We recommend that you allowlist the following processes and URLs for all security endpoint software and solutions according to the specified OS.
For more information, see Preparing to Install the Cato Client.
The following section lists the processes and URLs for all security endpoint software and solutions, regardless of the operating system
-
vpn.catonetworks.net
-
vpn.us1.catonetworks.com
-
vpn.in1.catonetworks.com
- vpn.jp1.catonetworks.com
-
c-me.catonetworks.net
-
v-me.catonetworks.net
-
sso.catonetworks.com
-
sso.via.catonetworks.com
-
auth.catonetworks.com
-
auth.us1.catonetworks.com
-
auth.in1.catonetworks.com
- auth.jp1.catonetworks.com
-
sso.ias.catonetworks.com
-
localhost - 127.0.0.1 (for the SSO token)
-
https://client-telemetry.main.prod.k8s.catonet.works/pub/update
- https://client-telemetry.us1.catonetworks.com/pub/update
- https://client-telemetry.in1.catonetworks.com/pub/update
- https://client-telemetry.jp1.catonetworks.com/pub/update
-
https://network-segmentation.catonetworks.com
-
https://sso.catonetworks.com/login
-
https://sso.via.catonetworks.com/auth_results
-
https://auth.catonetworks.com/oauth1/broker/code/onelogin
-
https://auth.us1.catonetworks.com/oauth1/broker/code/onelogin
-
https://auth.in1.catonetworks.com/oauth1/broker/code/onelogin
- https://auth.jp1.catonetworks.com/oauth1/broker/code/onelogin
-
https://sso.ias.catonetworks.com/auth_results (for new SDP users with Windows Client v5.1 and higher)
- https://cc2.catonetworks.com/getClientVersion
- https://client-upgrade.us1.catonetworks.com/getClientVersion
- https://client-upgrade.in1.catonetworks.com/getClientVersion
- https://client-upgrade.jp1.catonetworks.com/getClientVersion
-
https://clients.catonetworks.com/
-
https://clients.cdn.catonetworks.com/
-
https://client-registration.catonetworks.com
-
https://client-control-plane.catonetworks.com
-
https://client-registration.us1.catonetworks.com
-
https://client-control-plane.us1.catonetworks.com
-
https://client-registration.in1.catonetworks.com
-
https://client-control-plane.in1.catonetworks.com
-
https://client-registration.jp1.catonetworks.com
-
https://client-control-plane.jp1.catonetworks.com
-
https://ip2location.catonetworks.com/pub/getMyLocation
-
https://tunnel-api.catonetworks.com
-
ipv4only.arpa
-
PoP location IP ranges, for more information, see the PoP production guide
-
Ports:
-
UDP port 443
-
UDP port 1337
-
TCP port 443
-
TCP port 1337
-
The following section lists the processes and URLs for all security endpoint software and solutions for endpoints running Windows operating systems.
-
CatoClient.exe
-
winvpnclient.cli.exe
-
login.microsoftonline.com
-
CatoUpgradeHelper.exe
-
CatoLogCollector.exe
-
LogLevelSetup.exe
-
CatoClient.exe.config
-
wa_3rd_party_host_32.exe
-
wa_3rd_party_host_64.exe
-
For accounts that use a third-party proxy (for both HTTP and HTTPS):
-
IP - 85.255.31.1
-
URL - sso.ias.catonetworks.com
Note: This is only required when using the embedded browser
-
-
msftconnecttest.com
The following section lists the processes and URLs for all security endpoint software and solutions for endpoints running macOS.
-
Exclude the following folder, and all its contents:
/Library/Application Support/CatoNetworks
-
For accounts that use a third-party proxy (for both HTTP and HTTPS):
-
IP - 85.255.31.1
-
URL - sso.ias.catonetworks.com
-
appleiphonecell.com
-
-
For accounts that have CrowdStrike installed on devices:
-
/Library/Application\ Support/CatoNetworks/com.catonetworks.mac.CatoClient.helper
-
/Library/Application\ Support/CatoNetworks/CatoNetworksUserAgent
-
-
For accounts that have SentinelOne installed on devices:
-
/Library/Application Support/CatoNetworks
-
-
For Captive Portal detection:
-
1.1.1.1
-
0 comments
Article is closed for comments.