CATO always on
Hi, I am currently deploying Cato across my entire organization, transitioning from Fortinet’s VPN platform to Cato’s ZTNA. We are enabling Always On to enforce the use of Cato for all users. Howev...
Forum Discussion
To encourage users to sign-in to the Cato VPN and pickup the Always-On policy you could ensure specific applications are only accessible via your allocated IPs.
For example, we direct the Microsoft Login traffic via our allocated IPs. We use these same IPs in an Entra Conditional Access Policy to ensure SSO can only be performed from the Cato VPN or a user at a Cato office.
Because CAPs can be very granular, you can target the SSO apps or users to suit.