This article provides a list of the main default thresholds, and limitations, for various features and capabilities available for use in the Cato Cloud.
These limits are designed to support Cato Cloud best practices to ensure the reliability and performance of the service. If there is a requirement to increase a threshold or limit, please contact Cato Support to discuss further.
Data Thresholds and Limits
Events and Alerts Thresholds
50 alerts/hour (per event sub-type)
2,000,000 events type/hour**
Log Exporter data retention AWS S3
Event Discovery CSV export
250,000 events per export
* For accounts operating under DPA 2021, the Event limit is 2,000,000 events/hour per event sub-type.
DPA 2023 includes a bundled Event limit of 2,000,000 events/hour, which can be extended by licensing additional Data Units (each Data Unit provides 2,000,000 events/hour).
** Event types include: Connectivity, Security, Socket Management, Routing.
Event Discovery Search
The Event Discovery tool allows admins to search and analyze the account events for a maximum time frame of 3 months. The Usage Analytics tool for exploring and analyzing usage statistics supports a maximum time frame of 31 Days
Supported Encryption Algorithms Based on IPsec Site Bandwidth
For IPsec sites with bandwidth greater than 100Mbps, use only the AES 128 GCM-16 or AES 256 GCM-16 algorithms.
AES CBC algorithms are only used on sites with bandwidth less than 100Mbps.
Supported Throughput for Cato Sites
The Cato Cloud supports site throughput of up to 10Gbps for various connection types, such as the X1700 Socket and Cross-Connect.
Cato SDP Client
Supported Throughput for Cato SDP Clients
The throughput for Cato SDP Clients is based on a variety of factors, including hardware, software, and geolocation. For example, wired vs. wireless connections, operating systems, shared software, Internet infrastructure, and system resources, can significantly impact the Client's performance. In addition, the encryption and encapsulation between the SDP Client and the Cato Cloud may add an overhead of up to 20% of the throughput.
The Cato Client is not capped for most PoP locations in the world, and Cato guarantees minimum throughput of 100Mbps. Cato only investigates Support tickets when the throughput is less than 100Mbps.
However, there are a few PoP locations with limited capacity, and Cato caps the maximum throughput of the Client. These are the details of the PoP locations:
- North America, Europe, Japan, and Singapore: There is no maximum cap, and the throughput is only subject to environmental factors
- China: The maximum throughput is capped at 20Mbps
- Vietnam: The maximum throughput is capped at 20Mbps
- Other PoP locations: The maximum throughput is capped at 100Mbps
Restrictions in China
The following functionality is not available for Cato PoPs located in China:
- SDP Clientless Access
- Remote port forwarding (RPF)
- Off-Cloud traffic
- Traffic Egress: Only available for business applications according to Chinese regulations