Cato Networks Knowledge Base

Selecting the Connection Type for a Site

  • Updated

Selecting the Connection Type for a Site

The Connection Type for each physical or cloud-based site defines how that site connects to the Cato Cloud. The following table lists the Connection Types and the supported features:

Connection Type

Multiple WAN

Bypass

Local Port Forwarding

Networks

Socket X1500 (default)

Yes

Yes

Yes

Full

Socket X1700

Yes

Yes

Yes

Full

AWS/Azure/ESX vSocket

Yes

Yes

Yes

Full

Cato-initiated IPsec IKEv1

-

-

-

Partial

IPSec IKEv2

-

-

-

Partial

vSocket VSH (Legacy)

-

-

-

Partial

vSocket VGS (Legacy)

-

-

-

Partial

The vSocket VSH and VGS are legacy Connection Types that connect public clouds to the Cato Cloud.

Which IPsec Connection Type Do I Use?

Using the correct IPsec Connection Type depends on the environment and firewall that is involved in connecting the site to the Cato Cloud. In general, IPsec IKEv2 is the more robust and we recommend that you use it whenever possible for the Connection Type. However, it is not always supported - for example Azure only supports IKEv1 for policy-based VPN gateways.

For sites that use IPsec IKEv1, the option is Cato-initiated Connection Type. This means that the Cato Cloud initiates the connection with the site and easily handles failovers to another link.

For Cisco ASA appliances, there is a known incompatibility with Cato IKEv2 sites, read more.

Was this article helpful?

0 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.