Product Update - June 30th, 2019

New Features & Enhancements 

  • Socket version 6.0 Features: We are gradually rolling out the Socket update over the next few weeks. Check the Socket version update in the Cato Management Application for details.
  • New Cato Networks Knowledge Base: We are introducing a new knowledge portal that combines the Cato Management Online Help and Support articles.
    • The Knowledge Base lets you easily search across all Online Help and Support content. We are re-writing and enhancing the Online Help content and adding new Getting Started content.
    • Single-sign On from the Cato Management Application to the Knowledge Base.
      You can also use the Cato Management Application username and password to log in to the Knowledge Base.
    • Customers can continue to use their Support username and password with this URL:
  • Multihop BGP: Sockets can define a BGP neighbor behind a routed range (even though there are non-BGP routers in between them). Supported from Socket version 5.2 and higher.
  • X1500 to X1700 Socket Migration: When you are migrating to the X1700 Socket, you can easily exchange the settings between two physical ports with one click.
  • IPsec IKEv2 Enhancement: IPsec IKEv2, is now PCIDSS compliant and supports Diffie Hellman Group 16.

Cato Client Releases

  • Windows and MacOS VPN Clients:
    • MacOS version 3.0.7 is now available in the App store. Windows version 3.2 is available to Beta users. This new client includes these features:
      • Configure Office Connectivity Detection: You can configure the behavior of a VPN client when it is behind a Cato Socket site.
        • Limitation: When you configure a VPN user in the Cato Management Application to Never off, then the Disable office connectivity detection feature is not available in the VPN client and the behavior is always to detect office connectivity.
      • VPN Resiliency Enhancement: When moving between networks, the VPN client always connects to the same PoP.

Security Updates

  • IPS Signatures:
    • CVE-2019-3396 (New)
    • WAF - Malicious URLs (New)
    • IOA - C&C traffic to compromised sites (New)
    • Network Scanner (Enhancement)
    • Web Application scanners (Enhancement)
    • PUP - PCAcceleratePro (New)
    • PUP - JS.Bondat (New)
    • PUP - Raptr (New)
    • Malware - Snojan (New)
    • Malware - SafeGG (New)
  • Application Database:
    • VMware VSphere Client (New)

Support Tickets Resolved

#18494, #19612, #20072, #20176, #20177, #20387, #20821, #21106, #21223, #21277, #21318, #21345, #21353, #21390, #21438, #21439, #21495, #21581, #21606, #21649, #21675, #21685, #21744, #21826, #21838, #21842, #21855, #21861, #21989, #22028

Was this article helpful?


  • Comment author
    Daniel Virkler

    Can you please elaborate on these two items? 

    Can you please provide the documentation on how to properly implement these two items? 


    • WAF - Malicious URLs (New)
    • VMware VSphere Client (New)
  • Comment author
    Yaakov Simon


    Both items are implemented as part of the IPS service and nothing is required from the customer side to update.  

    WAF rules were added to their IPS, vSphere was added to App Control.


  • Comment author
    Matrix Networks

    Does BGP multihop have to be enabled under the hood?

  • Comment author
    Saar Samuel Ben Kiki

    Hi Matrix Networks,

    With Cato, there's no limitation to RTT. So there's no issue with BGP multihop. Note that this is not a mandatory configuration to be enabled with Cato.

    For future possible questions on Cato's product, please feel free to create new posts directly into our Community.

Add your comment