Information to Collect When Submitting Tickets to Cato Networks Support

This document explains what information to include when submitting a Support Ticket. It is divided into General and per-problem-type guidelines. This will enable us to provide the highest level of support and speed up the investigation of the issue reported.

 

Support Ticket Template

Below is a template to use when raising tickets with Cato Support. Please include General and per-problem items.

General Guidelines

Include the following initial details that are relevant to all tickets:

a. Description of the issue: provide an accurate statement of the issue and the data that supports what is being reported, along with the troubleshooting steps completed. What was the method used to determine the main problem?

b. Time of the incident: When did it happen (include time zone)? Did it work before? What was the duration of the incident? This information should be provided as part of the description.

c. Impacted Site(s)/User: Include the sites impacted or the SDP/internal users affected, detailing their user name, IP address, and user location (home, office, hotspot, etc). What’s the number of sites or users affected?

d Network Diagram: include a clear network diagram that contains all the parts involved in the traffic flow. If NAT is in place, define the node performing NAT and what the original and NATed IP addresses are.

e. Contextual data: changes that occurred in and around the time of the reported case, such as network changes, equipment changes, ISP changes, Cato changes, etc. CMA audit trail may be used.

f. Preferred working hours: provide your preferred hours, including your time zone, to ensure that the assigned engineer is available during your preferred working hours.

 

Ticket Example

We were alerted via connectivity alert of a brief connectivity outage at our site SiteA on the 11th January, between 15:00 and 16:00 UTC. This is the first instance of an outage we are aware of. All our other sites were unaffected. 

We are not aware of any scheduled maintenance or outages on the ISP connection. Our Audit log also doesn't show that any changes were made directly prior to the window.

The socket is now online, so we do not see anything unusual on the WebUI, but we were able to take a packet capture on the WAN 1 interface while this issue was live, attached. We also rebooted the socket, but this did not resolve the situation. The socket came back online with no further intervention at 16:00UTC. 

The events related to this outage can be seen in the screenshot below:

<screenshot>

Our preferred working hours are 09:00-17:00 UTC.

 

Guidelines according to the problem type

Based on the problem type, include the following information:

1. WAN connectivity/accessibility issue

Unable to reach a WAN resource over Cato, slow access, blocked, etc.

a. Include details from the General Guidelines

b. Source IP (private IP behind Cato):

c. Destination IP (private IP behind Cato):

d. Which app/device/protocol is used:

e. Related Security events in CMA > Monitoring > Events – Add screenshots

f. For slowness cases, see General latency/Slowness/packet loss

g. Reproduce the issue and run the Support Self Service. Include the ticket number generated by the Tool.

h. Attach any data that supports what is being reported

Useful troubleshooting article - How to Check if Traffic is Blocked by the WAN Firewall

 

2. Internet connectivity/accessibility issue

Unable to reach internet resources over Cato, slow access, blocked, etc.

a. Include details from the General Guidelines

b. Source IP (private IP behind Cato):

c. Impacted URL/Webapp:

d. Does it work outside of Cato? Either using Destination Bypass or on a different network?

e. Does excluding TLS inspection for the URL/Webapp in question solve the issue?

f. Related Security events in CMA > Monitoring > Events – Add screenshots

g. For slowness cases, see General latency/Slowness/packet loss

h. Gather Developer tools information while accessing the affected website (both with and without Cato) – attach har files.

i. In case the account has Threat Protection enabled (Anti-Malware, NG Anti-Malware, and IPS), add the affected URL to a bypass Internet rule in CMA and report if it helped or not.

j. Reproduce the issue and run the Support Self Service. Include the ticket number generated by the Tool.

k. Attach any data that supports what is being reported

Useful troubleshooting article - How to Troubleshoot Long Webpage Loading Time and Rendering Problems

 

3. RPF connectivity/accessibility issue

Unable to reach internal resources via Remote Port Forwarding

a. Include details from the General Guidelines

b. Source IP (client public IP address):

c. Impacted RPF rule/service:

d. Related Security events in CMA > Monitoring > Events – Add screenshots

e. Take a traffic capture on the LAN interface where the internal server connects to. Add the PCAP as an attachment.

f. In case the account has Threat Protection enabled (Anti-Malware, NG Anti-Malware, and IPS), add the affected source IP in an allow list and report if it helped or not.

g. Attach any data that supports what is being reported

 

4. General latency/Slowness/packet loss

High latency, slowness, or packet loss when reaching resources over Cato.

a. Include details from the General Guidelines

b. Check in CMA, Network > Sites > Site Monitoring > Network Analytics, see Showing the Site Network Analytics

  • Are there packet loss indicators in the downstream/upstream graphs for the last few days?
  • What is the expected throughput and what is the current throughput?
  • Is the Distance graph not stable? (Yes/No):
  • What is the expected latency and what is the current one? (Example: from host x to website y the usual/expected is 70ms now it’s 150ms)
  • Does the Last Mile graph under Network Analytics show any packet loss? If yes, it means the issue appears also without Cato

c. Does the affected service/application suffer from packet loss due to QoS? Related article - Analyzing QoS and BW Management for a Site

d. Related connectivity events in CMA > Monitoring > Events – Add screenshots

e. Does bypassing the Socket or connecting directly to the ISP modem show no latency or packet loss?

f. Have you checked with the ISP? (Yes/No) – If yes, please attach the analysis

g. Attach any data that supports what is being reported, including traceroutes, pings, speed test, and bandwidth utilization.

