Forum Discussion

Joining the Conversation

9 months ago

about Always-on Issue

On iOS devices, client certificate authentication and “Always-on” VPN configuration" is created with one configuration profile and distributed through MDM. The Cato Client app is also purchased thro...

michaelsaw

Cato Professional Services

9 months ago

Hi Shiva-SBI,

Noted that MDM is in place.

You mentioned: "The problem with this is that users can manually turn off the VPN switch."

I was reviewing the KB on Always-on with SSO: https://support.catonetworks.com/hc/en-us/articles/4417643184529-Protecting-Users-with-Always-On-Security

Can we check what is the version of Cato Client installed?
Is there a support ticket submitted with our Support team to check further?

Thank you.

shiva-SBI

Joining the Conversation

9 months ago

Hi michaelsaw,

Thank you for your reply.

Yes, a ticket has been opened with support and it has progressed to Tier 3. I posted here to see if there are any admins or partners experiencing the same issue and if anyone has been able to resolve it.

Always-on is set correctly according to the procedure in the Learning Center, and the user's Cato Client is 5.4 or 5.5.

Distributing Device Certificates to macOS and iOS Devices with Jamf

The point of the problem is that Cato Client adds an on-demand VPN configuration automatically after authentication is complete. (It was not a profile.)
This results in two VPN configurations, one added from MDM and one added by Cato Client, and by the user switching between them or deleting the on-demand VPN configuration, unmanaged Internet access becomes possible.

Thank you!!

shiva-SBI

Forum Discussion

about Always-on Issue

Recent Discussions

Uptime for Wan Interface

Visit website with error(HTTP Version Not Supported) with Cato

Remote Port Forwarding

Cato Device Posture Profile problems.. What are others using?

Is there any way to know the actual service signature?