Cato Networks provides a converged, cloud-based networking and security platform connecting all of your corporate locations, cloud assets and mobile users. All network and security management is done through the Cato Management Application, a self-service console that provides a single view into the entire global network.
This is an example of a customer environment in the Cato Management Application, from here you’ll manage every aspect of the network.
The main topology screen shows all the sites, datacenters, and mobile users connected to the Cato Cloud. You can click any object to see more information and change configuration or policies.
On your right side, is a snapshot of the overall network performance and, on your left side, are options to drill down into networking and security aspects of your implementation. Let’s take a deeper look.
The WAN Firewall is where you set access policies between the company different resources.
Drilling down, you can see it allows you to segment the network and enable access based on user identities or location.
All Internet-bound traffic is controlled by the Internet Firewall. It is fully identity- and application-aware so the admin can set specific access policies based on the users’ AD groups or roles.
Drilling down, you can see it’s fully identity- and application-aware so the admin can set specific access policies based on the users’ AD groups or roles.
Once the traffic is classified, we dynamically route it based on real-time link quality
Policy-based routing empower the admin to decide per application which transport to use, it can be via Cato or another transport, like MPLS.
Preferred NIC allow to decide between “Business line” vs “non-business line”
Route/NAT enables configuration of egress point via specific PoP – Cato accelerate business application access to physical or cloud datacenters by carrying it on the Cato Backbone and dropping it right at the datacenter.
Packet loss mitigation enables packet duplication on dual links – we create 2 copies of each packet and send it on each link.
The TCP Proxy indicates to TCP clients and servers that their destinations are close by (at the PoP), allowing them to set large TCP windows, this increases the total throughput
Once the traffic is classified, we dynamically route it based on real-time link quality
Policy-based routing empower the admin to decide per application which transport to use, it can be via Cato or another transport, like MPLS.
Preferred NIC allow to decide between “Business line” vs “non-business line”
Route/NAT enables configuration of egress point via specific PoP – Cato accelerate business application access to physical or cloud datacenters by carrying it on the Cato Backbone and dropping it right at the datacenter.
Packet loss mitigation enables packet duplication on dual links – we create 2 copies of each packet and send it on each link.
The TCP Proxy indicates to TCP clients and servers that their destinations are close by (at the PoP), allowing them to set large TCP windows, this increases the total throughput
The real-time analytics allows the admin the visibility to each link live performance, its ordered by the priorities configured by the admin.
Each priority gets MOS score based on the service level it receives. The admin can click any priority for additional information and to see how it performs, on which transport, top applications, and the top hosts consuming the bandwidth
Cato introduced identity-aware routing back in July, 2018. Identity awareness abstracts policy creation in Cato Cloud from the network and application architecture, enabling business-centric routing policies based on user identity and group affiliation. It headlines a series of SD-WAN enhancements we’re making today to Cato Cloud. To learn more, see https://www.catonetworks.com/blog/cato-revolutionizes-sd-wan-with-identity-aware-routing/
Our SD-WAN policy rules are ordered by priority, each rule applies to traffic with a set of attributes that affect traffic routing and service levels
The policy enforcements starts with the application type or application category, including datacenter-based, homegrown, commercial, or cloud applications
Next is the user that initiates the traffic,. We integrate with the company Active Directory so rules can be set for specific users or user groups.
Last, the policy applies priority to the traffic matching the rule.
This ability to identify traffic by users and application allows customers to define policies that are better aligned with business needs
We have also integrated identity awareness in our reporting and logs.
Drilling down you can see that the admin can monitor specific users activities for advanced troubleshooting and monitoring
Cato provides deep and robust network analytics metrics on all traffic per location. It gives the administrator a powerful tool to troubleshoot any aspect of the network.
Once again, drilling down we can see a site with two internet links and its performance over time. Detailed information about throughput, packet loss, and jitter are available for advanced troubleshooting.
The real-time network analytics is another powerful tool that enables visibility to the site’s active links. The admin can see aggregated statistics or click any link for detailed information.
For example, by clicking WAN1, a real-time usage presented with details of the users and the applications using the link.