Cato Cloud Thresholds and Limits 

This article provides a list of the main default thresholds, and limitations, for various features and capabilities available for use in the Cato Cloud.  

These limits are designed to support Cato Cloud best practices to ensure the reliability and performance of the service. If there is a requirement to increase a threshold or limit, please contact Cato Support to discuss further. 

Data Thresholds and Limits 

Events and Alerts Thresholds 

Feature 

Limit 

Event  

2,000,000 events/hour* 

Alerts  

50 alerts/hour (per event sub-type)

Log Exporter 

2,000,000 events type/hour**

Log Exporter data retention AWS S3 

7 days 

Event Discovery CSV export 

250,000 events per export 

EventsFeed API

see Cato API - EventsFeed (Large Scale Event Monitoring)

* For accounts operating under DPA 2021, the Event limit is 2,000,000 events/hour per event sub-type.
DPA 2023 includes a bundled Event limit of 2,000,000 events/hour, which can be extended by licensing additional Data Units (each Data Unit provides 2,000,000 events/hour).

** Event types include: Connectivity, Security, Socket Management, Routing.

Event Discovery Search  

The Event Discovery tool allows admins to search and analyze the account events for a maximum time frame of 3 months. The Usage Analytics tool for exploring and analyzing usage statistics supports a maximum time frame of 31 Days 

Supported Encryption Algorithms Based on IPsec Site Bandwidth

For IPsec sites with bandwidth greater than 100Mbps, use only the AES 128 GCM-16 or AES 256 GCM-16 algorithms.

AES CBC algorithms are only used on sites with bandwidth less than 100Mbps.

Supported Throughput for Cato Sites

The Cato Cloud supports site throughput of up to 5Gbps for various connection types, such as the X1700 Socket and Cross-Connect.

Cato SDP Client 

Supported Throughput for Cato SDP Clients 

The throughput for Cato SDP Clients is based on a variety of factors, including hardware, software, and geolocation. For example, wired vs. wireless connections, operating systems, shared software, Internet infrastructure, and system resources, can significantly impact the Client's performance. In addition, the encryption and encapsulation between the SDP Client and the Cato Cloud may add an overhead of up to 20% of the throughput. 

The Cato Client is not capped for most PoP locations in the world, and Cato guarantees minimum throughput of 100Mbps. Cato only investigates Support tickets when the throughput is less than 100Mbps. 

However, there are a few PoP locations with limited capacity, and Cato caps the maximum throughput of the Client. These are the details of the PoP locations:  

  • North America, Europe, Japan, and Singapore: There is no maximum cap, and the throughput is only subject to environmental factors 
  • China: The maximum throughput is capped at 20Mbps 
  • Vietnam: The maximum throughput is capped at 20Mbps 
  • Other PoP locations: The maximum throughput is capped at 100Mbps 

Restrictions in China 

The following functionality is not available for Cato PoPs located in China: 

  • SDP Clientless Access
  • Remote port forwarding (RPF)
  • Off-Cloud traffic
  • Traffic Egress: Only available for business applications according to Chinese regulations

 

Was this article helpful?

0 comments

Add your comment