Community Help
Community guides and FAQs
Recent Content
Meraki Integration?
in the 4/27/2026 product announcements it says: Cisco Meraki Access Point Events in Experience Monitoring: Integrate Wi-Fi access point events from Cisco Meraki and correlate them with user experience data to improve troubleshooting of office connectivity issues. Requires a DEM license and configuration of the Cisco Meraki connector We have the required DEM license, but It references setting up the Meraki connector Cisco Meraki: Creating the Experience Monitoring Connector – Cato Learning Center but when we go to set up the Meraki integration there does not seem to be a Meraki integration to configure. What am I missing?
LDAP Integration – Is Password from AD or Local SDP?
Hi, In a setup where LDAP (Active Directory) is configured in Cato for user provisioning only, and no SSO is in place: - Is LDAP also used implicitly for authentication (LDAP bind)? - Or is authentication handled locally by Cato (separate SDP credentials)? There doesn’t seem to be a clear setting indicating LDAP auth vs provisioning-only. Would like to confirm the expected login behavior. Thanks.
IP Containers in Firewall Rule
Acording to the KB, "The Internet firewall inspects traffic between the WAN and the Internet and lets you create rules to control this traffic." Dumb question but then is the firewall one directional? WAN to Internet? I ask because other firewalls have rules/policies that are bi-directional. When I tried to create an Internet firewall rule in CATO and tried to select an IP Container (bad source IP's) it did not have an option, which indicates to me that the Internet Firewall rules are WAN to Internet only. In that case how do I apply an IP Container to block for inbound traffic from the Internet?
HTTP/2 and /3
When using CATO and navigating the internet through a browser, does CATO support protocols above HTTP1. (HTTP/2 and HTTP/3)? A website a user is trying to use only supports these new protocols, and so when connected to the network it shows him in a slowdown mode I have included the site for reference with a support page for this issue https://www.sanity.io/docs/help/http1-performance-issuesCato Connect Idea Hub FAQ
What should I include when posting an Idea? When sharing your Idea, be sure to include: Your use case The problem you’re trying to solve The benefit you hope to gain Any workarounds you’ve tried For example: "I’d love it if the logo could be pink. Our team is often confused because our company branding is pink, and we try to customize the rest of our software to match. I’d like the logo in the Cato Management Application to be pink. I’ve tried other customization options and even retrained our end users, but I still get questions." (Yes, I know this is a silly example, I just like pink.) What do the Idea statuses mean? Idea statuses in the Idea Hub reflect where an idea is in its journey. Here’s what you might see: Crowdsourcing Feedback– This idea is open for discussion! Vote and add your thoughts. The more nuanced the conversation, the more valuable it is to the team. Community Favorite – This idea is generating buzz. Look at all those votes and comments! Exploring Potential – Lots of discussion, but not as many votes. What do we think? Should this gain more traction? We’re Working On It – This idea has made it onto the roadmap. Delivered – The idea has been implemented—woohoo! Not Right Now – This idea doesn’t align with our current vision. Duplicate – This idea has already been brought up. *Note that your ideas may hang out with the same status for a long time, that’s ok! We keep an eye on all ideas, and we want to give them all a chance. How can I weigh in on other people’s Ideas? This space thrives on collaboration! You can: Vote – Click the vote button to show support. Comment – Add your use case, questions, insights, or workarounds. The richer the discussion, the better! Share – If you see a discussion that connects to an Idea, drop the link and invite others to join in. Will my Idea be implemented if it has a lot of votes? While we love seeing highly voted Ideas, implementation depends on many factors: vision, engineering effort, priorities, and, of course, community input. A lot of votes help an Idea get noticed, but they don’t guarantee delivery. That said, we are always discussing and assessing Ideas, so keep them coming! What happens if my Idea is closed? Even if an Idea is closed, it’s still part of the conversation. It may not be the right time for Cato to act on it, but it could spark future discussions, inspire new ideas, or even be revisited later. Don’t let a closed Idea stop you from sharing more! How is the Cato Networks team involved in the Idea process? Our team is actively monitoring and engaging with Ideas. Employees from various teams across Cato participate in the community, and we see everything that gets posted. The Community team collaborates closely with Product to maintain this space and facilitate internal discussions. You may even see a Cato employee jump into a thread to ask questions or share thoughts! How do I increase the visibility of my Idea? Want more votes? Here’s how to get more eyes on your Idea: Find related discussions in the community and drop a link to your Idea. Engage in the comments, every new comment boosts visibility! Encourage teammates who use the Cato software to log in and vote. Share with peers in your network who are Cato clients. I need more help/My Idea is urgent. If you need further assistance, please reach out to your Customer Success Manager. For general inquiries, you can also contact the Community team at community@catonetworks.com Find our official Cato Networks Roadmap here.DNS Forwarding When Overriding Account-Level DNS Settings
Since I cannot leave comments on the KB, I am writing this down for others who may face the same issue. https://support.catonetworks.com/hc/en-us/articles/12710391725981-Centralized-Management-of-SDP-User-DNS-Settings-with-the-DNS-Settings-Policy#UUID-13385199-3a2b-70d3-5da2-ea4ebb98e5dd The article lists the following under Known Limitations: DNS Forwarding is not supported if you override Account Level DNS settings. This known limitation applies when using an untrusted DNS server. If you use a trusted DNS server (such as 8.8.8.8), DNS Forwarding can still be used even when overriding the account‑level settings.Block access to local/home network for Cato Client – force all traffic through Cato tunnel
Hi everyone, we are using the Cato Client (Windows/macOS) for remote users and would like to fully block access to the local/home network when the client is connected. Goal: No access to local LAN subnets (e.g. 192.168.0.0/16, 10.0.0.0/8, printers, NAS, routers, IoT, etc.) No split tunneling or local breakout All traffic should be forced through the Cato tunnel We checked the following areas but could not find a clear way to block local LAN access on the endpoint: Client Connectivity Policy Network Rules Internet / WAN / LAN Firewall Questions: Is it possible to block local/home network access for Cato Clients purely within Cato (endpoint-based), so that local LAN traffic is not reachable at all? If yes: which policy / feature is required (e.g. Client Advanced Controls, specific license, feature flag)? If no: is the recommended approach to enforce this via endpoint controls (e.g. OS firewall / MDM) in combination with Always-On and no split tunneling? Any guidance or best practice from real-world deployments would be highly appreciated. Thanks in advance!
SDP Users - IPV6
Hi all, We have two users, both located in Germany at the moment for holidays, who can't connect using the Cato SDP client. They get an error about the Device Posture. However, when they switch to a mobile hotspot, it will connect fine, so it's not the device posture checks? The only thing I've noticed is that both clients are getting a IPV6 address from their broadband router. In the Cato Event log I can see their device IP is a 169.254.x.x address when they try and connect and are blocked. I just wanted to check if a IPV6 address could cause an issue like this or if there's some extra config we need to do.
User group specified reports
We need to schedule a daily report for users who log in from a specific user group. The report should capture all users who have logged in on a daily basis from the identified group. Kindly confirm the feasibility and share the steps or requirements to enable this reporting. Additionally, while exporting the overall users list, the respective user group details should also be included in the report. Kindly confirm the feasibility and share the required steps or prerequisites to enable this.
