Socket Version 22.0 Release Notes

New Features & Updates

Socket version 22.0 includes the following features:

• Introducing the Layer 7 Socket LAN Firewall: The new Socket Next Gen LAN Firewall policy provides Layer 7 (L7) enforcement and account-level configurations, enabling seamless LAN segmentation. The Socket LAN firewall controls local network traffic without sending the traffic over the last mile to the PoP. This lets you use the Socket to segment the traffic locally while applying application-layer policy controls, without the need for a third-party firewall appliance. 

  • L7 Segmentation: Implement advanced security rules based on applications, services, and domains. For example: 

    • Configure access to on-premise apps dynamically with custom applications as destinations 

    • Enforce secure protocols like SMBv3 over vulnerable versions 

  • Account-Level Policy: Create a single rule that is enforced over multiple sites. This simplifies LAN segmentation at scale with centralized rules using Groups, VLAN IDs, and other flexible criteria 

  • Supported for new customers or customers without existing LAN Firewall rules. Migration isn’t currently supported 

• New vSocket for GCP: For sites hosted in Google Cloud Platform (GCP), you can now deploy a virtual Socket on a GCP virtual machine and extend the advantages of Cato's Sockets into your GCP environment. 

  • The GCP vSocket supports the n2-standard-4 machine type

  • GCP vSockets are available for deployment with Terraform

  • Previously, vSockets were available only for AWS and Azure environments 

• New Socket Monitoring of CPU Usage: Use the Cato Management Application to monitor metrics for Socket CPU usage, and identify if the Socket CPU is related to performance issues for a site. 

  • Available for all customers in the Site Monitoring > Network Analytics page for a site 

  • Customers with a DEM license can also view the Socket CPU metrics as part of the path analysis and more  

  • Supported for virtual Sockets from v.22.0, and for physical Sockets from v21.1

• Important for Azure vSockets - Resuming Automatic Upgrades: With the release of Socket v22.0, we are resuming automatic upgrades for Azure vSockets. To avoid potential incompatibility issues, we recommend that customers with unsupported VM instances such as Standard_D2s_v4 migrate to supported instances.

  • For more information on changing a vSocket to a different VM instance, see the following articles:

    • Changing Azure vSockets to a Different VM Size

    • Migrating Azure vSockets to a 2-NIC Solution

• Security updates:

  • Supported Open SSL version: 3.3.4

  • Supported OpenSSH version: 9.9

Known Limitations

Socket version 22.0 has the following known limitations: