Bypassing Cato via WAN Bypass and Split Tunnel

Question

We need to add around 200 subnets to bypass Cato. My understanding is that they need to be added to all sites under the Site Configuration/Router/Bypass/Destination and for all SDP users via Access/Client Access Control/Split Tunnel policy. We have nearly 90 sites. Manually adding 200 subnets to 90 sites doesn't seem like a good time.

Is this possible via the API? If so, can you point me toward the correct commands.

someguy · Answer

Some of the subnets can be found at: https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060548

We're wanting to bypass Zoom meetings/phone/webinar/etc (as well as other similar services) from Cato because individuals are experiencing intermittent jitter/choppiness while doing voice/video calls on Cato. We're wanting to use an API to manage the bypass list because these subnets change over time and we'd preferred to lean on our scripts to keep the bypass list up to date.

michaelsaw · Answer

Hi SomeGuy,&nbsp;
Can we check that the 200 subnets that you are referring to are source subnets from the 90 sites, right?Just to better understand the context, would you share the reason(s) to bypass the selected traffic on Cato?
Thank you.

foote · Answer

I'll +1 this ask. My group originally had hoped to use Terraform for this task, but it looks like support for adding floating subnets isn't there yet for Terraform. Looking through the GraphQL API reference guide, though, I do see a few queries related to floating subnets: Cato Networks GraphQL API Reference

I guess my remaining questions would be:

Would Cato's API support adding and modifying floating subnet ranged via GraphQL?
Looking through the API reference guide, it's not clear to me if there is a relevant command to modify bypass rule sets. Is this something the API supports?

gianlucaulivi · Answer

Zoom is now a supported application to do destination bypass for:

For other massive bypass I was not able to find an API call to do it so I took the a different approach by running a python script that opens a Selenium WebDriver, loops a list of IP Addresses and for each of them writes it in the text box and press enter (equivalent of clicking "add"):

I do not have the script published at the moment as it's part of a larger "multi-tool" repo I have, but if needed I can move it to a dedicated git repo and share it.

gianlucaulivi · Answer

I was not able to find an API call to do it so I took the a different approach by running a python script that opens a Selenium WebDriver, loops a list of IP Addresses and for each of them writes it in the text box and press enter (equivalent of clicking "add"):

I do not have the script published at the moment as it's part of a larger "multi-tool" repo I have, but if needed I can move it to a dedicated git repo and share it.

Forum Discussion

Bypassing Cato via WAN Bypass and Split Tunnel

5 Replies

Recent Discussions

Python script to add or delete a network in a site

Add Interface Subnets to User Defined Groups

Account Access Request's mutation API

Custom Category creation via API/Terraform

API call to return number of current SDP sessions?