Cato Networks Knowledge Base

Summary of Cato Client Releases

This article summarizes features, enhancements, and bug fixes for Cato Client version per release.

Admins and end-users can easily download the Client from the Client download portal without requiring authentication.

For more information about the requirements to implement Cato's remote access in your organization, see Installing the Cato Client.

Windows SDP Clients

This section summarizes the features and enhancements of Windows SDP Clients from version 5.5 to 4.7.

In addition, it also lists the known limitations that apply to multiple Client versions.

Windows Client v5.5

The rollout for the gradual upgrade for Windows Client version 5.5 started on November 13th, 2022, and includes:

  • Client Self Service: The user can now record and then reproduce an issue that occurred with the Client. Then the user can upload the traffic capture and log files to Cato Support for further analysis.

  • New Client Installer:  We are introducing a new installer for the Client that includes improved stability for the upgrade process.

  • Bug fixes and enhancements

Windows Client v5.4

Windows Client version 5.4 was uploaded to the User Portal on September 19th, 2022, and includes:

  • Support for First Upgraded Users for Client Upgrade

  • Improved error messages in the Client for SDP users which better explain connectivity issues

  • Bug fixes:

    • When the Client is in Office Mode, it now uses the PAC file of the local system instead of the PAC file defined in the Cato Management Application

Windows Client v5.3

Windows Client version 5.3 was uploaded to the User Portal on April 18th, 2022, and includes:

  • SDP Users Can Enjoy SSO Simplicity and with Security of Never-Off: Cato Clients now support the ability to authenticate with Single Sign-On (SSO) at same time that the Client Access Connectivity policy is set to Never-Off. Read more.

    • You can configure SSO and Never-Off for the entire account or for specific SDP users.

  • Enhanced Re-authentication Experience: A notification lets users know that the SSO or MFA session will soon expire and allows them to seamlessly re-authenticate

  • Bug fixes:

    • Computers recovering from sleep mode were unable to connect to the Cato Cloud

    • For Windows Clients with Never-Off enabled and behind a Socket, the user couldn’t use Office Mode to connect

    • Sometimes the Client didn’t reconnect when moving between different networks, such as cellular to WiFi

    • After the MFA session expires, the OS browser didn’t open the authentication page

  • For known limitations for this version, see details below.

Windows Client v5.2

Windows Client version 5.2 was uploaded to the User Portal on February 27th, 2022, and includes:

  • Improved SDP User Experience with Browser Authentication: We updated the Authentication screen (Access > Client Access > Authentication) so you can select the Browser Authentication experience for your SDP users and use the in-Client browser or the external default OS browser. Read more.

  • Enhancements:

    • Enhancements for Client SSO authentication and support for Internet Explorer as the OS browser

    • Device Posture enhancement, periodic checks that devices are compliant with the Device Posture policy

    • Cato authentication server supports CA issued certificates (non-self-signed)

  • For known limitations for this version, see details below.

Windows Client v5.0

Windows Client version 5.0 was uploaded to the User Portal on October 24th, 2021, and includes:

  • Improved SSO Workflow: Windows Client version 5.0 introduces an improved SSO authentication workflow that enhances the user experience to log in directly to the Client. Read more.

  • For known limitations for this version, see details below.

Windows Client v4.7

Windows Client version 4.7 was uploaded to the User Portal on February 28th, 2021, and includes:

  • Windows Client v4.7 Support for Windows 11: Microsoft announced that they are releasing Windows 11 on October 5th, 2021, and Cato officially supports Windows 11 with Windows Client version 4.7 and higher

  • Enhancements:

    • Native support for 64-bit OS

    • Changed from Winsock to native Windows APIthr

  • Bug fixes:

    • Improved functionality with forced TCP connections

    • Problems with the Client detecting Office Mode

    • The uptime time counter for the Client reset to 00:00:00 after 24 hours

    • Automatic upgrade didn't work for Windows 2012 R2

  • For known limitations for this version, see details below.

Known Limitations for Windows Client v5.2 and Higher

This section lists known limitations that apply to all the Windows Clients version 5.2 and higher.

  • For deployments with a third-party proxy, Internet Explorer is not supported as the default browser.

    • Configure a different default browser on the device.

Known Limitations for Windows Client v5.0 and Higher

This section lists known limitations that apply to all the Windows Clients version 5.0 and higher.

  • This Client version uses the 85.255.31.1 IP address as part of the infrastructure to support Single Sign-On (SSO)

    • Make sure that this IP address is NOT blocked by any third-party anti-malware software

  • For accounts that use Azure Conditional Access, please set the Browser Authentication to External Browser (Access > Client Access > Authentication) For more information about Browser Authentication, see Configuring the Authentication Policy for Cato Clients

  • Set Browser Authentication to internal In-Client Browser to authenticate to OneLogin

  • For OneLogin SSO, we recommend that you use the internal in-Client browser. When Browser Authentication is set to External Browser, if the browser window or tab is closed, the end-user can't authenticate to OneLogin

  • Windows 8.1 OS is only supported when all the newest Microsoft updates and patches are installed

  • Automatic Upgrade for Windows Servers is currently not supported

  • Automatic Upgrade for the Windows Client version 5.0 is disabled for hosts that use the Windows Server operating system and the Trusted Browsing feature on the Windows Server blocks the Client from authenticating

    • Solution: To use Windows Client v5.0 on a Windows Server you can use one of the following solutions and then install or upgrade the new Client version:

      • Allowlist the domains for your IdP for Trusted Browsing

      • Disable the Trusted Browsing feature

Known Limitations for Windows Client v4.7 and Higher

This section lists known limitations that apply to all the Windows Clients version 4.7 and higher.

