Cato EmployeeHi Naoki san,
"Allow" permits the specified activity without tracking.
"Monitor" allows tracking and visibility of the permitted activity
Yes. "Allow" can be configured with Event Tracking, as/when required.
If "Monitor" with Event Tracking is configured, there may be duplicate events.
Here is a link for reference: https://support.catonetworks.com/hc/en-us/articles/13314302436253-Managing-the-Application-Control-Policy
Is this alright?
Thank you.
Hi michaelsaw,
Thanks for getting back to me.
In your response, you mentioned:
"Allow" permits the specified activity without tracking.
"Monitor" allows tracking and visibility of the permitted activity.
I just want to make sure I understand correctly.
When using "Allow," does that mean the activity isn’t tracked at all and won’t show up on the Dashboard?
Or is the main difference that with "Allow," tracking can be turned on or off, while "Monitor" always has tracking enabled?
Appreciate your help—thanks in advance!
Cato EmployeeHi Naoki san,
Appreciate your feedback.
When using Allow, we have an option to enable or disable "Events", depending on requirements.
When using Monitor, "Event" is enabled.
Would this be alright?
Thank you.
Hi michaelsaw,
Thank you for your reply.
When using "Allow," does it not appear on the Dashboard?
Thank you!
Cato EmployeeHi Naoki san,
If the inline traffic is inspected by TLS (TLS Inspection) and a Clould Application Rule is configured (Allow / Block / Monitor), the traffic will show on Cloud Application Dashboard.
For Out-of-band traffic, we would consider SaaS security API/API integration.
This can be verified in a test/lab environment, as required.
Here are 2 related KBs, for reference:
https://support.catonetworks.com/hc/en-us/articles/23911645308957-Using-the-Cloud-Activity-Dashboard
https://support.catonetworks.com/hc/en-us/articles/13314302436253-Managing-the-Application-Control-Policy
Thank you.
