be the correct rule setup? We’re aiming for precise control similar to App-ID behavio.SolvedGiuDNica1 year agoMaking Connections185Views1like1CommentWhat is the optimal way to export the configuration of all Sockets?
We’re looking for an efficient method to extract and document Socket configurations across all sites, especially focusing on WAN/ISP information. Is there a recommended export tool or API-based approach to achieve this?SolvedGiuDNica1 year agoMaking Connections181Views0likes3CommentsHow can I ping or perform health checks on the Cato Socket's WAN interface from the public internet?
We’d like to monitor WAN availability externally (e.g., via public ping or other health check methods). Is there a supported way to reach and test the Socket’s WAN interface from outside the Cato network?SolvedGiuDNica1 year agoMaking Connections187Views0likes2Comments
