Device posture basis domain name

Question

One of the issue we raised during Cato Connect program was around device posture policy basis domain and it was clarified that this falls under advanced configuration and can be done by support/CSM team. I raised ticket for the same and the response was that they can apply but from backend and at account level. I want to exclude some of my senior management from this policy but it is not feasible now since done at account level. Also I cant do testing by applying this device posture basis domain for some 2-3 users to see if it works properly and also no option from frontend to disable if there is any issue and totally depend on service ticket and backend team. This makes this good policy not to be deployed as it has potential risk since neither testing can be done nor exclusion can be done unlike any other device posture policy since policy deployed from backend and deployed at account level.

prakashrindia · Answer

I have already discussed with Cato representatives but seems i need to raise RFE for this as well.

michaelsaw · Answer

Hi PrakashRIndia,&nbsp;This is an interesting point.understand you would like to have domain-registered device/user as a device posture check, right?Would you share your concerns when you mentioned "to exclude some of my senior management from this policy"?&nbsp;Cheers

prakashrindia · Answer

Hi michaelsaw​&nbsp; ,Since this device posture policy is not applied from front end console but back end team, if there is any issue noticed and we need to roll back than we again are dependent on Cato Support Team and we dont want to include our top &amp; senior management during testing as it will lead to high esclations and also we have employee base of 5000 which again has a cascading impact as rule cant be disabled by us when we want. Ideally all configurations should be left with console admin but why this is with backend team, I dont understand.

michaelsaw · Answer

Hi PrakashRIndia,
I understand your situation.
You would like to have this domain-check feature to be made available on CMA and be able to configure it for selected pilot users, instead of all users in the organization, right?I believe if would be good to have a conversation with your assigned Cato Representatives to discuss further on the details/next actions.
Cheers

Forum Discussion

Device posture basis domain name

4 Replies

Recent Discussions

Post Quantum Cryptography?

ARM version?

Uptime for Wan Interface

Blocking icloud private relay "nicely"

Endpoint Device DNS Resolution