Forum Discussion

FlowBeer's avatar
FlowBeer
Icon for Making Connections rankMaking Connections
3 months ago

Cato Client - manual PoP addressing

Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location. Not sure where this detail is s...
michaelsaw's avatar
michaelsaw
Icon for Cato Professional Services rankCato Professional Services
3 months ago

Hi FlowBeer, 

Interesting point! Usually Cato Client would connect to the PoP that is most optimal.

Just to understand better, is there a reason when you mentioned: "change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location"? ___

Cheers

 

FlowBeer's avatar
FlowBeer
Icon for Making Connections rankMaking Connections
2 months ago

Hi Michael, delayed response sorry.

Yes the reasoning is the chinese firewall still impacts traffic when a user connects to a chinese PoP and egresses, via Cato internal backbone, on another "out of country/non-China" PoP (eg HK or Tokyo). The only way to avoid being impacted by the chinese gov FW rules is to have the client tunnel built, end to end, directly to the HK/Tokyo PoP.

  • Gordon's avatar
    Gordon
    Icon for Staying Involved rankStaying Involved
    2 months ago

    FlowBeer​ 
    If I understand what you are wanting to do, then this article may hold some relevance.

    Understanding Cato Networking in China – Cato Learning Center

    I believe we are not allowed to bypass the "Great Firewall of China" by having either sites or SDP users inside of China use a non-China exit-point.

    Cato - please correct me if that understanding is not accurate.

    • FlowBeer's avatar
      FlowBeer
      Icon for Making Connections rankMaking Connections
      2 months ago

      Thanks Gordon, I want to disassociate this as being a China Issue I am looking to overcome - rather a request to more easily, as an administrator, be able to influence the manual PoP the user on SDP connects to.

      At the moment to manually change the SDP PoP the user needs to either not have "on demand" client connection or have always on with the ability to disconnect with the PW to disconnect from the SDP taken from the portal at that time (temp bypass does not let you change the PoP). Once they have disconnected they need to manually put in the PoP IP they wish to connect to.... this is not a favourable option when wanting to make this easy and administrate centrally/via profile.

      I can think of a number of scenarios I might be in where I would need to influence the PoP an SDP user or group of users connects to.

      • Gordon's avatar
        Gordon
        Icon for Staying Involved rankStaying Involved
        2 months ago

        Thank you for the clarification - I understand better now - that sounds like an RFE I submitted last year to be able to "steer" users via the CMA to either prefer or avoid a PoP/PoPs I specify in the event of a problem that impacts a number of users all on the same prompt.

        We use Always On, which negates the user being able to manually select a prompt.

    • michaelsaw's avatar
      michaelsaw
      Icon for Cato Professional Services rankCato Professional Services
      2 months ago

      Hi Gordon,

      Your understanding is correct.
      Perhaps FlowBeer​ would like to reach out to a assigned Cato representative to consider on options.
      Perhaps consider an app that is allowed in China. 

      Cheers