The Cato Client is proprietary endpoint software that delivers secure access, advanced security enforcement, and monitoring capabilities. Downloading, installing, and connecting the Client is a simple process that enables you to quickly begin using its features and realizing value.
Depending on how your organization has configured the remote access policies and Client settings, the behavior and available features may vary. Some options described in this article might not apply to your specific installation.
The Client runs in the background on the device and contains a suite of features to secure your network, devices and identify and support your users.
The capabilities of the Client can be grouped into six key capabilities:
- Identification and Authentication
- Device Posture
- Secured Remote Access (requires a ZTNA license)
- Secured Internet Access (requires a ZTNA license)
- Digital Experience (requires a DEM license)
- User Engagement
For more information, see Understanding the Capabilities of the Cato Client.
- System level notifications must be enabled on the device to authenticate using the browser within the Client (Embedded browser).
- The Client is Allowed in the background (This is enabled in Settings > General > Login Items)
- The Client requires Full Disk Access permissions for Device Posture checks and collecting logs.
- Review the Prerequisites (especially the minimum device operating system) listed in Preparing to Install the Cato Client.
The Client may have been automatically installed on your device which means you can use the instructions below to add a user and connect. If the Client was not installed, you can download and install it following the steps below:
You can download the macOS Client onto your device from the Client Portal.
To download the macOS Client from the Cato website:
- From a browser, open the Client download portal, and select the macOS tab.
- Click Download. The installation file is saved to your device.
Once you download the Client, you can install it on your macOS device.
To install the macOS Client on your device:
- Open the macOS Client installation file.
- Follow the steps in the installation wizard.
-
When the Installer pop up is displayed, enter the device password.
-
In the System Extension Blocked pop up, click Open System Setting.
-
For macOS versions Sequoia (15.0) and above:
- In the General section, navigate to Login Items & Extension.
-
Under the Extensions section, click Network Extensions i symbol.
-
In the Network Extensions pop up, turn the Cato Client toggle on.
- Click Done.
Note
Note: You may be asked to allow the Client to find devices on local networks. This is not required for normal operation of the Client.
-
For macOS versions Ventura (13.0) and above:
-
In the Privacy & Security section, click Allow.
-
Enter the device Username and Password and click Unlock.
- Close the Privacy & Security window.
-
-
-
The Client requests your permission to add a new VPN configuration, click Allow.
The Client is installed on your device.
You can add more than one user to the Client. To add a new user, on the User tab, click Add User and sign in with your email and password (and MFA) or SSO
Once you have installed the Client, sign in to connect to the network. You can sign in with your email address and password (and MFA method) or with SSO.
In the Client, click the Connect button and enter your email address. You will then be sent an email that explains how to create your password.
Once you have created your password you can sign into the Client and connect to the network.
Note
Note: You may have received the email the with an explanation on how to create your password before you click Connect.
After you have added a User to the Client, you can connect to the network.
To connect to the network:
-
From the Home page of the Client, click the Connect button in the middle of the shield.
The Client connects to the network.
Note
Note: This is the only supported method of connecting to the network. Connecting from System Preferences > Network on the device is not supported.
By default, the Client automatically connects to the optimal PoP based on geolocation and connectivity metrics. For more information on the Client connection process, see Preparing to Install the Cato Client.
You can override this process by manually entering the IP address of a specific PoP you want the Client to connect to. To view the IP addresses of Cato's PoPs, see Production PoP Guide.
You can view the Client connectivity status in the Client or using the Windows tray icon. The symbols for each connectivity status are:
| Symbol | Description |
|---|---|
| The Client is connected. | |
| The Client is connected but has a warning. | |
| The Client is connected but has an error. | |
| The Client is disconnected. | |
| The Client is disconnected due to an error. | |
| The Client is bypassing the Cato Cloud. For more information, see Protecting Users with Always-On Security |
Based on the configuration of the Client Connectivity policy the Client checks your device has the required software or updates installed before it allows you to connect to the network. For example, the Client checks if you have an up-to-date antivirus software installed. Only secure and compliant devices are allowed to connect. If the device doesn't comply with the Client Connectivity policy, the Client is blocked, and there is a notification with more details.
If your device doesn’t meet the security policy, the Client doesn't connect and shows a message explaining the issue. Common reasons include:
- Out-of-date antivirus software version
- An unsupported operating system
- Need to update the Client to a newer version
Click Details in the message to see what failed.
0 comments
Please sign in to leave a comment.