Has anyone tried scripting to change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location.Not sure where this detail is stored on windows for the client, regkey or config file?Even a cato cli client with a switch to set it?I tried using fqdns as the pop name and having it resolve to a PoP IP in the hosts file, then using a script to change the hosts file entry to the desired PoP IP.... but the client cant use fqdns as the PoP to connect to :D

FlowBeer If I understand what you are wanting to do, then this article may hold some relevance.Understanding Cato Networking in China – Cato Learning CenterI believe we are not allowed to bypass the "Great Firewall of China" by having either sites or SDP users inside of China use a non-China exit-point.Cato - please correct me if that understanding is not accurate.

Thank you for the clarification - I understand better now - that sounds like an RFE I submitted last year to be able to "steer" users via the CMA to either prefer or avoid a PoP/PoPs I specify in the event of a problem that impacts a number of users all on the same prompt.We use Always On, which negates the user being able to manually select a prompt.

Cheers Gordon, and just additionally for anyone else reading this thread - there also seems to be an agreement with GFWoC to block the client connecting to a PoP outside of China - can ping the pop but UDP 443/1337 tunnel times out....manual to a China PoP is fine.

What's the context, why do you want to do that?

Cato Client - manual PoP addressing

12 Replies

michaelsaw
Cato Professional Services
3 months ago
Hi FlowBeer,

Interesting point! Usually Cato Client would connect to the PoP that is most optimal.

Just to understand better, is there a reason when you mentioned: "change the manual pop location so the user can run the script and it will change their client manual pop address to a specific location"? ___

Cheers
- FlowBeer
  Making Connections
  2 months ago
  Hi Michael, delayed response sorry.
  Yes the reasoning is the chinese firewall still impacts traffic when a user connects to a chinese PoP and egresses, via Cato internal backbone, on another "out of country/non-China" PoP (eg HK or Tokyo). The only way to avoid being impacted by the chinese gov FW rules is to have the client tunnel built, end to end, directly to the HK/Tokyo PoP.
  - Gordon
    Staying Involved
    2 months ago
    FlowBeer
    If I understand what you are wanting to do, then this article may hold some relevance.
    
    Understanding Cato Networking in China – Cato Learning Center
    
    I believe we are not allowed to bypass the "Great Firewall of China" by having either sites or SDP users inside of China use a non-China exit-point.
    
    Cato - please correct me if that understanding is not accurate.
FlowBeer
Making Connections
3 months ago
duplicate
Nath
Staying Involved
3 months ago
What's the context, why do you want to do that?
- FlowBeer
  Making Connections
  3 months ago
  I need a simple way for users to adjust and specify the PoP they are connecting to.
  - Nath
    Staying Involved
    3 months ago
    The client normally determines the closest (in terms of latency) PoP to connect to. Once they are connected, can you not use Network Rules to determine where the user traffic egresses from? We use a lot of NAT egress rules, and also ROUTE rules and BACKHAUL rules.
    
    For example, my laptop could connect to a PoP in Ireland, but all the internet traffic could egress via China if you wanted.

Forum Discussion

Cato Client - manual PoP addressing

12 Replies

Recent Discussions

DNS Forwarding off Private Access

SDP Users - IPV6

Degraded Sockets in High Availability

User group specified reports

Multiple events are getting as a single log while pulling the events from the CATO using the API