Recent Discussions
DNS Forwarding off Private Access
I'm trying to find a way to fix an issue we have related to DNS forwarding and Windows Active Directory. We have internal DNS servers on the AD DC's and Cato setup to do DNS forwarding. This works fine when the DC's are contactable, but when they aren't (but DNS still resolves) then we get quite a lot of lag on the Windows clients. When clients are away from the office and Secure Private access is disconnected, we see some slow behaviour with the windows client. E.g. when unlocking the screen or entering the wrong password. This seems to be related to the client trying to contact the domain controller and waiting for a timeout (the DC is unreachable because private access is disconnected). I've captured the traffic using wireshark on the client laptop and it's sending the traffic to the CatoNetworks interface but I can't see the traffic in the Cato cloud to allow me to manage this traffic. I can't remove the DNS forwarding because we need it when the private access is connected and for office users, but I need to stop windows thinking the domain is accessible when it is not! Anyone seen this behaviour before or know a way to resolve it?SolvedSimonH4 months agoMaking Connections191Views0likes4Comments
IPSec Tunnel Active-Active Configuration Packet Loss Issue
Hi All, We configured with IPSec Tunnel Active-Active Configuration but we are facing packet loss post Active-Active configuration on IPSec and forced to work on Active- Passive configuration which results in not using both links in the branch. We are using 2 Network links in the Branch and we have Fortinet SDWAN at Branch and IPSec tunnel is created to route all internet to Cato PoP . We are trying to leverage "Multiple Active Tunnels for IPsec Sites "SolvedPrakashRIndia7 months agoStaying Involved226Views0likes4Comments
Internet Network Rules - No Option for IP Address
Hi, I’m seeking advice on how to set up a rule in the Network Rules section to allow traffic to egress to a specific destination public IP address on the Internet. When I choose Rule Type as Internet, I don’t see an option to define an IP address in the App/Category field. Do I need to use the Custom Service IP option for this? If so, could you share an example configuration?SolvedAlvinC8 months agoJoining the Conversation146Views0likes4Comments
Rack Mount
Silly question, but where do I actually find the rack kit referenced here: X1500 X1500B Socket Dual Model Rack Mounting Kit Having a bear of a time actually finding purchase options.SolvedRneal19738 months agoJoining the Conversation161Views0likes1CommentNetwork routing
Need some confirmation with the routing configuration. Under the Network routing, I can only see the UI says Subnet but I am pretty sure we should be able to route a host say 1.1.1.1/32 as well. The UI does not allow you to put 1.1.1.1/32. Can I just put 1.1.1.1 without the mask and be OKAY?SolvedAbn11 months agoMaking Connections134Views0likes2CommentsDirected Broadcast?
Short & sweet: can CATO do Directed Broadcast? Yes, it's for WoL between sites.SolvedBrad1 year agoJoining the Conversation80Views0likes1CommentMy Experience So Far With CATO Community
I just created my CATO Community account and, while I realize this is a new thing, I wanted to share some thoughts on my experience. It would have been helpful to get an introduction to the platform as soon as I logged in that could "show me around" basically. In the invite email that I got from my account rep, he gave me a pretty good overview of what the purpose of this community would be, but I think it might be beneficial to have a page that gives the platform an introduction from the beginning. For example, I see that I have this title "Stardust" under my name, and I saw someone else with "Meteor". I don't know what this means, but I assume its some kind of ranking system based off of my participation in the platform. Perhaps how many likes I've gotten. It would be nice to know what the rankings mean, and how to improve. This is just an idea, but perhaps you could also improve your rank by 1) filling out details in your profile 2) reading the Community Guidelines 3) or perhaps accomplishing other objectives that the CATO Community moderators would find helpful. I'm not necessarily advocating for something like daily login rewards, or giving "points" to someone for reading an article, but I do think it would be good to have goals for community members to achieve (like making your 1st post). In fact, I've seen this done in many other communities where they have a pinned Discussion for newcomers to simply say "hi" and introduce themselves. Once again, this may be unfair because this community just got started. I completely realize that. These are just some of my thoughts, and I welcome any other thoughts for this discussion about improving the newcomer experience.SolvedCATOwner1 year agoJoining the Conversation256Views0likes2Comments
JM1 year agoStaying Involved100Views2likes2Comments