Community Help
Community guides and FAQs
Recent Content
Block specific action(e.g upload,download) in whatsapp desktop application
Hi Folks, I want to block specific action(e.g upload,download) in whatsapp desktop application but it seems does not work as expected. However, it is block successfully in whatsapp web. Does anyone has achieve the same goal in whatsapp desktop app? Thanks.
TLS Inspection and RBI
Hello, I'm new on Cato Cloud and I don't understand the behavior of the Security feature... I have created a local SDP user and assigned it a license, I'm able to connect to the tenant through the client. I've enabled the Internet Firewall, TLS inspection and RBI : Split tunneling is not enabled. I just wanted to test RBI, all other internet traffic is blocked : But when I access https://rbicheck.com which is an uncategorised website, sometimes the site isn't isolated at all like in the simulator, the automatic download is done and the certificate isn't replaced. And sometimes, the website is blocked like any other website : I don't know if I'm missing something, I understood that the changes I make on the CMA takes a few minutes to be acknowledged, the logs aren't helping me... I would be very thankful if someone could help me
Cato Windows SDP Client - TCP443 only
I've got a support ticket in - and am working on this. But I figure I'll throw this out here too: I have an instance of needing Cato SDP Client access - and the vendor's security team is allowing tcp443, but not udp443 nor udp1337. I saw the following recently: https://support.catonetworks.com/hc/en-us/articles/360002577917-Client-TCP-Fallback-for-UDP-Tunnel I have tested this with my own laptop that already has a user and was previously connected. Blocking all ports except TCP443 outbound from my infrastructure for my laptop caused the client after about 90 seconds to connect, and only via TCP. Success! Installed a quick VM (win 11, same cato client version fresh) and performed the same thing. Blocking all access except tcp443 (local DNS is still allowed, as well as ICMP outbound) and the client does not ever fail over as described in the article. Any thoughts? I figure there could be a hidden "registry setting" similar to what they have for changing the UDP ports in use by the client, but my searching has resulted in nothing. Additionally the support rep states they can force TCP at an account or site level, but that isn't what I need - I don't have sockets at these affected sites, just workstations on the internet (firewalled).
Additional South Africa POP
Hi all Does anyone know when a POP will be established in Cape Town? The reason I ask is because quite a lot of times, especially in our 100% remote org working from home, upstream traffic between CPT and JHB is very slow or has issues causing degraded performance. In some cases there's a 50-60Mbps difference between local breakout (without Cato) and the Cato breakout in JHB.
Cato SDP Client - Always On / Prelogin questions
We are switching from another VPN solution and I have some questions about the always-on / pre-login features. Is there any way to see always-on or pre-login connections in the CMA? Do the pre-login sessions use machine credentials? Can we access the machines remotely during pre-login? Use cases / background if we were working on an issue we could restart the machine and login again after the reboot. If the user had an issue we could remote to the machines, do an admin login and resolve issues. with our previous solution we could see the machine/device connections and IP information in the management console. We may be able to use teamviewer remote access but i don't think you can allow pre-login destinations via FQDN. Basically, we would like to be able to see and manage our on-line devices even if they are not logged in. Do split tunnel exceptions work pre-login for something like Teamviewer?
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
Connectivity Alert Email - Interface Names
Hello, By default, the notification emails regarding a disconnected or degraded socket interface include the public IP address of the interface under "Interface Name". This does not match the port name in the socket configuration panel. Is it possible to modify this email template to include the descriptive name instead of, or ideally in addition to, the public IP address? This would be extremely helpful for quickly identifying which ISP is impacted. Not all network engineers have every single public IP in the company committed to memory! (Pictures have been redacted/edited to remove or alter sensitive information)
