Skip to main content

Creating a XaaS Connection (Cato SASE Cloud Platform) Resource

This page explains how to use the OCX Portal to create a XaaS Connection that connects to the Cato SASE Cloud Platform security service/SASE.

Connectable Services

By creating a XaaS Connection (Cato SASE Cloud Platform), secure inter-site and internet connections via the Cato SASE Cloud Platform become possible.

Notes

Preparation

Please check the following before creating a XaaS Connection resource:

  • Your User Role is either admin or user.

Procedure for Creating a XaaS Connection Resource

  1. Log in to the OCX Portal.

  2. Click [XaaS Connections] from the left navigation bar.

  3. From the XaaS Connections list page, click [+Create], select Security Service/SASE from the menu, and then select Cato SASE Cloud Platform. ※Refers to the +Create button next to the XaaS Connections title.

  4. You will proceed to the XaaS Connection resource creation step. Configure the input items as follows and click [Create].

    • Name

      • Enter an arbitrary name. Entering a name that is easy to identify will make management easier.
      • The maximum number of characters is 40.
      • Leading and trailing whitespace characters in the resource name are automatically removed.

    • Region

      • Select an arbitrary region from the pull-down menu. Please note that the region cannot be changed after creation.
      Region
      Tokyo
      Osaka

    • Speed (Bandwidth)

      • For XaaS Connection (Cato SASE Cloud Platform), only 1Gbps speed (bandwidth) is available.

    • Target XaaS

      • The Cato SASE Cloud Platform selected in Step 3 is displayed.

    • Private IP Address

      • Enter the IPv4 address to be used as the gateway for the XaaS connection in CIDR (IPv4/mask) format. (Example: 192.168.0.1/24) ※Refer to the [Supplementary Information] section for unusable IP addresses.

    • Local ASN

      • Enter the AS number to operate on the XaaS Connection. 4-byte ASNs are supported. It operates as eBGP. ※Refer to the [Supplementary Information] section for unusable AS numbers. ※The Local ASN will be added once or twice to the AS-Path of the route information.

  5. A creation confirmation popup will appear. Check the cost involved in creation and click [Create].

  6. The XaaS Connections list page will be displayed. When the XaaS Connections resource is created, a Global IP address for IPsec tunnel configuration is issued. ※To use XaaS Connection (Cato SASE Cloud Platform), Creating IPsec Parameters is required. ※Charges apply for the creation and use of IPsec Parameters.

  7. For Creating IPsec Parameters, refer to the Cato Networks documentation and the Allocated IP Setting provided by Cato Networks to select the Cato PoP you want to connect to and confirm/obtain the corresponding destination Global IP address. ※You can refresh the status by clicking [Refresh] at the top right.

This completes the creation of the XaaS Connection resource.

Remarks

Notes

  • The IPsec tunnel is established between OCX and the Cato SASE Cloud Platform, so no configuration is required on the customer's CPE.
  • IPsec settings and BGP settings are required on the Cato Networks portal site.
  • Regarding IPsec parameters on the Cato side, please set the DH Group to "20" for Initial/Authentication messages, and set other parameters to "Automatic".

Global IP Address for IPsec Tunnel Configuration

When a XaaS Connection resource is created, one Global IP address for IPsec tunnel configuration is provided per tunnel. ※As defined in the XaaS Connection specific regulations, please do not use this IP address for any purpose other than IPsec tunnel configuration. We assume no responsibility for communication resulting from unintended use. Furthermore, if such use is discovered, we may temporarily suspend or terminate the provision of the XaaS Connection.

Unusable IP Addresses

  • The following IPv4 address ranges cannot be used for the Private IP Address.

    Address RangeRemarks
    0.0.0.0/8RFC1122 this network
    127.0.0.0/8RFC1122 localhost
    192.0.0.0/24RFC5736 IETF protocol Assignments
    192.0.2.0/24RFC5737 TEST-NET-1
    192.88.99.0/24RFC7526 6to4 anycast relay
    198.18.0.0/15RFC2544 benchmarking
    198.51.100.0/24RFC5737 TEST-NET-2
    203.0.113.0/24RFC5737 TEST-NET-3
    240.0.0.0/4Multicast Address
    224.0.0.0/4Multicast Address

Unusable ASNs

  • The following AS numbers cannot be used as they are reserved by RFC.
    • 0
    • 23456
    • 65535
    • 4294967295