On July 29, 2021, we sent the following email notification to customers that are still using the non-ordered firewall (legacy feature).

Urgent - Review Firewall Settings and Activate the New Ordered Firewall

On July 1, 2021 the original non-ordered firewall (legacy) officially was End-of-Life (EoL). We noticed that your account is still using the non-ordered firewall and we want to inform you that you need to review the firewall rules and activate the new unified Next Generation firewall (NGFW).

The new unified firewall was introduced in June 2019 and all customers that joined Cato afterwards use it. The new unified firewall uses ordered rules that can include: access, applications, and URLs. The ordered rulebase provides greater granularity and flexibility to manage network traffic. It also lets you create custom global categories and generate events to monitor allowed traffic. It inspects a connection according to each rule sequentially, the first rule action that matches the connection is applied to it and then the firewall stops inspecting the connection.

If you already activated the new unified firewall, no action is required, and you can ignore this announcement.

How do I know if my account is using the non-ordered (legacy) firewall?

The new unified firewall shows the rule numbers and separate columns for each setting for the rule. This is an example of the new firewall:

The non-ordered firewall only shows the From and To sections, with no rule numbers:

My account is using the non-ordered firewall, what do we need to do?

If you are a Cato Customer that joined before 2019, and are still using the WAN Firewall, Internet Firewall, and URL Filtering windows, you must use review the migrated firewall rules and activate the new unified firewall rules.

1. Review the new rules in the WAN Firewall and the Internet Firewall, and modify them as necessary to implement your corporate firewall policy.
2. Finally, in the WAN or Internet Firewall window, activate the new unified firewall for your account - click Start Using Security Policy with New Firewalls (Finalize).

For more information about the migration process, see these articles in the Cato Networks Knowledge Base:

• Preparing to Migrate the Legacy Firewall to the New Unified Firewall
• Migrating the Security Policy

What will happen if we don't activate the new unified firewall?

On September 1st, 2021, Cato will activate the new unified WAN and Internet firewall on all accounts that are still using the non-ordered firewall. The migrated rules will be applied to all traffic in your account.

Where can I find more information about these changes?

Please contact Support, or your authorized Cato representative.

We appreciate your understanding and cooperation in this matter.