Cato is announcing the End-of-Life (EoL) for the original non-ordered firewall (legacy) starting on July 1, 2021. The new unified Next Generation firewall (NGFW) was introduced in June 2019 and any customer that joined Cato afterwards are using the new unified firewall. The new unified firewall uses ordered rules that can include: access, applications, and URLs. The ordered rulebase provides greater granularity and flexibility to manage network traffic. It also lets you create custom global categories and generate events to monitor allowed traffic.

How do I know which firewall my account is using?

The new unified firewall shows the rule numbers and separate columns for each setting for the rule:

The legacy non-ordered firewall only shows the From and To sections, with no rule numbers:

I'm using the legacy firewall, what do I need to do?

For Cato customers from before 2019, that are still using the WAN Firewall, Internet Firewall, and URL Filtering windows, we strongly recommend that you migrate to the new unified firewall as soon as possible.

The Cato migration tool automatically creates new rules in the unified WAN and Internet firewall rulebases based on the your legacy firewall rules. Then review the new rules and fine-tune them to implement your corporate firewall policy. Finally, enable the new unified firewall for your account.

If you already migrated to the new unified firewall, thanks so much and you can ignore this announcement.

For more information about the migration process, see these articles in the Cato Networks Knowledge Base:

• Introducing the Automatic Migration Process
• Migrating the Security Policy

We appreciate your understanding and cooperation in this matter.