Cato Employee
Thanks. For our company, for a long time we have been hoping for the ability to add a PreLogin destination based on domain name rather than IP address.
Long story short - this will allow our helpdesk team to use a popular Remote Access Tool application to access devices that are at the Windows log-in screen (i.e. PreLogin state). That tool does not publish its IP ranges, as they use a CDN therefore IPs are subject to change. So the only way we could achieve that was to be able to configure a domain object i.e. *.RAT.com
We use Always-On + PreLogin and therefore at the Windows login screen, all internet access is blocked apart from traffic to defined PreLogin destinations. Only IP ranges can be configured for PreLogin unfortunately. So our helpdesk team cannot access devices at this state which hinders them.
Cato EmployeeHey Nath . Would the connect on boot setting help? It will require the user to have logged in once before so the credentials are cached and a valid authentication token is available on the host, but it may help with connectivity. https://support.catonetworks.com/hc/en-us/articles/4417643184529-Protecting-Users-with-Always-On-Security
