Selecting the Connection Type for a Site
The Connection Type for each physical or cloud-based site defines how that site connects to the Cato Cloud. The following table lists the Connection Types and the supported features:
|
Connection Type |
Multiple WAN |
Bypass |
Local Port Forwarding |
Networks |
|---|---|---|---|---|
|
Socket X1500 (default) |
Yes |
Yes |
Yes |
Full |
|
Socket X1700 |
Yes |
Yes |
Yes |
Full |
|
AWS/Azure/ESX vSocket |
Yes |
Yes |
Yes |
Full |
|
Cato-initiated IPsec IKEv1 |
- |
- |
- |
Partial |
|
IPSec IKEv2 |
- |
- |
- |
Partial |
|
vSocket VSH (Legacy) |
- |
- |
- |
Partial |
|
vSocket VGS (Legacy) |
- |
- |
- |
Partial |
The vSocket VSH and VGS are legacy Connection Types that connect public clouds to the Cato Cloud.
Which IPsec Connection Type Do I Use?
Using the correct IPsec Connection Type depends on the environment and firewall that is involved in connecting the site to the Cato Cloud. In general, IPsec IKEv2 is the more robust and we recommend that you use it whenever possible for the Connection Type. However, it is not always supported - for example Azure only supports IKEv1 for policy-based VPN gateways.
For sites that use IPsec IKEv1, the option is Cato-initiated Connection Type. This means that the Cato Cloud initiates the connection with the site and easily handles failovers to another link.
For Cisco ASA appliances, there is a known incompatibility with Cato IKEv2 sites, read more.
Comments
0 comments
Please sign in to leave a comment.