Discussions

Community platform related questions and suggestions

Forum Widgets

Recent Discussions

Disabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards
Rpe
Comet
8 days ago
85Views
0likes
2Comments
Potential for abuse of the password reset link with https://cc2.catonetworks.com/forgotAdminPassword
Hi, This is Cato Lab from South Korea. Our customer raised a question. Is there any way to prevent malicious actors from repeatedly entering an email address to trigger password reset emails, potentially spamming or annoying administrators? Their concern is that someone could misuse the reset link mechanism to repeatedly send reset emails, causing inconvenience to the administrators or account owners. Does Cato have any existing protections or recommended best practices to mitigate this type of abuse? It will be really helpful if you guys know any type of protection behavior for administrators regarding using this webpage. Thanks, Best Regards, Cato Lab.
catolab
Comet
21 days ago
23Views
0likes
0Comments
Defender for Identity - VPN Integration
Hi, We frequently get false positives from Microsoft Defender for Identity because it's unable to map the IP address Cato assigns a remote user with their laptop hostname. I guess our on prem Microsoft sensors are unaware of the Cato client range. I think the only way to fix it is to send RADIUS accounting events from Cato to the Microsoft sensor, but I don't think this can be done? https://learn.microsoft.com/en-us/defender-for-identity/vpn-integration
DavidG
Meteor
24 days ago
27Views
0likes
0Comments
AWS can't reach Private IP - Cato Client Windows
Hi, on my PC I have the Cato Client to connect to Cato Network. We have a connection with a virtual appliance in AWS in one account. In this account there is a TGW that connect other accounts. I can' reach the private IP of AWS accounts, but all networks are routed in Cato Configuration, TGW and VPC route tables seems ok....The source/destination check is disabled for LAN interface, the client subnet 10.41.0.0/16 is associated to subnet route table, tgw route table and there is also in the other account's route tables..... But the traffic is not going well..... any suggestion ? Many thanks Dario
Dario
Comet
2 months ago
21Views
0likes
1Comment
Policy Change Status
How can I tell if a policy change that has been published is actually live? I have seen changes take anywhere from a minute or so to what seems like 15-20 minutes to take effect and it makes it super tough to troubleshoot.
j_snizzle
Comet
2 months ago
66Views
0likes
2Comments
Wireless Traffic Identified as DSCP18
This is driving me up the wall and I don't see a lot of good options, aside from pester support. We're an Aruba wireless shop and we have some WMM/QoS configured. This ends up with a bunch of events where the Application/Service detected is dscp18 because Cato is picking up on the QoS value from the access point. It makes my life difficult when we try to create WAN Firewall rules based on a service on a given destination(s). Aside from de-allocating that DSCP value on my production SSID's, what can I do? Has anyone else encountered this before?
MichaelQ
Meteor
2 months ago
80Views
0likes
4Comments
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
Cato_Fan_2024
Meteor
3 months ago
74Views
0likes
2Comments
Network routing
Need some confirmation with the routing configuration. Under the Network routing, I can only see the UI says Subnet but I am pretty sure we should be able to route a host say 1.1.1.1/32 as well. The UI does not allow you to put 1.1.1.1/32. Can I just put 1.1.1.1 without the mask and be OKAY?
Solved
Abn
Meteor
3 months ago
65Views
0likes
2Comments
Regarding the Q&A from today's CASB live session
I'm not sure if this is the right place to ask, but is there a way to review the Q&A from the CASB live session that just took place? I’d like to go over what questions were asked and what responses were given.
KojiroZaitsu
Meteor
3 months ago
33Views
1like
1Comment
Connectivity Alert Email - Interface Names
Hello, By default, the notification emails regarding a disconnected or degraded socket interface include the public IP address of the interface under "Interface Name". This does not match the port name in the socket configuration panel. Is it possible to modify this email template to include the descriptive name instead of, or ideally in addition to, the public IP address? This would be extremely helpful for quickly identifying which ISP is impacted. Not all network engineers have every single public IP in the company committed to memory! (Pictures have been redacted/edited to remove or alter sensitive information)
aekcmi
Meteor
4 months ago
153Views
2likes
10Comments