Useful troubleshooting article - How to Troubleshoot Packet Loss

 

5. Cato Management Application Problem

Issues opening/loading CMA resources, slow access, blocked, etc.

a. Include details from the General Guidelines

b. Which screen/functionality is not working as expected?

c. Does it work for other Administrators (Yes/No)?

d. For Slowness issues, gather developer tools information while accessing CMA

e. Attach any data that supports what is being reported

 

6. Cato SDP Client

Unable to connect, authenticate or reach resources via Cato using the Cato SDP Client.

a. Include details from the General Guidelines

b. Is this a new install?

c. Does the issue affect a specific SDP user or many users? Does the client work for other users?

d. What is the Client version and the Host OS version?

e. Related events in Monitoring > Events – Add screenshots

f. Collect Client logs after replicating the issue and any other data that supports what is being reported.

g. If using macOS, collect console logs and include them in the ticket.

h. If the issue is related to a resource not being reachable, see WAN connectivity/accessibility issue or  Internet connectivity/accessibility issue

 

7. Physical Cato Socket (down/not working)

Unable to connect a physical socket with the Cato Cloud.

a. Include details from the General Guidelines

b. Is this a new socket not getting registered? If yes, provide the serial number.

c. Has there been any changes in the local network recently (Yes/No), If so, elaborate on the changes

d. Related events in CMA > Monitoring > Events – Add screenshots

e. Access the socket UI locally > Monitor. What is the status of the interfaces?

f. For issues where the tunnel is down, take a traffic capture on the WAN interface. Add the PCAP as an attachment.

g. For Socket HA environment issues:

  • Is the affected socket primary or secondary?
  • Confirm if split brain occurred (both sockets appear as Master)

Useful troubleshooting article - Troubleshooting Socket Registration/Initial Connectivity Failures

 

8. vSocket (down/not working)

Unable to connect a vSocket (AWS, Azure, ESXi) with the Cato Cloud.

a. Include details from the General Guidelines

b. Is this a new vSocket implementation? Were all the steps from the vSocket KB followed?

c. Has there been any changes in the Cloud environment? (Yes/No), If so, elaborate on the changes

d. Related events in CMA > Monitoring > Events – Add screenshots

e. For issues where the tunnel is down, connect to the vSocket UI (for AWS or for Azure) via the MGMT interface > Monitor. Take a traffic capture on the WAN interface. Add the PCAP as an attachment.

f. For vSocket HA environment issues:

 

9. IPSec

Unable to bring up an IPSec tunnel with Cato or issues passing traffic over the IPSec tunnel.

a. Include details from the General Guidelines

b. Confirm that the IPSec configuration on Cato follows IKEv1 and IKEv2 guidelines.

c. Cato allocated IP address:

d. Public Remote Firewall IP address :

e. Firewall vendor/model:

f. Relevant IPSec logs from the remote firewall (if available)

g. Who is set to initiate the tunnel? Cato or the remote firewall?

h. Related Connectivity events in CMA > Monitoring > Events – Add screenshots

i. Do traffic selectors match on both Cato and the firewall?

j. If the issue is related to packet loss, does it happen when pinging over the tunnel and to any other public IP such as Google (8.8.8.8)?

 

10. VoIP

Issues related to a VoIP system not working as expected over Cato.

a. Include details from the General Guidelines

b. Describe the user experience in detail. Is it related to phone registration, 1-way audio, no audio, or choppy voice? Is the issue constant or intermittent?

c. What is the location of the phones and the VoIP server (PBX)? Are they on the same site or different sites?

d. What are the IP addresses of the devices involved?

e. Relevant logs from the VoIP system (if available)

f. Is the VoIP service given QoS high priority in CMA? Related article - Analyzing QoS and BW Management for a Site

g. Is there a Network rule assigning an egress IP to VoIP traffic? Related article - Best Practices for Egressing Traffic

h. Related events in CMA > Monitoring > Events – Add screenshots

i. Reproduce the issue and run the Support Self Service. Include the ticket number generated by the Tool.

j. Take a traffic capture on the LAN interface. Add the PCAP as an attachment.

Useful troubleshooting article - SIP Troubleshooting

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment