This article explains how to manage groups used in your account.
You can create new groups and leverage them (in addition to the pre-defined groups) as global objects across the Cato Management Application in security and network rules, DNS servers and suffixes, and more.
Define the items in the Cato Management Application that are members of the group. You can also define special configurations for groups relating to DNS and DHCP Options.
The Cato Management Application supports several group types (as indicated in the Groups list):
-
Manual: Groups that you manually define. Group members can include various network entities (such as Sites, Networks, Floating Ranges and Hosts).
-
System: Groups that are pre-defined in the Cato Management Application. These are dynamic groups that are automatically updated with new members when the appropriate items are added. For example, when a new site is added to your account, the All Sites system group is automatically updated with the new site. If this group is used in a security rule, the rule will also apply to the new site.
System groups include:
-
All Sites: A group that includes all sites
-
All Shared Hosts: Users that Cato Socket cannot identify due to their use of shared hosts
-
All Floating Ranges: A group that includes all floating ranges defined in the system
-
You can you define groups and their members. These are the behavior for System groups:
-
Definitions in the General pane are defined by the Cato Management Application and can't be modified.
-
For System groups, definitions in the Members pane are defined by the Cato Management Application and can't be modified.
To add a group and define its members:
-
In the navigation menu, click Assets > Groups.
-
Click New. The Create panel opens.
-
Enter the group Name and click Apply. The group is added to the screen.
-
Click the group. The General screen for the group opens.
-
(Optional) Enter a Description.
-
Add the items that are the members of this group:
-
In the navigation menu, click Members. The group members are displayed.
-
From the Add Members drop-down menu, select the type of member to add (for example, Site, Network Interface, or Host).
-
Network Interface - All traffic on the interface (all networks)
-
Interface Subnet - VLAN, routed, or direct ranges, or a secondary AWS vSocket native range
-
Global Range - Native range on the interface
Cato recommends that each group contain only one type of member. For example, a group of all of your network interfaces.
-
-
Select all the items for that type that you are including in the group.
The selected members are added to the Members list.
-
-
Click Save.
The group is saved and added to the Cato Management Application.
To remove groups other than User groups, you must first remove it from anywhere it is used in other screens and rules in the Cato Management Application. For example, if you don't remove the group from security and network rules, then you can't delete the group.
User groups can be deleted if they are included in a policy. For more information, see Working with User and System Groups.
Note
Note: You cannot undo a deletion.
2 comments
Neither this article nor any searches of the knowledge base describe how to add a user to a group in the new console interface.
Dana,
Step 6 in the procedure above explains how to use the Members screen in a group to add users.
I added a screenshot to help clarify.
Thanks for your comment,
Yaakov
Please sign in to leave a comment.