  • In some cases, for Windows devices with the Intel Killer Wireless NICs, after the Client connects to the network all traffic is blocked

    • Workaround: Disable the Killer Network Service on the Windows device, and then use the Cato Client to connect to the network

  • The MAC address of the Cato virtual adapter in the Client is randomly generated and isn’t guaranteed to be unique across the Clients in your network. Sometimes the MAC address isn’t shown for the virtual adapter.

    • When the MAC address is required, we recommend that you use the MAC address of the physical device instead of the Client virtual adapter.

macOS SDP Clients

This section summarizes the features and enhancements of macOS Clients from version 5.2 to 4.5.

In addition, it also lists the known limitations that apply to multiple Client versions.

macOS Client v5.2

macOS Client version 5.2 was uploaded to the User Portal on December 11th, 2022, and includes:

  • Enhanced Reauthentication Experience: A notification lets users know that the SSO or MFA session will soon expire, and allows them to seamlessly reauthenticate. Read more.

  • Status Bar Icon: Users can easily connect, disconnect, quit, and open the Client right from the status bar of macOS devices.

  • Security fixes and enhancements

  • Resiliency enhancements

  • For SDP users upgrading from v5.x to v5.2, a macOS limitation requires rebooting the device after upgrading the Client to v5.2

macOS Client v5.1

macOS Client version 5.1 was uploaded to the User Portal on July 25th, 2022, and includes:

  • For Single Sign-On (SSO) - Using the external browser to authenticate with the IdP. Read more.

  • Enhancements:

    • Improved overall stability and connectivity to the Cato Cloud

    • Enriched user notifications

    • Improved connectivity when switching networks

  • Bug Fixes:

    • Resolved bugs in the SSO authentication flow

  • For known limitations for this version, see details below.

macOS Client v5.0

macOS Client version 5.0 was uploaded to the User Portal on March 21st, 2022, and includes:

  • SDP Users Can Enjoy SSO Simplicity and with Security of Always-On: Cato Clients now support the ability to authenticate with Single Sign-On (SSO) and at same time the Client Access Connectivity policy is set to Always-On. Read more.

    • You can configure SSO and Always-On for the entire account or for specific SDP users

  • Improved SDP User Experience with Browser Authentication: We updated the Authentication (Access > Client Access > Authentication) screen so you can select the Browser Authentication experience for your Client users and use the in-Client browser or the external default OS browser. Read more.

  • Initial installation of v5.0 requires that you deploy it on all the macOS devices, available either with a PKG file or using an MDM.

    • macOS Client Version 4.5 is only available from the App Store (if it’s necessary to rollback to this version, install from the App Store)

  • Supports Managed Upgrades with an MDM.

  • Enhancements:

    • The capability for SDP users to directly download the macOS Client PKG file for version 5.0 from a new portal

  • For known limitations for this version, see details below.

macOS Client v4.5.1

macOS Client version 4.5 was uploaded to the User Portal on May 12th, 2021, and includes:

  • Enhancements:

    • Improved SSO authentication process in the Client - it only shows the IdP that is configured on your account

    • Improved connectivity and performance - enhanced queuing infrastructure to match Apple best practices and recommendations

    • Upgraded OpenSSL to version 1.1.1 to improve the Client security

Known Limitations for macOS Client v5.0 and Higher

This section lists known limitations that apply to all the macOS Clients version 5.0 and higher.

  • This Client version uses the 85.255.31.1 IP address as part of the infrastructure to support Single Sign-On (SSO)

    • Make sure that this IP address is NOT blocked by any third-party anti-malware software

  • For accounts that use Azure Conditional Access, please set the Browser Authentication to External Browser (Access > Client Access > Authentication) For more information about Browser Authentication, see Configuring the Authentication Policy for Cato Clients

  • For macOS devices with the Symantec Web Security Service (WSS) agent installed, we do not currently support installing the WSS agent and the macOS Client on the same device

  • Uploading a local split-tunnel file to the Client is not supported. You can use the global split-tunnel settings in the Cato Management Application

  • For OneLogin SSO, we recommend that you use the internal in-Client browser. When Browser Authentication is set to External Browser, if the browser window or tab is closed, the end-user can't authenticate to OneLogin

  • In some cases, this version might experience problems with these configurations:

    • Azure Conditional Access

    • Proxy configuration

    • For accounts that use a third-party proxy, make sure to whitelist the following items (for both HTTP and HTTPS):

      • IP address - 85.255.31.1

      • URL - sso.ias.catonetworks.com

iOS SDP Clients

This section summarizes the features and enhancements of iOS Clients from version 5.0 to 4.4.

iOS Client v5.0

iOS Client version 5.0 is available in the iOS App Store from November 24th, 2022 , and includes:

  • Always-On and SSO: The Cato Client now supports authentication with Single Sign-On (SSO) when the Always-On policy is enabled for iOS devices. Read more.

