In the past, some accounts worked with teams at Cato Networks to connect to special AWS PoP locations. As of June 1, 2024, these special PoP locations will be decommissioned and no longer available. To avoid a service disruption you need to change the relevant Network Rules, RPF rules, and site settings to use a different PoP location.
These configurations are impacted by the upcoming decommissioning for one or more of the PoP locations (listed below) because they use an IP that belongs to the PoP location:
-
Network Rules set to egress traffic with Route via or NAT option
-
Remote Port Forwarding (RPF) rules set to forward to external connections
-
IPsec sites - the Public IP for the Primary and/or Secondary tunnel
-
Socket sites - the Primary or Secondary Preferred PoP Location
Best Practice: Use physical Cato PoP locations for settings in your account.
These are the PoP locations that will be decommissioned as of June 1, 2024:
-
California_AWS
-
Frankfurt_AWS
-
Ireland_AWS
-
London_AWS
-
Montreal_AWS
-
Ohio_AWS
-
Oregon_AWS
-
Paris_AWS
-
Sao_Paulo_AWS
-
Singapore_AWS
-
Sydney_AWS
-
Virginia_AWS
Note
Note: Cato is maintaining the following AWS PoP locations: Mumbai_AWS, Seoul_AWS, and Tokyo_AWS.
Edit rules in the Network Rules policy (Network > Network Rules) that egress traffic using an IP address that belongs to one of the impacted PoP locations, so that the rule uses a different PoP location. The IP address is defined for the Route via or NAT method.
Note: The best practice is to configure at least two PoP locations to egress from.
Edit the RPF rules (Network > Remote Port Forwarding) that forward traffic using an IP address that belongs to one of the impacted PoP locations, so that the rule uses a different PoP location.
Edit the Public IP for the Primary and Secondary tunnel for the IPsec site (Network > Sites > {site name} > Site Configuration > IPsec) and assign IPs from a different PoP location.
Edit the Primary and Secondary location for the Preferred PoP Location in the Socket sites, and choose a different PoP location.
After June 1, 2024, if one of the settings above are configured to use a special PoP location, then there can be connectivity issues and service issues for items that match the Network Rules, RPF rules, IPsec sites, or Socket sites.
Please reach out to Cato Support team.
0 comments
Please sign in to leave a comment.