This article answers FAQ on how to transition to the Client Connectivity Policy.
Overview
The Client Connectivity Policy lets you centrally manage rules that define posture requirements for any device connecting to your network with the Cato Client. This includes checking the operating system running on the device, checking for an approved Device Certificate, and many additional checks.
Due to the enhanced functionality and protection of the Client Connectivity Policy, Cato requires you to create rules in the Client Connectivity Policy to meet your device posture requirements and no longer use the Device Authentication page.
Device certificates can still be managed from the Access > Client Access page. For more information, see Controlling Certified Corporate Devices.
The Device Certificate check has minimum Client version requirements. For more information, see Creating Device Posture Profiles and Device Checks.
Frequently Asked Questions
How do I Manage Device Posture Requirements with the Client Connectivity Policy?
For more information on how to manage your Client Connectivity Policy, see Configuring the Client Connectivity Policy. Example configurations are outlined below.
Example 1: Blocking Devices Without Certificates
If you configured Device Authentication to require Windows devices to have a matching device certificate:
- Create a Device Check for a Device Certificate on Windows devices
- Create a Device Posture Profile that includes the Device Certificate Device Check
- Create a Client Connectivity Policy rule to allow access for Windows devices that are compliant with the Device Posture Profile
- Update the priority of the new rule to meet your requirements.
After creating the rule above, only Windows devices with the required certificate can access the network.
Example 2: Blocking User(s) on Specific Operating Systems
If you configured Device Authentication block a specific user on a macOS device:
- Create a Client Connectivity Policy rule to block macOS devices and add the specific user(s)
- Update the priority of the new rule to meet your requirements.
What are the Changes to My Account?
After June 1st, 2024, the Device Authentication page will still be available in the Cato Management Application. It will continue to be available until you complete the transition and there will be no change in behavior for your users or account.
What Happens if I Don't Create Client Connectivity Rules?
There will be no change in behavior for your users, but you must start managing your Device Posture requirements with the Client Connectivity Policy as soon as possible. If you need more assistance or need more time to make this change, please contact your account representative.
Who do I Talk to If I have Questions?
If you require additional assistance or help to make this change, please contact your Cato account representative or Support.
0 comments
Please sign in to leave a comment.