Product Update - Mar. 11th, 2024

New Features & Enhancements

  • Split Tunnel Policy for Cato Client: The Split Tunnel Policy provides a granular method to easily configure traffic routing for remote users and control which traffic is tunneled towards the Cato Cloud.
    • Configuration can now be managed from a policy with an ordered rule base
    • Use the Global IP Ranges global object in the Split Tunnel Policy to adjust rules per user or user group
    • No impact to current split tunnel behavior, IP ranges in the policy are added as Global IP Ranges (even if the feature is disabled)
  • Optimized PoP Selection for Socket Sites: We improved the accuracy of our automatic PoP selection mechanism by adding the City field to the General settings of Socket sites. The city for the site lets us use the geographical coordinates where the site is located for ideal PoP selection.
    • The City field is a mandatory field when creating new sites, and is also available in the General settings for existing sites
      • Editing the City field doesn’t impact the current connection to the PoP
  • NAT Policy for Socket Sites: A new site-level NAT policy with granular matching conditions and actions, including DNAT and SNAT. With this policy, you can now integrate with third-party networks (such as contractors) connected over Sockets and require NAT to avoid IP conflicts.
    • The policy is already available for IPsec and Cross Connect sites
  • Cato Management Application Enhancement:
    • Display Degraded Status for Recent Issues: You now have the option to display the Degraded status only for sites with issues that occurred within the past 30 days. Sites with connectivity issues for more than 30 days appear as Connected.
      • Previously the Degraded status was always displayed
  • Important Update for Azure vSocket Sites: Cato identified a new Microsoft validation that impacts Azure vSockets with the Standard_D2s_v4 VM size.
    • All impacted customers were sent a dedicated email, you can see the full details here.
    • For Azure vSocket sites with the Standard_D2s_v4 VM size, it is required to resize the vSocket VM from Standard_D2s_v4 to Standard_D8ls_v5. For more information, see Resizing VMs for Azure vSockets.
    • The vSockets will continue to function normally as long as the VM instance doesn’t power off, so plan your Azure resizing accordingly to prevent future issues. 
  • Reminder - Upcoming EoL for Log Exporter: We are reminding customers that use the Log Exporter feature that it will be End of Life in favor of alternative solutions that provide better coverage, consistency, performance, and ease of use.
    • For accounts that are currently using the Log Exporter, you can continue using this feature until the end of April 2024 (an extension from the original March 2024 EoL date). After this time, you will no longer be able to use this feature to download log files from the Cato AWS S3 bucket. 
    • You can use one of these solutions to export the events for your account:


PoP Announcements

  • For the following PoP locations, a new IP range is now available:
    • Atlanta, US:
    • Casablanca, MA:
    • London, UK:
    • Mumbai, IN:
    • Shanghai, CN: and
  • A new geo-localized IP range is available for Barbados, serviced through the Miami PoP location:
  • Hawaii, US: A new PoP Location will soon be available in Hawaii with this IP range -
  • For the following PoP locations, a new IP range will soon become available:
    • Munich, DE:
    • Vancouver, CA: 


Video Feature Overviews

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful


Add your comment