The Socket upgrade process requires connectivity with specific Socket ports to the Cato Cloud to correctly update to new Socket versions. Otherwise, the new version doesn't install correctly and the Socket rolls back to an earlier version.
There are different connectivity requirements for an initial upgrade for factory reset or newly registered Sockets and for gradual upgrades (regular Socket upgrades during a maintenance window).
-
HTTPS traffic from the Socket's WAN IP address must be excluded from SSL/TLS inspection performed by a device in the upstream direction (otherwise the upgrade process fails)
This means that you can't have a site configuration where a Socket is located behind another Socket
-
For initial upgrades, connect the following ports to the Cato Cloud:
-
X1500 – WAN1 or Port 3 (WAN)
-
X1600 – Port 1
-
X1700 – Port 1
-
-
For gradual/scheduled Socket upgrades, connect the following ports to the Cato Cloud:
-
X1500 – Any WAN port (for Socket versions 14.0 and higher)
-
For Socket versions 13.x and lower, WAN1 or port 3 (WAN) must be connected
-
-
X1600 – Any WAN port
-
X1700 – Port 1 or Port 9 (available with the add-on card)
-
2 comments
Updated connectivity requirements for X1700 Sockets
Updated X1500 connectivity requirements for Sockets running v14.0 and higher that are upgrading to a new version
Please sign in to leave a comment.