Discussions

Community platform related questions and suggestions

Forum Widgets

Recent Discussions

Always on VPN and troubleshooting connectivity issues
Hi, I wanted to check if anyone else have experienced issues with the users enabled for Always On when their SDP client can not connect. Ocasionaly we see clients can not connect showing different errors, like username not recognized, can not connect, etc. The problem is that our Zoho Assist remote management software is not available if the user laptop is not connected to Internet which it is not when using Always On. How do you guys provide support in this scenario? What we usually do is first disable Always on policy for that user and then re-install the CAto client using either local admin or service desk user account. The problem is that we need to change the passwords to those accounts after giving out to the user by phone. Basically we just need Zoho Assist client traffic to bypass Cato tunnel, we will be testing split tunnel feature and adding Zoho IPs to bypass. Curious to hear your thoughts. Thanks!
Andrii
Joining the Conversation
12 months ago
672Views
1like
6Comments
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
Cato_Fan_2024
Making Connections
7 months ago
298Views
0likes
8Comments
Disabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards
Rpe
Joining the Conversation
6 months ago
283Views
0likes
2Comments
bypass application
can we Bypass the application in the Socket or still the IP level ?
KCA
Joining the Conversation
11 months ago
268Views
0likes
6Comments
Auto disabling of "Secured Private Access" when user in office
In Cato, there is "Cato Connectivity Policy" wherein we can either allow "Allow Internet" or "Allow WAN and Internet" or "Block". We have MPLS in our offices and we wants to have only SWG i.e "Allow Internet" when user is in office so that internal applications go through MPLS and only internet traffic goes through Cato but when same user goes out of office than automatically both Internet and WAN traffic should go through the Cato. We had similar arrangement when we were with Netskope. In Netskope, there is a feature called “Enabling Dynamic Steering” [Refer https://docs.netskope.com/en/enabling-dynamic-steering/] wherein we could decide if users is “On-Premise” then what all traffic needs to be steered to Netskope and whether Private access needs to be enabled or not or only internet traffic is need to be steered. Can this be achieved in similar fashion ?
PrakashRIndia
Staying Involved
11 months ago
207Views
0likes
7Comments
Cato Client - manual PoP addressing
Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location. Not sure where this detail is stored on windows for the client, regkey or config file? Even a cato cli client with a switch to set it? I tried using fqdns as the pop name and having it resolve to a PoP IP in the hosts file, then using a script to change the hosts file entry to the desired PoP IP.... but the client cant use fqdns as the PoP to connect to :D
FlowBeer
Making Connections
3 months ago
199Views
0likes
12Comments
My Experience So Far With CATO Community
I just created my CATO Community account and, while I realize this is a new thing, I wanted to share some thoughts on my experience. It would have been helpful to get an introduction to the platform as soon as I logged in that could "show me around" basically. In the invite email that I got from my account rep, he gave me a pretty good overview of what the purpose of this community would be, but I think it might be beneficial to have a page that gives the platform an introduction from the beginning. For example, I see that I have this title "Stardust" under my name, and I saw someone else with "Meteor". I don't know what this means, but I assume its some kind of ranking system based off of my participation in the platform. Perhaps how many likes I've gotten. It would be nice to know what the rankings mean, and how to improve. This is just an idea, but perhaps you could also improve your rank by 1) filling out details in your profile 2) reading the Community Guidelines 3) or perhaps accomplishing other objectives that the CATO Community moderators would find helpful. I'm not necessarily advocating for something like daily login rewards, or giving "points" to someone for reading an article, but I do think it would be good to have goals for community members to achieve (like making your 1st post). In fact, I've seen this done in many other communities where they have a pinned Discussion for newcomers to simply say "hi" and introduce themselves. Once again, this may be unfair because this community just got started. I completely realize that. These are just some of my thoughts, and I welcome any other thoughts for this discussion about improving the newcomer experience.
Solved
CATOwner
Joining the Conversation
12 months ago
186Views
0likes
2Comments
XDR integration with Crowdstrike and SentinelOne
Good day together For XDR there is already the antive EPP from Cato and the API integration for microsoft Defender. At a presentation I once saw 2 more logos from Crowdstrike and SentnelOne. Is there already a release date for this?
Peter_Schwarz
Joining the Conversation
11 months ago
183Views
0likes
4Comments
Connectivity Alert Email - Interface Names
Hello, By default, the notification emails regarding a disconnected or degraded socket interface include the public IP address of the interface under "Interface Name". This does not match the port name in the socket configuration panel. Is it possible to modify this email template to include the descriptive name instead of, or ideally in addition to, the public IP address? This would be extremely helpful for quickly identifying which ISP is impacted. Not all network engineers have every single public IP in the company committed to memory! (Pictures have been redacted/edited to remove or alter sensitive information)
aekcmi
Making Connections
12 months ago
171Views
2likes
10Comments
Azure Virtual Desktop - Always on policy
Hello! What is best practise for implementing the always on policy for Windows 11 VMs (hybrid domain joined). At the moment if a user session expires the Cato tunnel seems to break. The AVD shows as unavailable in Azure and the user is no longer able to login. Only workaround so far is using the serial console to disable the Cato network adapter or uninstall Cato altogether. Is there a way for the session to still expire while making the domain and other prerequisite AVD features still accessible? Thanks!
jake
Joining the Conversation
4 months ago
154Views
0likes
5Comments