Product Updates - July 13, 2026

New Features & Enhancements

  • Client Split Tunnel Policy Supports FQDN-Based Apps: We enhanced the Split Tunnel Policy to use FQDN-based apps that Cato dynamically updates, simplifying policy maintenance. Show me the Split Tunnel page.
    • Clients route matching traffic directly to the Internet or through Cato
    • Supported from Windows Client v6.4 and higher
  • Manage Different Policy Changes in Separate Revisions: Admins can maintain multiple parallel policy revisions, allowing different policy changes to be developed independently. This enables smaller updates to be published while other changes remain in progress.
    • Switch between published and unpublished revisions
    • Initially available for Internet Firewall, WAN Firewall, and Private Access policies
       
  • Notify Action Supported for Application Control Policy: Application and Data Control rules support a Notify action that lets you discourage user activity rather than block it. If a user takes an action that matches this rule, the Client displays a custom notification. Users can dismiss the notification and continue their activity.
  • SNAT IP Range for Enterprise Browser and Browser Extension: Configure a dedicated SNAT IP range for Enterprise Browser and Browser Extension. This lets users access WAN applications that use existing IP-based ACLs, even when Cato is not the default gateway at the destination site.
    • Supported on all Enterprise Browser and Browser Extension versions
  • Device Posture Checks Support Lower Than Operator: Device Posture checks that include a version number support the Lower Than operator. This provides more flexibility when applying rules to devices running versions below a specified threshold.
  • Continuing Rollout for Near Real-Time Updates for Threat Prevention Stories: XOps Threat Prevention stories continue to be enhanced with near real-time updates, helping admins more quickly detect and respond to supported threat indications.
    • To see the list of enhanced story indications, see here
    • XOps license required
  • Defender for Endpoint XOps Connector Supports Additional Licenses: The Microsoft Defender for Endpoint XOps connector supports these additional Microsoft licenses:
    • Now supported:
      • Microsoft Defender for Endpoint Plan 2
      • Microsoft 365 E5 or Microsoft 365 E5 Security
      • Microsoft 365 A5 (Education) or Microsoft 365 G5 (Government)
      • Windows 11 Enterprise E5
    • Previously supported for Microsoft 365 E3 or higher
    • Cato XOps license required
  • Simplified AI Gateway Integration: During the week of July 13, 2026, AI Gateway configuration will become part of the Guards page. Create a single AI Gateway Guard to generate the authorization key and configure your integration, instead of the previous two-step process.
    • AI Security Guards of type AI Gateway are now called Homegrown Apps
    • Existing AI Gateway configurations are migrated automatically
    • For more information about what has changed, see our FAQ
    • AI Security for Applications license required
  • Granular Claude Plan Detection for User Interaction Policy: Apply different rules for the AI Security User Interaction Policy based on whether users access personal or enterprise Claude environments.
    • Use Claude Free and Claude for Business as separate applications
    • AI Security for Users license required
  • Automatic Migration to Account-Level Bypass Policy: To help transition to the account-level Socket bypass policy, we are automatically migrating eligible site-level bypass policies to the account-level policy.
    • Applies to sites running Socket v26 and higher
    • Sites running earlier Socket versions are not eligible for automatic migration
    • The site-level bypass policy will be deprecated from accounts that migrate to the account-level policy
  • Expanded Webhook Fields: Webhook notifications now include a significantly richer set of fields, giving security teams more data to build complete, actionable payloads for SIEM and SOAR platforms.
    • New security and network event fields follow the same naming conventions as the Events API, making correlation seamless
    • No impact on existing webhook integrations
  • Updates for Cato Terraform Provider: We released new versions for the Cato Terraform module, including:
    • v0.0.90
      • Stabilized WAN interface hydration
    • v0.0.88
      • Support for Application Control and CASB resources for tenant restriction and application controls (e.g cato_app_tenant_restriction_rule)
    • v0.0.87
      • Support for global IP ranges (cato_global_ip_ranges)
      • Regression tests
    • Bug fixes and enhancements
    • Read more in the changelog
  • Starting Rollout of Socket v26.0.23517: We are starting to gradually roll out Socket version 26.0.23517 to all customers, including enhancements and bug fixes. No customer action is required.

PoP Announcements

  • Detroit, US: A new range (199.27.55.0/24) is now available for the Detroit PoP location.
  • The following new ranges will soon be available:
    • Melbourne, AU: 113.30.140.0/24
    • Paris, FR: 159.117.247.0/24
    • Tel Aviv, IL: 159.117.246.0/24

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 0 found this helpful

0 comments