Managing Sockets (EA - Traceroute)

Note

Note: This is an Early Availability (EA) feature that is only available for limited release. For more information, contact your Cato Networks representative or send an email to ea@catonetworks.com.

Overview

This article describes these features that help you manage Cato Sockets that are configured for your account:

  • Use the Cato Management Application Socket page (or Socket WebUI) to manage a Socket from one site, and then reassign it to a different one

  • Changing the Socket password from the Socket WebUI

    • Understanding Socket WebUI Certificates

  • Using the Socket reset button to:

    • Reset the Socket password

    • Unassign the Socket from the site

Managing Cato Sockets for a Site

You can use the Socket screen to manage your Sockets for a site, and it shows a detailed overview of each Socket's ports and their state. You can also enable and disable ports.

image.png

it is possible to assign and unassign Sockets for a site via this page. After you unassign a Socket, it is automatically reset to factory default settings. When you assign a Socket to a site, the Cato Management Application pushes the settings to the Socket and overwrites any manual configurations.

To unassign a Socket from a site:

  1. From the navigation menu, click Network > Sites, and select the site with the Socket you are unassigning.

  2. From the navigation menu, click Site Settings > Socket.

  3. From the Actions menu of the site you are unassigning, select Unassign.

    A warning window opens.

  4. Click OK.

    The Socket is unassigned from the site. The account receives a new Notification to activate a new Socket.

To assign a socket to a site:

  1. Click the notification icon notification.png.

  2. In the Notifications panel, click Activate New Socket.

    The message shows the serial number (S/N) for each available Socket.

  3. Click Accept.

    The Assign Socket to a Site window opens.

  4. From the drop-down menu select the site for the Socket.

    Note

    Note: If No Results appears in the window, click Cancel and make sure you selected the right Socket type in the Connection Type field for the site.

  5. Click Continue.

    The Socket is added to the site.

Understanding Socket WebUI Certificates

Socket WebUI certificates have a TTL (Time to Live) of 300 days. When a Socket is started, rebooted, or upgraded, Cato checks when the Socket WebUI’s certificate is due to expire. If the certificate is set to expire within 90 days, a new certificate is generated. Meaning, if you have not upgraded or rebooted your Socket in the last 210 days, you will be issued a new certificate.

Therefore if you wish to update the certificate outside of the account upgrade window, reboot the Socket. Take into account that rebooting the Socket will cause some temporary downtime of your network, while the Socket reboots and reconnects to the PoP.

Note

Note: In a HA pair, if you wish to reboot the Sockets, Cato recommends rebooting the Secondary socket first, and then rebooting the Primary. This would mean that on failover to the Secondary, it will be updated with the new certificate, while the Primary updates with the new certificate.

Unassigning a Socket Using the Socket WebUI

There are some situations where after using the Cato Management Application to unassign a Socket, you can't then assign the same Socket to a different site. For example, if the Socket was disconnected from the Cato Cloud before clicking Unassign. In this case, use the Socket WebUI to unassign the Socket and reset the Socket settings, and then you can use the Cato Management Application to assign it to a different site. The Socket remains at the same hardware version.

Only use the Socket WebUI to unassign a Socket after performing the unassign procedure in the Cato Management Application (see above).

Supported from Socket v15 and higher.

To use the Socket WebUI to unassign a Socket:

  1. Log in to the Socket WebUI locally, see Using the Socket WebUI.

  2. From the Administrations tab, click Unassign.

Changing the Socket Password

You can change the password for the Socket from the Socket WebUI.

The password policy for Cato Sockets is that you must change the password every 90 days. After 90 days, the password expires and the login window for the Socket WebUI prompts you to authenticate and enter a new password. The new password can't be the same as the previous three passwords.

To change the Socket password from the Socket WebUI:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Configuration > Socket.

  3. From the Actions menu of the socket, select Socket WebUI.

    The browser opens a new tab and logs in to the Socket WebUI.

