Note: The Cato Cloud only supports IPv4 addresses.
The scope of this document is to discuss the prerequisites for Sockets to connect to the Cato Cloud.
To securely connect and access resources on your private network behind the Cato Cloud, please ensure that the your networking devices and firewalls meet these requirements:
- These ports are open on firewalls
- UDP port 53
- UDP port 443
- TCP port 443
- Device can resolve the URLs below
- vpn.catonetworks.net
- cc2.catonetworks.com
- steering.catonetworks.com
- Sockets use ICMP packets for Last Mile Monitoring data
- NTP is used for time synchronization
Comments
6 comments
Hello Paul!
Thank you for pointing this out! I'm going to investigate it a bit further and get the documentation updated accordingly.
Kind Regards,
Dermot Doran (Cato Networks)
Hello Paul!
My apologies for not responding earlier. It is no longer a requirement for these URLs to be resolvable. This has actually been the case since v13 of the socket software, but the documentation was not updated accordingly. I will ensure that it is updated as soon as possible.
Thank you (again) for highlighting this.
Kind Regards,
Dermot Doran (Cato Networks).
Prior to Socket v13 it was also necessary to ensure that the following URLs were resolvable:
This is prerequisite is no longer required.
Are these still needed, as they don't resolve anything?
Any updates on this, please?
Need to allow DNS to 8.8.8.8 and 8.8.4.4 until socket 8.0 is the firmware shipped with sockets from Factory as this is how cc2 is resolved for the upgrade process. Also, socket logs are sent to socketlogs.catonet.works So the google DNS is used to resolve those two addresses.
NOTE: resolving those addresses from the socket UI is not enough. Socket UI will use the WAN configured DNS settings. These are ignored for socket upgrades and socket log file offload.
Please sign in to leave a comment.