Socket version 26.x includes the firmware for new features, and in the coming weeks, we will update the Cato Cloud and release the following features:
-
20 Gbps Throughput with the X1700C Socket: We are introducing the new X1700C Socket as an additional hardware model for X1700 Socket sites.
- The X1700C supports two optional add-ons: dual-100G (2×100G) and dual-25G (2×25G) modules
- For supported configurations, the platform reaches up to 20 Gbps aggregate throughput
- Pricing remains the same for all X1700 Socket models
- Cato will continue to provide support for all X1700 Socket models, subject to the EOS policy
-
Updated X1600 Socket Hardware for Wi-Fi Support: We are introducing integrated Wi-Fi support for the X1600 Socket family. The models X1600 and X1600 5G are available with the option for built-in Wi-Fi 6, eliminating the need for an external access point.
- Dual-band 2.4/5 GHz, up to 4 SSIDs, and PSK authentication option
- Full WLAN configuration and analytics in the CMA - SSID settings and visibility for connected hosts, signal quality, and real-time utilization
-
LAN IPS Enforcement on Cato Sockets: Protect LAN traffic behind your sites by enforcing IPS directly on Sockets. This extends Threat Prevention to LAN traffic, enabling immediate, local enforcement without sending traffic to the Cato Cloud, and helps maintain low latency for internal communications.
- Enable LAN IPS at the account level and define which sites enforce it
-
Configure per-site enforcement modes:
- Block to actively prevent malicious traffic
- Monitor to detect and log threats without blocking
- Automatic SIM Failover for Cellular Sockets: Enable automatic SIM failover for X1600 LTE and X1600 5G Sockets to improve cellular resilience and maintain connectivity during network issues.
-
Device-based Criteria for Next Gen LAN Firewall Rules: Apply the same device-based Criteria conditions available in Internet and WAN Firewall rules to Next Gen LAN Firewall rules, letting you control routing and connectivity decisions based on device identity, posture, and context.
- Apply device attributes such as OS, platform, manufacturer, and model
- Use Device Posture Profiles to route traffic only for compliant devices (for example, encrypted disks or approved Cato Client versions)
- Differentiate Next Gen LAN Firewall rules based on device location, origin (remote or behind a site), or device category (such as IoT/OT)
-
Updated DTLS Port for China Socket Connectivity: To improve connectivity and avoid misclassification of DTLS traffic, Cato now supports using UDP port 1337 for DTLS tunnels for Sockets in China.
- Account-level configuration
- Available only for Socket sites in China
- Enhanced vSocket Performance with Support for AWS c7i.2xlarge Instance: You can now deploy vSockets on AWS using the c7i.2xlarge instance type, providing additional deployment flexibility for larger or more demanding environments.
-
Expanded Support for DHCP Relay Servers: Configure up to 10 DHCP relay servers per site, providing greater flexibility for environments with more complex network designs that require multiple DHCP servers.
- Enables greater compatibility for Socket sites using microsegmentation deployments
- Previously, up to 3 DHCP relay servers were supported
-
In addition, this version includes:
- Stability improvements
- Security updates
- Bug fixes
| ID | Description | Severity | Issue Found In | Issue Resolved In |
|---|---|---|---|---|
| 136115 | Sometimes when there is low throughput on a link, the CMA falsely reports packet loss (about 4-5%). PCAPs can correctly confirm that there is no actual packet loss. | High | v23.0.19481 | v26.0 |
| 163595 | Fixed an issue where, in rare cases after a reboot or upgrade, a network interface could fail to initialize correctly, causing the Socket to become unavailable until it was rebooted again. | High | v24.0.20874 | v26.0 |
| 165183 | Fixed an issue where security scanners could flag the Socket web UI password field because it allowed browser autocomplete. | Medium | v24.0.20874 | v26.0 |
0 comments
Article is closed for comments.