Discussions

Community platform related questions and suggestions

Forum Widgets

Recent Discussions

Always on VPN and troubleshooting connectivity issues
Hi, I wanted to check if anyone else have experienced issues with the users enabled for Always On when their SDP client can not connect. Ocasionaly we see clients can not connect showing different errors, like username not recognized, can not connect, etc. The problem is that our Zoho Assist remote management software is not available if the user laptop is not connected to Internet which it is not when using Always On. How do you guys provide support in this scenario? What we usually do is first disable Always on policy for that user and then re-install the CAto client using either local admin or service desk user account. The problem is that we need to change the passwords to those accounts after giving out to the user by phone. Basically we just need Zoho Assist client traffic to bypass Cato tunnel, we will be testing split tunnel feature and adding Zoho IPs to bypass. Curious to hear your thoughts. Thanks!
Andrii
Comet
8 months ago
401Views
1like
3Comments
Connectivity Alert Email - Interface Names
Hello, By default, the notification emails regarding a disconnected or degraded socket interface include the public IP address of the interface under "Interface Name". This does not match the port name in the socket configuration panel. Is it possible to modify this email template to include the descriptive name instead of, or ideally in addition to, the public IP address? This would be extremely helpful for quickly identifying which ISP is impacted. Not all network engineers have every single public IP in the company committed to memory! (Pictures have been redacted/edited to remove or alter sensitive information)
aekcmi
Meteor
8 months ago
139Views
2likes
10Comments
bypass application
can we Bypass the application in the Socket or still the IP level ?
KCA
Comet
7 months ago
138Views
0likes
6Comments
Auto disabling of "Secured Private Access" when user in office
In Cato, there is "Cato Connectivity Policy" wherein we can either allow "Allow Internet" or "Allow WAN and Internet" or "Block". We have MPLS in our offices and we wants to have only SWG i.e "Allow Internet" when user is in office so that internal applications go through MPLS and only internet traffic goes through Cato but when same user goes out of office than automatically both Internet and WAN traffic should go through the Cato. We had similar arrangement when we were with Netskope. In Netskope, there is a feature called “Enabling Dynamic Steering” [Refer https://docs.netskope.com/en/enabling-dynamic-steering/] wherein we could decide if users is “On-Premise” then what all traffic needs to be steered to Netskope and whether Private access needs to be enabled or not or only internet traffic is need to be steered. Can this be achieved in similar fashion ?
PrakashRIndia
Satellite
7 months ago
134Views
0likes
7Comments
Azure Virtual Desktop Session Host Routing
Hi, has anyone ever set up a route table on Azure so that the route to Microsoft Login subnets goes out through Cato? When we tried doing this, to make sure our AVD users are protected by Cato, users stopped being able to connect to session hosts through the AVD FQDN (broker). I suspect that its either TLS Inspection being enabled for Microsoft Login app (has never been an issue for our laptop users), or that AVD brokering system needs Microsoft Login traffic to go through the internet instead of a private route for some reason.
Cato_Fan_2024
Meteor
4 months ago
117Views
0likes
6Comments
XDR integration with Crowdstrike and SentinelOne
Good day together For XDR there is already the antive EPP from Cato and the API integration for microsoft Defender. At a presentation I once saw 2 more logos from Crowdstrike and SentnelOne. Is there already a release date for this?
Peter_Schwarz
Comet
8 months ago
115Views
0likes
4Comments
Disabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards
Rpe
Comet
2 months ago
100Views
0likes
2Comments
My Experience So Far With CATO Community
I just created my CATO Community account and, while I realize this is a new thing, I wanted to share some thoughts on my experience. It would have been helpful to get an introduction to the platform as soon as I logged in that could "show me around" basically. In the invite email that I got from my account rep, he gave me a pretty good overview of what the purpose of this community would be, but I think it might be beneficial to have a page that gives the platform an introduction from the beginning. For example, I see that I have this title "Stardust" under my name, and I saw someone else with "Meteor". I don't know what this means, but I assume its some kind of ranking system based off of my participation in the platform. Perhaps how many likes I've gotten. It would be nice to know what the rankings mean, and how to improve. This is just an idea, but perhaps you could also improve your rank by 1) filling out details in your profile 2) reading the Community Guidelines 3) or perhaps accomplishing other objectives that the CATO Community moderators would find helpful. I'm not necessarily advocating for something like daily login rewards, or giving "points" to someone for reading an article, but I do think it would be good to have goals for community members to achieve (like making your 1st post). In fact, I've seen this done in many other communities where they have a pinned Discussion for newcomers to simply say "hi" and introduce themselves. Once again, this may be unfair because this community just got started. I completely realize that. These are just some of my thoughts, and I welcome any other thoughts for this discussion about improving the newcomer experience.
Solved
CATOwner
Comet
8 months ago
99Views
0likes
2Comments
X1700 Sockets running 22.0.19219 breaks HA
More of a caution, over the weekend we upgraded our sockets to 22.0.19219. No issues with our X1500's but sites running X1700's in an HA pair caused us some trouble. The HA keepalive no longer works, which was causing traffic to switch between Primary and Secondary sockets. Both sockets are showing as master. Engineering has discovered the root cause and are working on new version of the firmware, but wanted to let you all know in cause you plan to upgrade soon. Sockets can't reach each other via IP, but both sockets are pingable from other devices on the network.
Chris_OT
Comet
6 months ago
89Views
3likes
0Comments
NAT Settings
Hi all We have 2 regions that are using the same IP address. Our legacy network has NATed the IPs, so there is no IP duplication. We plan to migrate the legacy to CATO and tried to use NAT settings as in the kB, but it's not working. Region 1 (192.168.5.6/24) ⇒CATO ⇒ Azure Region 2(192.168.5.6./24)⇒NAT(10.x.x.x)⇒CATO⇒ Azure We configured NAT in the socket but PING or access to the Azure servers.
KCA
Comet
7 months ago
86Views
0likes
1Comment