Forum Discussion

Comet

25 days ago

Solved

Does Cato perform application identification based solely on ports?

We'd like to understand how deep Cato's application awareness goes. For example: If someone establishes an SSH connection over a non-standard port (e.g., TCP 222), would it still be recognized as S...

bizzle90
25 days ago
Hi GiuDNica,

Thanks for the post.

So Cato PoPs are able to determine most applications using Layer 7 analysis in our engines. Of course, there are many factors to consider such as TLS inspection, type of application, payload etc etc

In fact, Cato uses the SPACE mechanism regarding packet flows and inspection when traffic ingresses the PoPs:

https://support.catonetworks.com/hc/en-us/articles/12545093882909-Understanding-Packet-Flow-with-Cato-SPACE-Architecture

Regarding your concerns, you can leverage the Cato Internet or WAN Firewall configuration. Please see our best practices KB:

https://support.catonetworks.com/hc/en-us/articles/360004274777-Internet-and-WAN-Firewall-Policies-Best-Practices#UUID-b2dade55-ef58-cdb4-a6b6-e299faa82f58

You can also look to use the Application Control Policy via our CASB solution:

https://support.catonetworks.com/hc/en-us/articles/4405498289053-What-is-the-Unified-CASB-Solution#UUID-25e9f60e-ae77-aac1-37b4-bd151762e33d

https://support.catonetworks.com/hc/en-us/articles/13314302436253-Managing-the-Application-Control-Policy

I hope this helps.

bizzle90

Cato Employee

25 days ago

Hi GiuDNica,

Thanks for the post.

So Cato PoPs are able to determine most applications using Layer 7 analysis in our engines. Of course, there are many factors to consider such as TLS inspection, type of application, payload etc etc

In fact, Cato uses the SPACE mechanism regarding packet flows and inspection when traffic ingresses the PoPs:

https://support.catonetworks.com/hc/en-us/articles/12545093882909-Understanding-Packet-Flow-with-Cato-SPACE-Architecture

Regarding your concerns, you can leverage the Cato Internet or WAN Firewall configuration. Please see our best practices KB:

https://support.catonetworks.com/hc/en-us/articles/360004274777-Internet-and-WAN-Firewall-Policies-Best-Practices#UUID-b2dade55-ef58-cdb4-a6b6-e299faa82f58

You can also look to use the Application Control Policy via our CASB solution:

https://support.catonetworks.com/hc/en-us/articles/4405498289053-What-is-the-Unified-CASB-Solution#UUID-25e9f60e-ae77-aac1-37b4-bd151762e33d

https://support.catonetworks.com/hc/en-us/articles/13314302436253-Managing-the-Application-Control-Policy

I hope this helps.

Forum Discussion

Does Cato perform application identification based solely on ports?

Recent Discussions

Seamless SSO with External vs. Embedded Browser – Conditional Access & Compliance Issues

Cato Connect Event: AMA with Professional Services

Policy Rule Not Hitting When Destination is Set to 'Any' – Expected Behavior?

Is the App Activities Integration for MS Apps unavailable with the M365 Business plan?

CATO always on