Cato EmployeeEver wondered what's brewing behind the scenes at Cato? What new features are simmering on the stove, and which ones have already been plated and served?
We've got you covered! Our Roadmap page is your go-to place to see what's in the works, what's rolling out, and what's already live.
Click the 'Follow' button to subscribe, and get all the updates directly to your inbox.
Example from last update:
Lots of great features being developed. Can you advise a bit more on what this one entails?
Cato EmployeeHi Nath, thank you for your feedback!
Weβre currently refining the scope of this feature, but generally speaking: Cato Client will determine which traffic is routed through Cato Cloud and which traffic is bypassed, based on criteria configured by the admin.
If you're interested in this feature, could you share which specific capabilities matter most to you?
Thanks. For our company, for a long time we have been hoping for the ability to add a PreLogin destination based on domain name rather than IP address.
Long story short - this will allow our helpdesk team to use a popular Remote Access Tool application to access devices that are at the Windows log-in screen (i.e. PreLogin state). That tool does not publish its IP ranges, as they use a CDN therefore IPs are subject to change. So the only way we could achieve that was to be able to configure a domain object i.e. *.RAT.com
We use Always-On + PreLogin and therefore at the Windows login screen, all internet access is blocked apart from traffic to defined PreLogin destinations. Only IP ranges can be configured for PreLogin unfortunately. So our helpdesk team cannot access devices at this state which hinders them.
Cato EmployeeHey Nath . Would the connect on boot setting help? It will require the user to have logged in once before so the credentials are cached and a valid authentication token is available on the host, but it may help with connectivity. https://support.catonetworks.com/hc/en-us/articles/4417643184529-Protecting-Users-with-Always-On-Security
Thanks GeorgePetre - no, we have always-on configured for all our corporate Windows devices, and that implictly configures ConnectOnBoot.
The users are connected fine and as expected. It is just how the interaction between Always-On + PreLogin works with Cato for Windows devices that results in this scenario.
Reference: https://support.catonetworks.com/hc/en-us/articles/5766368718365-Using-Windows-Pre-Login-and-the-SDP-Client
So we just need to be able to add Domain or FQDN objects to PreLogin Allowed Destinations to fix our problem. Currently only IP address is allowed.
