GiuDNica
2 days agoComet
Does Cato perform application identification based solely on ports?
We'd like to understand how deep Cato's application awareness goes.
For example:
If someone establishes an SSH connection over a non-standard port (e.g., TCP 222), would it still be recognized as SSH?
If we block "SSH" as a service, could a user bypass this by using a custom port?
Does blocking SMTP also cover traffic not using the default ports (25, 465, 587)?
To allow SSH only over port 22, what would be the correct rule setup?
We’re aiming for precise control similar to App-ID behavio.