This article provides a list of the main default thresholds and limitations for various features and capabilities available for use in the Cato Cloud.
These limits are designed to support the Cato best practices to ensure the reliability and performance of the service. If there is a requirement to increase a threshold or limit, please contact Support.
For more information about API limits, see Understanding Cato API Rate Limiting.
For more about working with PoPs located in China, see Understanding Cato Networking in China.
| Feature | Limit |
| Event | 2,500,000 events/hour* |
| Events CSV export | 250,000 events per export |
| eventsFeed API | see Understanding Cato API Rate Limiting |
*Dependent on DPA agreement:
- For accounts operating under DPA 2021, the Event limit is 2,500,000 events/hour per event sub-type.
- DPA 2023 includes a bundled Event limit of 2,500,000 events/hour which can be extended by licensing additional Data Units (each Data Unit provides 2,500,000 events/hour). For more information, see Guide to Cato Data Lake.
For IPsec sites with bandwidth of 100Mbps or more, use only the AES 128 GCM-16 or AES 256 GCM-16 algorithms. AES CBC algorithms are only used on sites with bandwidth less than 100Mbps.
These guidelines are due to the fact that GCM encryption is more efficient and scalable than CBC, enabling better performance and reliability for high-throughput encrypted traffic in the Cato Cloud.
The Cato Cloud supports site throughput for WAN and Internet links of up to 10Gbps for the X1700B Socket and Cloud Interconnect, which is immediately available in many PoP locations.
This section shows the details for the supported throughput for WAN and Internet traffic of different site types.
The maximum supported throughput for the Socket Next Gen LAN Firewall (LAN FW) is based on an app-mix of TCP and UDP applications defined by Cato.
| Socket Model | WAN and Internet | LAN FW L4 Mbps Throughput | LAN FWL7 Mbps Throughput |
|---|---|---|---|
| X1500 | Up to 500 Mbps | 1000 | 740 |
| X1500B | Up to 500 Mbps | 1000 | 1000 |
| X1600 and X1600 LTE | Up to 1 Gbps | 8000 | 2500 |
| X1700 | Up to 3 Gbps | 8000 | 8000 |
| X1700B | Up to 10 Gbps | 13000 | 10000 |
| X1700C | Up to 20 Gbps | 14400 | 13200 |
Note: Performance and throughput are measured under ideal testing conditions based on 1500 packet MTU.
-
Virtual Sockets (vSockets)
-
Azure:
- 2 NIC - up to 1 Gbps
- 3 NIC with accelerated networking - up to 2Gbps
- Google Cloud Platform (GCP): Up to 2 Gbps
- Amazon (AWS) and VMware ESXi: Actual throughput will depend on various factors, including the instance type, network configuration, and environmental conditions in the specific deployment
-
Transaction processing latency measures the time from when the Cato Single Pass Cloud Engine (SPACE) receives network data packets for a transaction until the complete transaction is received by the client or host. This latency can be up to 10 milliseconds for both decrypted and non-decrypted transactions of up to 1MB of data.
The throughput for Cato SDP Clients is influenced by various factors, such as the device's hardware, operating system, system resources, and Internet connectivity. The encryption and encapsulation between the SDP Client and the Cato Cloud may add an overhead of up to 20% of the throughput.
There are some Cato PoP locations where each Client is limited to a maximum throughput. Specifically, throughput for Cato Clients connecting to PoPs located in China and Vietnam is limited to 20Mbps.
2 comments
Updated Supported Throughput for Cato Sites
How is this throughput calculated for Cato Sockets when doing the performance evaluation ? I'm little unclear on that.eg : Socket X1700B: Up to 10 Gbps . What are the features enabled when testing, and what is the packet size etc ? Would be great to add that info too.
Please sign in to leave a comment.