Access Analyzer provides automatic monitoring of your SASE environment. It offers a
natural-language query interface for contextual troubleshooting and what-if analysis to
analyze access and connectivity issues in your SASE environment. You can run
natural-language queries to check connectivity between:
User to SaaS application
User to private application hosted on premises or on a remote branch office
User to remote site
Site to network
Site to site
Access Analyzer uses Prisma Access topology, firewall configuration, Security policy,
firewall network operational state (for routing, FIB, and so on), and other relevant
firewall and authentication logs collected by the AIOps platform to provide a
comprehensive connectivity analysis. The Application Analyzer checks for problems
with:
User authentication
Access topology
Network services, such as DNS and authentication servers
Prisma Access nodes, such as mobile user gateways, portals, remote networks,
and service connections
Network connectivity
Security policy analysis
Logs from relevant sources, such as Prisma Access nodes, GlobalProtect logs,
and Traffic logs
Known incidents that are affecting connectivity
Access Analyzer provides an analysis of issues in your environment and an actionable
summary. You will be able to view information about various issues, as described
below.
Issue Type
Description of Issue
Infrastructure Issues
Remote network (RN), Mobile User (MU), Gateway (GW), Service
Connection (SC)
Primary or secondary node is down
RN, MU, GW, SC
Primary or secondary tunnel is down
RN, MU, GW, SC
Degraded performance, such as latency and packet drops
RN, MU, GW, SC
Network reachability
MU Portal
MU portal is down
MU Portal
MU portal is unreachable
Customer Network Service Issues
DNS, Authentication (such as Radius) Server Issue
Network reachability
DNS, Authentication (such as Radius) Server Issue
Degraded performance
DNS, Authentication (such as Radius) Server Issue
Security policy configuration
Identity SaaS Service Issues (such as Hosted Active Directory [AD],
MFA)
Network reachability
Identity SaaS Service Issues (such as Hosted AD, MFA)
Degraded performance
Identity SaaS Service Issues (such as Hosted AD, MFA)
Security policy configuration
Client Connectivity Issues
GlobalProtect Client
Client version mismatch
GlobalProtect Client
The client's local network is down
GlobalProtect Client
GlobalProtect client tunnel is down
GlobalProtect Client
Explicit Proxy is unreachable
GlobalProtect Client
GlobalProtect client authentication failure
ISP
ISP outage
ISP
ISP degraded service
Authentication
Authentication server connectivity
Authentication
Authentication configuration issue
SaaS Applications Connectivity Issues
SaaS Application Unreachable or Degraded Service
Network reachability
SaaS Application Unreachable or Degraded Service
Security policy configuration
SaaS Application Unreachable or Degraded Service
Degraded performance
Private Application Connectivity Issues
Private Application is Unreachable or Degraded
The primary or secondary remote network or service connection node is
down
Private Application is Unreachable or Degraded
The primary or secondary external or internal tunnel is down
