Discussions

Community platform related questions and suggestions

Forum Widgets

Recent Discussions

Cato Client - manual PoP addressing
Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location. Not sure where this detail is stored on windows for the client, regkey or config file? Even a cato cli client with a switch to set it? I tried using fqdns as the pop name and having it resolve to a PoP IP in the hosts file, then using a script to change the hosts file entry to the desired PoP IP.... but the client cant use fqdns as the PoP to connect to :D
FlowBeer
Joining the Conversation
6 days ago
34Views
0likes
6Comments
How can i identify, the device with assest tags
I want to identify my device using asset tag do we have any feature or device check
Shaahid
Joining the Conversation
11 days ago
10Views
0likes
1Comment
Azure S2S to Cato Routing
Hi We have an existing site to site vpn to Azure Gateway which then has a vnet to vnet connection to an Azure Gateway in another region. In that region, that vnet gateway is on a vnet with a peering to the Cato vnet. How do i get Cato to be able to see the site to site subnet? The last vnet before the cato peering is able to see the site to site subnet.
Esh
Joining the Conversation
12 days ago
20Views
0likes
3Comments
Clients get Cato cloud DHCP leases on the wrong subnet range vlan
Looking for a solution to our wireless clients getting DHCP leases on the wrong subnet / range / vlan. Some of our clients getting Cato cloud DHCP leases on the same subnet as the access points on trunk native VLAN. VLAN is native VLAN on truk between access points and switches.
csthomas
Joining the Conversation
14 days ago
12Views
0likes
3Comments
Cato and UPnP (hole punching)
We are a new Cato customer and are part way through deploying sockets to our sites. We have discovered an issue with an application which users UPnP. The application (https://parsec.app) typically has an app installed on a device, such as a desktop PC, behind the socket. This is known as the "host". Then the app is also installed on a personal device, outside the network, known as the "client". These should negotiate a peer-to-peer connection using UPnP, but this is not working when the socket is in place. A remote user is not able to connect to their office PC. It worked previously with our previous firewall. And if a remote users has the Cato client installed and running, they are able to connect. It seems like the Cato socket does not support, or is blocking UPnP. Can anyone at Cato confirm if UPnP is supported, and/or offer some advice? Thanks.
MIYO-KEP
Joining the Conversation
15 days ago
64Views
0likes
4Comments
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
Cato_Fan_2024
Making Connections
19 days ago
180Views
0likes
8Comments
Azure Virtual Desktop - Always on policy
Hello! What is best practise for implementing the always on policy for Windows 11 VMs (hybrid domain joined). At the moment if a user session expires the Cato tunnel seems to break. The AVD shows as unavailable in Azure and the user is no longer able to login. Only workaround so far is using the serial console to disable the Cato network adapter or uninstall Cato altogether. Is there a way for the session to still expire while making the domain and other prerequisite AVD features still accessible? Thanks!
jake
Joining the Conversation
26 days ago
100Views
0likes
5Comments
IPSec Tunnel Active-Active Configuration Packet Loss Issue
Hi All, We configured with IPSec Tunnel Active-Active Configuration but we are facing packet loss post Active-Active configuration on IPSec and forced to work on Active- Passive configuration which results in not using both links in the branch. We are using 2 Network links in the Branch and we have Fortinet SDWAN at Branch and IPSec tunnel is created to route all internet to Cato PoP . We are trying to leverage "Multiple Active Tunnels for IPsec Sites "
PrakashRIndia
Staying Involved
2 months ago
63Views
0likes
4Comments
Internet Network Rules - No Option for IP Address
Hi, I’m seeking advice on how to set up a rule in the Network Rules section to allow traffic to egress to a specific destination public IP address on the Internet. When I choose Rule Type as Internet, I don’t see an option to define an IP address in the App/Category field. Do I need to use the Custom Service IP option for this? If so, could you share an example configuration?
Solved
AlvinC
Joining the Conversation
2 months ago
54Views
0likes
4Comments
Anti-Tampering Query- Auto upgrade of client version
In the EA documentation , it is written that :- As part of the Anti-Tampering protections, when Anti-Tampering is enabled, by design, the Client can't be upgraded. To enable an upgrade either manually or using an MDM, there is a specific bypass code that is not connected to disabling Anti-Tampering for the configured duration. My query is as below:- If my policy in client rollout is set as "Automatic by Cato", will the client version get updated or not. If not, then will this create issue in upgrading the version to get benefit and manual upgrade is time consuming
PrakashRIndia
Staying Involved
2 months ago
39Views
0likes
4Comments