Cato Cloud Thresholds and Limits

This article provides a list of the main default thresholds, and limitations, for various features and capabilities available for use in the Cato Cloud.

These limits are designed to support Cato Cloud best practices to ensure the reliability and performance of the service. If there is a requirement to increase a threshold or limit, please contact Cato Support to discuss further.

Data Thresholds and Limits

Events and Alerts Thresholds




2,000,000 events/hour*


50 alerts/hour (per event sub-type)

Events CSV export

250,000 events per export

EventsFeed API

see Cato API - EventsFeed (Large Scale Event Monitoring)

* For accounts operating under DPA 2021, the Event limit is 2,000,000 events/hour per event sub-type.

DPA 2023 includes a bundled Event limit of 2,000,000 events/hour which can be extended by licensing additional Data Units (each Data Unit provides 2,000,000 events/hour).

** Event types include: Connectivity, Security, Socket Management, and Routing.

Event Discovery Search

The Event Discovery tool allows admins to search and analyze the account events for a maximum time frame of 3 months. The Usage Analytics tool for exploring and analyzing usage statistics supports a maximum time frame of 31 Days

Supported Encryption Algorithms Based on IPsec Site Bandwidth

For IPsec sites with bandwidth greater than 100Mbps, use only the AES 128 GCM-16 or AES 256 GCM-16 algorithms.

AES CBC algorithms are only used on sites with bandwidth less than 100Mbps.

Supported Throughput for Cato Sites

The Cato Cloud supports site throughput of up to 10Gbps for the X1700B Socket and Cloud Interconnect for specific PoP locations. Please contact your Cato representative for more information.

Cato SDP Client

Supported Throughput for Cato SDP Clients

The throughput for Cato SDP Clients is based on a variety of factors, including hardware, software, and geolocation. For example, wired vs. wireless connections, operating systems, shared software, Internet infrastructure, and system resources, can significantly impact the Client's performance. In addition, the encryption and encapsulation between the SDP Client and the Cato Cloud may add an overhead of up to 20% of the throughput.

The Cato Client is not capped for most PoP locations in the world, and Cato guarantees minimum throughput of 100Mbps. Cato only investigates Support tickets when the throughput is less than 100Mbps.

However, there are a few PoP locations with limited capacity, and Cato caps the maximum throughput of the Client. These are the details of the PoP locations: 

  • North America, Europe, Japan, and Singapore: There is no maximum cap, and the throughput is only subject to environmental factors

  • China: The maximum throughput is capped at 20Mbps

  • Vietnam: The maximum throughput is capped at 20Mbps

  • Other PoP locations: The maximum throughput is capped at 100Mbps

Restrictions in China

The following functionality is not available for Cato PoPs located in China:

  • SDP Clientless Access.

  • Remote port forwarding (RPF).

  • Off-Cloud traffic.

  • Traffic Egress: Only available for business applications according to Chinese regulations.

Was this article helpful?

0 out of 0 found this helpful


Add your comment