To give you more control over DNS Protection enforcement, we are adding a configurable threshold for Newly Registered Domains (NRDs). You will be able to block domains registered within the last 14, 21, 30, and 60 days.
As part of this change, on July 8, 2026, we are retiring six existing NRD signatures. These signatures will be replaced by two new signatures. We identified that your IPS Policy allow list includes at least one signature that will be retired.
To prevent unintentionally blocking NRDs, update your IPS Allow List to use the new signatures by July 8, 2026.
For more information about DNS protection, see Customizing the DNS Protections for IPS.
What Action do I need to Take?
Before July 8, 2026:
In the Cato Management Application, on the Security > IPS > Allow List page, identify any rule that contains one of the following retired signatures:
- cid_dns_feed_block_newly_registered_domains_1
- cid_dns_feed_block_newly_registered_domains_2
- cid_dns_feed_block_newly_registered_domains_3
- cid_ioa_block_newly_registered_domains_1
- cid_ioa_block_newly_registered_domains_2
- cid_ioa_block_newly_registered_domains_3
Replace the retired signature with the following new signatures:
- feed_block_newly_registered_domains_configurable_1
- cid_dns_feed_block_newly_registered_domains_configurable_1
Click Save.
For more information, see Allowlisting IPS Signatures.
What Happens If I Do Not Take Action?
After July 8, 2026, IPS Allow List rules referencing the retired signatures will no longer match. As a result, domains that are currently excluded from NRD blocking may be blocked unexpectedly.
Who Do I Talk to If I Have Questions?
Please use the Cato Ask AI agent in the CMA to answer questions about your IPS Policy and creating Allow List rules.
0 comments
Please sign in to leave a comment.