Discussions

Community platform related questions and suggestions

Forum Widgets

Recent Discussions

Always on VPN and troubleshooting connectivity issues
Hi, I wanted to check if anyone else have experienced issues with the users enabled for Always On when their SDP client can not connect. Ocasionaly we see clients can not connect showing different errors, like username not recognized, can not connect, etc. The problem is that our Zoho Assist remote management software is not available if the user laptop is not connected to Internet which it is not when using Always On. How do you guys provide support in this scenario? What we usually do is first disable Always on policy for that user and then re-install the CAto client using either local admin or service desk user account. The problem is that we need to change the passwords to those accounts after giving out to the user by phone. Basically we just need Zoho Assist client traffic to bypass Cato tunnel, we will be testing split tunnel feature and adding Zoho IPs to bypass. Curious to hear your thoughts. Thanks!
Andrii
Joining the Conversation
10 months ago
500Views
1like
3Comments
bypass application
can we Bypass the application in the Socket or still the IP level ?
KCA
Joining the Conversation
9 months ago
217Views
0likes
6Comments
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
Cato_Fan_2024
Making Connections
5 months ago
191Views
0likes
8Comments
Auto disabling of "Secured Private Access" when user in office
In Cato, there is "Cato Connectivity Policy" wherein we can either allow "Allow Internet" or "Allow WAN and Internet" or "Block". We have MPLS in our offices and we wants to have only SWG i.e "Allow Internet" when user is in office so that internal applications go through MPLS and only internet traffic goes through Cato but when same user goes out of office than automatically both Internet and WAN traffic should go through the Cato. We had similar arrangement when we were with Netskope. In Netskope, there is a feature called “Enabling Dynamic Steering” [Refer https://docs.netskope.com/en/enabling-dynamic-steering/] wherein we could decide if users is “On-Premise” then what all traffic needs to be steered to Netskope and whether Private access needs to be enabled or not or only internet traffic is need to be steered. Can this be achieved in similar fashion ?
PrakashRIndia
Staying Involved
9 months ago
175Views
0likes
7Comments
XDR integration with Crowdstrike and SentinelOne
Good day together For XDR there is already the antive EPP from Cato and the API integration for microsoft Defender. At a presentation I once saw 2 more logos from Crowdstrike and SentnelOne. Is there already a release date for this?
Peter_Schwarz
Joining the Conversation
9 months ago
166Views
0likes
4Comments
Connectivity Alert Email - Interface Names
Hello, By default, the notification emails regarding a disconnected or degraded socket interface include the public IP address of the interface under "Interface Name". This does not match the port name in the socket configuration panel. Is it possible to modify this email template to include the descriptive name instead of, or ideally in addition to, the public IP address? This would be extremely helpful for quickly identifying which ISP is impacted. Not all network engineers have every single public IP in the company committed to memory! (Pictures have been redacted/edited to remove or alter sensitive information)
aekcmi
Making Connections
10 months ago
157Views
2likes
10Comments
Disabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards
Rpe
Joining the Conversation
4 months ago
150Views
0likes
2Comments
My Experience So Far With CATO Community
I just created my CATO Community account and, while I realize this is a new thing, I wanted to share some thoughts on my experience. It would have been helpful to get an introduction to the platform as soon as I logged in that could "show me around" basically. In the invite email that I got from my account rep, he gave me a pretty good overview of what the purpose of this community would be, but I think it might be beneficial to have a page that gives the platform an introduction from the beginning. For example, I see that I have this title "Stardust" under my name, and I saw someone else with "Meteor". I don't know what this means, but I assume its some kind of ranking system based off of my participation in the platform. Perhaps how many likes I've gotten. It would be nice to know what the rankings mean, and how to improve. This is just an idea, but perhaps you could also improve your rank by 1) filling out details in your profile 2) reading the Community Guidelines 3) or perhaps accomplishing other objectives that the CATO Community moderators would find helpful. I'm not necessarily advocating for something like daily login rewards, or giving "points" to someone for reading an article, but I do think it would be good to have goals for community members to achieve (like making your 1st post). In fact, I've seen this done in many other communities where they have a pinned Discussion for newcomers to simply say "hi" and introduce themselves. Once again, this may be unfair because this community just got started. I completely realize that. These are just some of my thoughts, and I welcome any other thoughts for this discussion about improving the newcomer experience.
Solved
CATOwner
Joining the Conversation
10 months ago
135Views
0likes
2Comments
Azure Virtual Desktop - Always on policy
Hello! What is best practise for implementing the always on policy for Windows 11 VMs (hybrid domain joined). At the moment if a user session expires the Cato tunnel seems to break. The AVD shows as unavailable in Azure and the user is no longer able to login. Only workaround so far is using the serial console to disable the Cato network adapter or uninstall Cato altogether. Is there a way for the session to still expire while making the domain and other prerequisite AVD features still accessible? Thanks!
jake
Joining the Conversation
3 months ago
100Views
0likes
5Comments
NAT Settings
Hi all We have 2 regions that are using the same IP address. Our legacy network has NATed the IPs, so there is no IP duplication. We plan to migrate the legacy to CATO and tried to use NAT settings as in the kB, but it's not working. Region 1 (192.168.5.6/24) ⇒CATO ⇒ Azure Region 2(192.168.5.6./24)⇒NAT(10.x.x.x)⇒CATO⇒ Azure We configured NAT in the socket but PING or access to the Azure servers.
KCA
Joining the Conversation
9 months ago
96Views
0likes
1Comment