Forum Discussion

SomeGuy's avatar
SomeGuy
Comet
22 days ago

Bypassing Cato via WAN Bypass and Split Tunnel

We need to add around 200 subnets to bypass Cato.  My understanding is that they need to be added to all sites under the Site Configuration/Router/Bypass/Destination and for all SDP users via Access/Client Access Control/Split Tunnel policy. We have nearly 90 sites.  Manually adding 200 subnets to 90 sites doesn't seem like a good time.

Is this possible via the API?  If so, can you point me toward the correct commands.

3 Replies

  • Hi SomeGuy, 

    Can we check that the 200 subnets that you are referring to are source subnets from the 90 sites, right?
    Just to better understand the context, would you share the reason(s) to bypass the selected traffic on Cato?

    Thank you.

    • SomeGuy's avatar
      SomeGuy
      Comet

      Some of the subnets can be found at: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060548

      We're wanting to bypass Zoom meetings/phone/webinar/etc (as well as other similar services) from Cato because individuals are experiencing intermittent jitter/choppiness while doing voice/video calls on Cato.  We're wanting to use an API to manage the bypass list because these subnets change over time and we'd preferred to lean on our scripts to keep the bypass list up to date.

  • I'll +1 this ask. My group originally had hoped to use Terraform for this task, but it looks like support for adding floating subnets isn't there yet for Terraform. Looking through the GraphQL API reference guide, though, I do see a few queries related to floating subnets: Cato Networks GraphQL API Reference

     I guess my remaining questions would be:

    • Would Cato's API support adding and modifying floating subnet ranged via GraphQL?
    • Looking through the API reference guide, it's not clear to me if there is a relevant command to modify bypass rule sets. Is this something the API supports?