  4. From the menu bar, select Administration.

  5. In the Administrator Password section, enter the current and new password.

  6. Click Confirm. The Socket password is changed.

Resetting the Admin Password and Resetting a Socket

You can use the Socket reset button to perform these actions on the physical Socket:

  • Reset the admin password to the factory default password (admin), which has no impact on the network traffic

  • Reset the Socket to the default settings

    After physically resetting a Socket, if you want to re-assign it to a different site, unassign the Socket from the original site (see above Managing Cato Sockets for a Site).

You must have physical access to the Socket to perform these reset actions. Make sure to press and hold the reset button for the reset actions, instead of repeatedly pressing the button.

Note

Note: You need to use a paper clip and push the button inside the hole for the relevant Socket model. For more information about identifying the correct Socket model see, Overview of Reimaging Cato Sockets.

To reset the admin password on the Socket:

  • X1500 and X1500B Socket models - Press and hold the F/D button for about 10 seconds. The password is reset to the default value: admin.

  • X1600 and X1600 LTE Socket models - Press and hold the Reset/FD button for about 10 seconds. The password is reset to the default value: admin.

  • X1700 Socket models - Press and hold the FD button for about 10 seconds. The password is reset to the default value: admin.

  • X1700B Socket models - Press and hold the Reset/FD button for about 10 seconds. The password is reset to the default value: admin.

To unassign a Socket from the site:

Note

Note: The following should be used only if the Cato tunnel is unavailable and you can't access the Cato Management Application.

  • X1500 and X1500B Socket models - Press and hold the reset button for about 30 - 35 seconds. The Socket is reset to the default settings and the configurations are erased.

  • X1600 and X1600 LTE Socket models - Press and hold the Reset/FD button for about 30 - 35 seconds. The Socket is reset to the default settings and the configurations are erased.

  • X1700 Socket models - Press and hold the FD button for about 30 - 35 seconds. The Socket is reset to the default settings and the configurations are erased.

    Pressing the Reset button powers on and off the Socket.

  • X1700B Socket models - Press and hold the Reset/FD button for about 30 - 35 seconds. The Socket is reset to the default settings and the configurations are erased.

Using the Traceroute Tool from the Socket

Note

Note: This is an Early Availability (EA) feature that is only available for limited release. For more information, contact your Cato Networks representative or send an email to ea@catonetworks.com.

Traceroute is used to identify the routers (hops) between a source and destination. Traceroute works by first sending a packet to the destination IP with a time-to-live (TTL) value of 1. When the packet hits the first router in the path, the router decrements the TTL by 1. Since the new TTL is 0, the router drops the packet and responds with an ICMP time-to-live exceeded message sourced from its own IP address. Traceroute now has the IP address of the first router in the path, so it sends out another packet with the TTL value of 2 (the original TTL incremented by 1), and the second router in the path responds with a TTL exceeded message.

This process is repeated until the traceroute reaches the destination IP address. There is a timer of 60 seconds to complete the traceroute and a maximum of 20 hops.

Choose the Socket link that you are using to run the traceroute and enter the destination hostname or IP address.

These are the types of Socket links that you can run traceroute:

  • LAN - The packets are sent using the internal LAN network for the site.

  • ALT WAN - The packets are sent using the Alt. WAN tunnel over the MPLS network.

  • WAN via Cato - The packets are sent using a tunnel over the Cato Cloud.

  • WAN <ISP> directly - The packets are sent using a tunnel over the Internet directly to the ISP. The Cato Cloud is bypassed.

traceroute_cma.png

To run traceroute from the Socket link:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Configuration > Socket.

  3. From the Actions menu of the socket, select Network Tools. Traceroute is automatically selected.

  4. Under Type, select if the packets are sent through the Cato Cloud or bypass the Cato Cloud.

  5. In Interface, select the link that is sending the packet.

  6. In Destination enter the domain or IP address for the traceroute.

  7. Click Apply.

    The window shows the results of the traceroute test.

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment