Manage Users from Multiple IdPs: For greater flexibility and simplified user management, you can now configure multiple identity providers (IdPs) to provision and authenticate users. For example, after a merger or acquisition, each company can continue to use their existing IdP, without the complexity of consolidating them. This also includes multiple tenants from the same IdP. Users can now be:
Provisioned from multiple user directories that support SCIM
Authenticated using different SSO providers
Internet and WAN Firewall Rule Hit Counter: The Internet and WAN firewall policies now include a hit counter to help you monitor the performance of each rule in the policy. Hit counts are based on events generated by the rules, and show:
The number of events generated by each rule in the policy
How often the rule is hit relative to other rules (ranked by percentile)
DNS Sinkhole for Improved Visibility into Infected Devices:The new DNS Sinkhole feature intercepts DNS requests attempting to connect to malicious or suspicious domains and returns a designated sinkhole IP address. This protects users and the network while helping admins gain visibility into infected devices.
TheSinkholeaction is available for each protection in theSecurity > DNS Protectionpage
The feature exposes theSource IPaddress in events for the relevant DNS Protection rule
New Policy for Tenant Control with Header Injection: The Header Injection tab in the Security > Application Control page lets you configure header injection rules that limit which tenants the users can access for the applications allowed in your network. The new fully-featured policy lets you define granular rules to control traffic to specific app tenants. For example, you can restrict the tenants that can be accessed by specific user groups or sites.
Exclude a Socket from the Automatic Upgrade Service: You can exclude specific Socket sites from automatically upgrading to the newest version. This ensures business-critical sites are not disrupted during the configuredmaintenance window.
Cato recommends you resume the upgrades after the maintenance window to ensure that the Socket is upgraded in the next cycle
BGP Inbound Route Filters: We are adding support forinbound Route Filters, providing granular control and improved scalability to accept or drop BGP routes.
You can use CIDR lists or BGP communities to determine which routes to filter
Supported for Socket sites v21.1 and higher (requires a manual upgrade)
Near-Real-Time DEM Experience Score and Metrics: We've optimized our infrastructure to deliver DEM Experience scores and metrics that should be updated within a few minutes.
0 comments
Please sign in to leave a comment.