For customers that use LDAP for User Provisioning with their Cato account, this article explains how the LDAP traffic goes over the Internet to the Cato Cloud.
When the IdP is syncing over LDAP (such as AD), packets traverse securely from the Cato Cloud to the on-prem or cloud-based server.
The packets are encrypted and then sent from the Cato Management Application to a PoP in the Cato Cloud, and then via Cato's DTLS tunnel to the site where they are decapsulated by the Socket and sent over the LAN. No packet is ever sent over the Internet unencrypted or in an insecure state.
The source IP address of the Cato server for LDAP is a publicly routeable IP address, however only encrypted packets are sent over the Internet.
To identify the Source IP Address for the Cato Management Application, see Source IP Address for the Cato Management Application (You must be signed in to view this article)
0 comments
Please sign in to leave a comment.