Community Help
Community guides and FAQs
Recent Content
Cato Connect Idea Hub FAQ
What should I include when posting an Idea? When sharing your Idea, be sure to include: Your use case The problem you’re trying to solve The benefit you hope to gain Any workarounds you’ve tried For example: "I’d love it if the logo could be pink. Our team is often confused because our company branding is pink, and we try to customize the rest of our software to match. I’d like the logo in the Cato Management Application to be pink. I’ve tried other customization options and even retrained our end users, but I still get questions." (Yes, I know this is a silly example, I just like pink.) What do the Idea statuses mean? Idea statuses in the Idea Hub reflect where an idea is in its journey. Here’s what you might see: Crowdsourcing Feedback– This idea is open for discussion! Vote and add your thoughts. The more nuanced the conversation, the more valuable it is to the team. Community Favorite – This idea is generating buzz. Look at all those votes and comments! Exploring Potential – Lots of discussion, but not as many votes. What do we think? Should this gain more traction? We’re Working On It – This idea has made it onto the roadmap. Delivered – The idea has been implemented—woohoo! Not Right Now – This idea doesn’t align with our current vision. Duplicate – This idea has already been brought up. *Note that your ideas may hang out with the same status for a long time, that’s ok! We keep an eye on all ideas, and we want to give them all a chance. How can I weigh in on other people’s Ideas? This space thrives on collaboration! You can: Vote – Click the vote button to show support. Comment – Add your use case, questions, insights, or workarounds. The richer the discussion, the better! Share – If you see a discussion that connects to an Idea, drop the link and invite others to join in. Will my Idea be implemented if it has a lot of votes? While we love seeing highly voted Ideas, implementation depends on many factors: vision, engineering effort, priorities, and, of course, community input. A lot of votes help an Idea get noticed, but they don’t guarantee delivery. That said, we are always discussing and assessing Ideas, so keep them coming! What happens if my Idea is closed? Even if an Idea is closed, it’s still part of the conversation. It may not be the right time for Cato to act on it, but it could spark future discussions, inspire new ideas, or even be revisited later. Don’t let a closed Idea stop you from sharing more! How is the Cato Networks team involved in the Idea process? Our team is actively monitoring and engaging with Ideas. Employees from various teams across Cato participate in the community, and we see everything that gets posted. The Community team collaborates closely with Product to maintain this space and facilitate internal discussions. You may even see a Cato employee jump into a thread to ask questions or share thoughts! How do I increase the visibility of my Idea? Want more votes? Here’s how to get more eyes on your Idea: Find related discussions in the community and drop a link to your Idea. Engage in the comments, every new comment boosts visibility! Encourage teammates who use the Cato software to log in and vote. Share with peers in your network who are Cato clients. I need more help/My Idea is urgent. If you need further assistance, please reach out to your Customer Success Manager. For general inquiries, you can also contact the Community team at community@catonetworks.com Find our official Cato Networks Roadmap here.
DNS Forwarding When Overriding Account-Level DNS Settings
Since I cannot leave comments on the KB, I am writing this down for others who may face the same issue. https://support.catonetworks.com/hc/en-us/articles/12710391725981-Centralized-Management-of-SDP-User-DNS-Settings-with-the-DNS-Settings-Policy#UUID-13385199-3a2b-70d3-5da2-ea4ebb98e5dd The article lists the following under Known Limitations: DNS Forwarding is not supported if you override Account Level DNS settings. This known limitation applies when using an untrusted DNS server. If you use a trusted DNS server (such as 8.8.8.8), DNS Forwarding can still be used even when overriding the account‑level settings.
Block access to local/home network for Cato Client – force all traffic through Cato tunnel
Hi everyone, we are using the Cato Client (Windows/macOS) for remote users and would like to fully block access to the local/home network when the client is connected. Goal: No access to local LAN subnets (e.g. 192.168.0.0/16, 10.0.0.0/8, printers, NAS, routers, IoT, etc.) No split tunneling or local breakout All traffic should be forced through the Cato tunnel We checked the following areas but could not find a clear way to block local LAN access on the endpoint: Client Connectivity Policy Network Rules Internet / WAN / LAN Firewall Questions: Is it possible to block local/home network access for Cato Clients purely within Cato (endpoint-based), so that local LAN traffic is not reachable at all? If yes: which policy / feature is required (e.g. Client Advanced Controls, specific license, feature flag)? If no: is the recommended approach to enforce this via endpoint controls (e.g. OS firewall / MDM) in combination with Always-On and no split tunneling? Any guidance or best practice from real-world deployments would be highly appreciated. Thanks in advance!
SDP Users - IPV6
Hi all, We have two users, both located in Germany at the moment for holidays, who can't connect using the Cato SDP client. They get an error about the Device Posture. However, when they switch to a mobile hotspot, it will connect fine, so it's not the device posture checks? The only thing I've noticed is that both clients are getting a IPV6 address from their broadband router. In the Cato Event log I can see their device IP is a 169.254.x.x address when they try and connect and are blocked. I just wanted to check if a IPV6 address could cause an issue like this or if there's some extra config we need to do.
Degraded Sockets in High Availability
I have multiple customers that have a LTE sim card just for the main socket. This will have the sockets identify asymmetric WAN connections causing the DEGRADED alert. What can I do to disable the DEGRADED alarm from the site? could it be possible to disable the interfaces so the asymmetric connections don't show as alarmed?
User group specified reports
We need to schedule a daily report for users who log in from a specific user group. The report should capture all users who have logged in on a daily basis from the identified group. Kindly confirm the feasibility and share the steps or requirements to enable this reporting. Additionally, while exporting the overall users list, the respective user group details should also be included in the report. Kindly confirm the feasibility and share the required steps or prerequisites to enable this.Multiple events are getting as a single log while pulling the events from the CATO using the API
Hi Team, We are using the cato-toolbox and using the cloud RIN, we are fetching the events from the CATO SASE. https://github.com/catonetworks/cato-toolbox/tree/main/eventsfeed With this help we are pulling the events from the CATO using the API and forwarding the events to the HUB Server over the specific port. But when we are pulling it was giving multiple events as a single log. As per our SIEM vendor, they cannot split the event log. So can you please let us know if this can be fixed from your side?Cato Client - manual PoP addressing
Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location. Not sure where this detail is stored on windows for the client, regkey or config file? Even a cato cli client with a switch to set it? I tried using fqdns as the pop name and having it resolve to a PoP IP in the hosts file, then using a script to change the hosts file entry to the desired PoP IP.... but the client cant use fqdns as the PoP to connect to :D
