Autonomous DEM
About Access Analyzer
Table of Contents
Expand All
|
Collapse All
Autonomous DEM Docs
-
- AI-Powered ADEM
- Autonomous DEM for China
-
-
- AI-Powered ADEM
- Access Experience Agent 5.1
- Access Experience Agent 5.3
- Access Experience Agent 5.4
About Access Analyzer
Learn about Access Analyzer, which provides automatic monitoring of your SASE
environment.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Access Analyzer provides automatic monitoring of your SASE environment. It offers a
natural-language query interface for contextual troubleshooting and what-if analysis to
analyze access and connectivity issues in your SASE environment. You can run
natural-language queries to check connectivity between:
- User to SaaS application
- User to private application hosted on premises or on a remote branch office
- User to remote site
- Site to network
- Site to site
Access Analyzer uses Prisma Access topology, firewall configuration, Security policy,
firewall network operational state (for routing, FIB, and so on), and other relevant
firewall and authentication logs collected by the AIOps platform to provide a
comprehensive connectivity analysis. The Application Analyzer checks for problems
with:
- User authentication
- Access topology
- Network services, such as DNS and authentication servers
- Prisma Access nodes, such as mobile user gateways, portals, remote networks, and service connections
- Network connectivity
- Security policy analysis
- Logs from relevant sources, such as Prisma Access nodes, GlobalProtect logs, and Traffic logs
- Known incidents that are affecting connectivity
Access Analyzer provides an analysis of issues in your environment and an actionable
summary. You will be able to view information about various issues, as described
below.
Issue Type
|
Description of Issue
|
---|---|
Infrastructure Issues
| |
Remote network (RN), Mobile User (MU), Gateway (GW), Service
Connection (SC)
|
Primary or secondary node is down
|
RN, MU, GW, SC
|
Primary or secondary tunnel is down
|
RN, MU, GW, SC
|
Degraded performance, such as latency and packet drops
|
RN, MU, GW, SC
|
Network reachability
|
MU Portal
|
MU portal is down
|
MU Portal
|
MU portal is unreachable
|
Customer Network Service Issues
| |
DNS, Authentication (such as Radius) Server Issue
|
Network reachability
|
DNS, Authentication (such as Radius) Server Issue
|
Degraded performance
|
DNS, Authentication (such as Radius) Server Issue
|
Security policy configuration
|
Identity SaaS Service Issues (such as Hosted Active Directory [AD],
MFA)
|
Network reachability
|
Identity SaaS Service Issues (such as Hosted AD, MFA)
|
Degraded performance
|
Identity SaaS Service Issues (such as Hosted AD, MFA)
|
Security policy configuration
|
Client Connectivity Issues
| |
GlobalProtect Client
|
Client version mismatch
|
GlobalProtect Client
|
The client's local network is down
|
GlobalProtect Client
|
GlobalProtect client tunnel is down
|
GlobalProtect Client
|
Explicit Proxy is unreachable
|
GlobalProtect Client
|
GlobalProtect client authentication failure
|
ISP
|
ISP outage
|
ISP
|
ISP degraded service
|
Authentication
|
Authentication server connectivity
|
Authentication
|
Authentication configuration issue
|
SaaS Applications Connectivity Issues
| |
SaaS Application Unreachable or Degraded Service
|
Network reachability
|
SaaS Application Unreachable or Degraded Service
|
Security policy configuration
|
SaaS Application Unreachable or Degraded Service
|
Degraded performance
|
Private Application Connectivity Issues
| |
Private Application is Unreachable or Degraded
|
The primary or secondary remote network or service connection node is
down
|
Private Application is Unreachable or Degraded
|
The primary or secondary external or internal tunnel is down
|
Private Application is Unreachable or Degraded
| Network reachability |
Private Application is Unreachable or Degraded
|
Security policy configuration
|
Private Application is Unreachable or Degraded
|
Degraded performance
|