  • Bypass Code: Generate a Bypass Code to allow SDP users to temporarily disconnect the Client.

  • Bug fixes and enhancements

iOS Client v4.4.3

iOS Client version 4.4.3 is available in the iOS App Store from June 21st, 2022 , and includes:

  • Enhancements:

    • iPad support for landscape mode with the Client

    • Stabilization fixes for Office Mode

iOS Client v4.4.2

iOS Client version 4.4.2 was uploaded to the User Portal on January 11th, 2021, and includes:

  • Google SSO for Cato Clients: You can configure CC2 to use Google as an SSO provider for the Cato SDP Clients. Read more.

  • Bug fixes:

    • When an iOS device started after sleep mode, sometimes the Client tried to connect to the VPN and temporarily blocked Internet connectivity

    • The iOS Client sometimes had a negative impact on Internet performance, downloading and uploading data

iOS Client v4.4

iOS Client version 4.4 was uploaded to the User Portal on May 12th, 2021, and includes:

  • Device Authentication: The ability to restrict remote access on devices based on specific certificates.

  • Configuring VPN Office Mode: The feature was previously called Disable Office Connectivity. By default VPN Office Mode is enabled with the following behavior: when the Cato Client detects that the device is inside the office, it connects automatically to the office Socket. You can choose to disable this feature and connect directly to the Cato Cloud. Read more.

  • Enhancements:

    • Improved user experience when connecting to the VPN and bug fixes.

Known Limitation for iOS Client v5.0

This section lists known limitations that apply to all the iOS Clients version 5.0 and higher.

  • For accounts that use Device Authentication with a certificate, when the iOS device recovers from sleep mode, you need to open the Client (doesn't include Always On)

Android SDP Clients

This section summarizes the features and enhancements of Android Client version 5.0.2 to 4.2.

Android Client v5.0.2

Android Client version 5.0.2 was uploaded to the Google Play Store on November 13th, 2022, and includes:

  • Bug fixes and enhancements

Android Client v5.0

Android Client version 5.0 was uploaded to the Google Play Store in September 2022, and includes:

  • Support for Always On and SSO (read more)

  • Support for Device Authentication with certificates (read more)

  • Support for the following Client Access features:

    • Split Tunnel

    • External browser

  • Install the Client with an MDM

  • Improved tunnel resiliency

  • Improved look and feel

  • Bug fixes and enhancements

Android Client v4.2

Android Client version 4.2 was uploaded to the Google Play Store on July 27th, 2020, and includes:

  • Support for Chromebook devices: Chromebook devices can install the Android Client to securely connect to the Cato Cloud.

  • Using a registration code to provision SDP users: The Cato Management Application lets you choose between an invitation email or registration code to provision the Cato Client for new remote users. Read more.

  • Update Clients to new Cato branding.

Known Limitations for Android Client v5.0:

This section lists known limitations that apply to all the Android Clients version 5.0.

  • For Split Tunnel - only Include Mode is supported for Android devices v12.x and lower. Exclude Mode is supported for Android OS devices v13.0 and higher.

  • When the Android Client uses a Bypass Code, events are not generated. Events are still generated for other Client OS.

Linux SDP Clients

This section summarizes the features and enhancements of Linux SDP Clients from version 5.0.2 to 2.2.

Linux Client v5.0.2

Linux Client version 5.0.2 was uploaded to the User Portal on November 13th, 2022, and includes:

  • Bug fixes and enhancements

  • Starting with v5.0.2, SDP users can authenticate based on the settings in the Cato Management Application using SSO or username & password

Linux Client v5.0

Linux Client version 5.0 was uploaded to the User Portal on July 11th, 2022, and includes:

  • Support for Single Sign-On (SSO) with external browsers.

    • Requires Linux browser for authentication

    • Supported Linux OS 64-bit (X86_64) versions:

      • Ubuntu v18 and higher

      • CentOS v8 and higher

      • Fedora v36 and higher

      • Debian v11 and higher

      • Mint v20.3 and higher

  • Automatic authentication with cached credentials

  • Tunnel resiliency and automatic tunnel recovery

For more information about using the Linux Client, see Installing and Running the Linux Client v5.0.

Linux Client v2.2

Linux Client version 2.2 was uploaded to the User Portal on September 6th, 2021, and includes:

  • Using a registration code to provision SDP users: The Cato Management Application lets you choose between an invitation email or registration code to provision the Cato Client for new remote users. Read more.

  • Support for OpenSSL 1.1.1k

  • Bug fixes:

    • Resolved a bug with DNS settings on Ubuntu 18 and higher

  • Limitations:

    • Ubuntu 14 isn't supported

    • iPerf tests aren't supported

Was this article helpful?

0 out of 0 found this helpful

Comments

4 comments

Please sign in to leave a comment.