Starting on March 19, 2023, Cato will introduce a new ordered policy for Always-On settings for SDP users and remote access. This policy lets you implement granular rules that are easy to maintain and update, and also provides the security of remote access with Always-On. This new policy has no impact on the settings and functionality of your account.

These are the actions for the new policy:

• Always-On - users & groups in this rule are always connected to the network
• On-Demand - users & groups in this rule can choose to disconnect from the network

The final implicit rule in the policy is ANY ANY On-Demand. So, any user that doesn’t match a rule in the policy can choose to disconnect from the network.

What Are the Changes to My Account?

The old Always-On settings are migrated to rules in the new policy that keep the same Always-On configuration for your account.

• For accounts that enabled Always-On for one or more platforms (OS):
  • The OS that require Always-On are migrated to one rule with the Always-On action
• For accounts that enabled Always-On, and defined exceptions for individual SDP users, for each OS two rules are created. First a rule for the individual SDP users, and then a rule for the default account setting. When there are more than 10 SDP users with exceptions, all these users are added to a User Group in the rule.

For example, if Always-On is enabled for Windows, and three users are excluded from this setting, these are the rules:

• Individual users with the action On-Demand
• Windows OS with the action Always-On

What Is the Impact to My Account?

There is no impact to your account. The OS and individual SDP users are migrated to rules with the appropriate action.

Who do I talk to if I have questions?  

Please contact  Support.