Building Business Continuity with High Availability and Redundancy in Cato

Introduction

Unplanned outages and network failures can disrupt operations, damage productivity, and hurt business continuity. Cato SASE addresses these challenges by offering built-in High Availability (HA) and redundancy features across your sites, edges, and links—without the need for complex setup or third-party failover solutions.

This blog explores how Cato supports seamless uptime through active-active tunnels, automatic failover, site-level HA, and cloud backbone resilience.

What You’ll Learn

• How Cato enables automatic failover between internet links, devices, and PoPs
• Difference between site-level and edge-level HA deployments
• Setting up redundant edges for branch continuity
• Monitoring failover events and tunnel stability
• Real-world HA deployment example
• Deep dive into Link Health metrics and experience monitoring

Understanding Redundancy in Cato

Cato’s architecture is designed with redundancy at multiple levels:

• PoP-level Redundancy – Each Cato PoP is fully redundant and connected to multiple Tier-1 ISPs
• Tunnel Redundancy – All SD-WAN tunnels are created in active-active mode by default
• Edge Device Redundancy – You can deploy multiple Cato Socket devices per site for hardware-level HA
• Link Redundancy – Sites can be connected via multiple internet connections (e.g., fiber + LTE backup)

Redundant Internet Links

To prevent internet outages at branch or HQ sites:

1. Connect multiple WAN interfaces to the Cato Socket (e.g., WAN1 and WAN2)
2. Navigate to Site Configuration > Sockets > Interfaces
3. Assign primary and secondary priorities to WAN links
4. Enable Smart Link Selection, which uses real-time health data for tunnel routing

When a link degrades, traffic is shifted seamlessly to the healthier path without user disruption.
 

Understanding Link Health and Tunnel Probes

Cato uses continuous tunnel health monitoring to assess each link’s quality. Probes are sent every few seconds to measure:

• Packet Loss – How many packets are dropped en route to a PoP
• Jitter – Variation in delay affecting real-time traffic (e.g., VoIP)
• Latency – Round-trip time between the site and Cato PoP
   

These metrics are visible in:

• Monitoring > Site Overview
• Analytics > Network Analytics > Link Metrics
   

Cato automatically routes critical traffic over the healthier path based on this telemetry, ensuring the best user experience at any moment.

Experience Monitoring with Last-Mile Visibility

Cato also offers End-to-End Experience Monitoring, particularly useful for identifying issues in the local ISP (last mile). Using synthetic probes and performance baselines, you can:

• Detect if issues originate from user LAN, internet circuit, or PoP
• Measure user experience consistency during off-hours and peak loads
• Correlate app performance issues to tunnel health metrics
   

This allows IT teams to validate SLA compliance and hold ISPs accountable during performance degradation.
 

Deploying HA with Dual Cato Sockets

For critical sites, Cato supports High Availability using two Sockets in Active/Standby mode:

• Both Sockets are connected to the LAN and WAN
• Only the active device forwards traffic; the standby takes over during hardware or power failure
• Failover is automatic and occurs within seconds
   

Steps:

1. Deploy two Sockets in the same site configuration
2. Under Site > High Availability, pair the Sockets as primary and secondary
3. Connect them to separate power and network sources for full fault isolation

Real-World Use Case: HA at Regional HQ

A regional headquarters in the GCC has two internet links and redundant Sockets:

• Link 1: Dedicated fiber
• Link 2: 5G LTE
• Socket A (Primary) and Socket B (Secondary)

During a power event, Socket A went offline. Socket B seamlessly took over, and Smart Link Selection routed voice traffic over the LTE backup while prioritizing ERP access.

Business operations continued without any downtime or end-user impact.

Monitoring and Verifying Redundancy Events

You can monitor the health and performance of HA setups using:

• Monitoring > Site Overview – See link health and tunnel status
• Events > System Events – Track failovers, device status, and PoP changes
• Analytics > Network Analytics – Compare performance between WAN links over time

Tips for Effective HA Planning

• Always connect Sockets to different power circuits or UPS systems
• Use diverse ISPs (e.g., fiber + wireless) for internet resilience
• Enable logging for all tunnel and interface events
• Regularly test failover by simulating edge/power disconnections
• Review Cato’s HA documentation before rollout
   

FAQ Summary

Can I use HA without dual Sockets?

Yes. You can still achieve link-level redundancy with a single Socket and multiple WAN links.
 

Is HA available at all sites?

Yes, for any site with supported hardware and licensing.
 

How fast is failover between Sockets?

Typically occurs within seconds and does not require manual intervention.
 

Can I prioritize which link to failover to?

Yes. You can set link priorities and policies via Smart Link Selection.
 

Is HA supported in mobile clients?

No. HA is designed for site-level deployments, not individual client devices.
 

High Availability and redundancy aren’t just checkboxes—they’re critical for keeping your business online and your users productive. With Cato, you get these capabilities natively, and setting them up is easier than ever. Click Here To Know More