Cato SDP Client - Always On / Prelogin questions

Hi ddaniel,

I will try to respond in-line:

Is there any way to see always-on or pre-login connections in the CMA?
Always-on are treated as a normal connection to the Cato Cloud. You can see them in the Access Overview page: You can also see here the users that did a Bypass:

Pre-login users are not visible in the CMA.

Do the pre-login sessions use machine credentials?
The pre-login session is done at the machine level (not at the user level) with a certificate and a registry setting. You cannot see those sessions in the CMA. They will start the SDP connection to the Cato POP before the user is logging in. Here is the KB: https://support.catonetworks.com/hc/en-us/articles/5766368718365-Using-Windows-Pre-Login-and-the-SDP-Client

Can we access the machines remotely during pre-login?
Yes you can. You will need to configure the correct settings. I recommend doing so using Jump servers so you will not open the whole network to all the pre-login users.
You can't use FQDN's, but you can use Hosts / IP's / IP ranges into the configuration.

If you find that my post answered your question please mark it as a solution.
Thanks,
Mihai

Thank you.  This information is extremely helpful.  However, if I cannot see the pre-login session in the CMA (or by API)  then there is no good way for me to identify machines in this condition to remotely connect to them.  It would be extremely useful to me if I could see these sessions in the CMA (perhaps with a filter).  That would allow me to use a jump server to get on the machines remotely.