About Access Analyzer
Focus
Focus
Autonomous DEM

About Access Analyzer

Table of Contents

About Access Analyzer

Learn about Access Analyzer, which provides automatic monitoring of your SASE environment.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
  • ADEM or Strata Cloud Manager Pro license
Access Analyzer provides automatic monitoring of your SASE environment. It offers a natural-language query interface for contextual troubleshooting and what-if analysis to analyze access and connectivity issues in your SASE environment. You can run natural-language queries to check connectivity between:
  • User to SaaS application
  • User to private application hosted on premises or on a remote branch office
  • User to remote site
  • Site to network
  • Site to site
Access Analyzer uses Prisma Access topology, firewall configuration, Security policy, firewall network operational state (for routing, FIB, and so on), and other relevant firewall and authentication logs collected by the AIOps platform to provide a comprehensive connectivity analysis. The Application Analyzer checks for problems with:
  • User authentication
  • Access topology
  • Network services, such as DNS and authentication servers
  • Prisma Access nodes, such as mobile user gateways, portals, remote networks, and service connections
  • Network connectivity
  • Security policy analysis
  • Logs from relevant sources, such as Prisma Access nodes, GlobalProtect logs, and Traffic logs
  • Known incidents that are affecting connectivity
Access Analyzer provides an analysis of issues in your environment and an actionable summary. You will be able to view information about various issues, as described below.
Issue Type
Description of Issue
Infrastructure Issues
Remote network (RN), Mobile User (MU), Gateway (GW), Service Connection (SC)
Primary or secondary node is down
RN, MU, GW, SC
Primary or secondary tunnel is down
RN, MU, GW, SC
Degraded performance, such as latency and packet drops
RN, MU, GW, SC
Network reachability
MU Portal
MU portal is down
MU Portal
MU portal is unreachable
Customer Network Service Issues
DNS, Authentication (such as Radius) Server Issue
Network reachability
DNS, Authentication (such as Radius) Server Issue
Degraded performance
DNS, Authentication (such as Radius) Server Issue
Security policy configuration
Identity SaaS Service Issues (such as Hosted Active Directory [AD], MFA)
Network reachability
Identity SaaS Service Issues (such as Hosted AD, MFA)
Degraded performance
Identity SaaS Service Issues (such as Hosted AD, MFA)
Security policy configuration
Client Connectivity Issues
GlobalProtect Client
Client version mismatch
GlobalProtect Client
The client's local network is down
GlobalProtect Client
GlobalProtect client tunnel is down
GlobalProtect Client
Explicit Proxy is unreachable
GlobalProtect Client
GlobalProtect client authentication failure
ISP
ISP outage
ISP
ISP degraded service
Authentication
Authentication server connectivity
Authentication
Authentication configuration issue
SaaS Applications Connectivity Issues
SaaS Application Unreachable or Degraded Service
Network reachability
SaaS Application Unreachable or Degraded Service
Security policy configuration
SaaS Application Unreachable or Degraded Service
Degraded performance
Private Application Connectivity Issues
Private Application is Unreachable or Degraded
The primary or secondary remote network or service connection node is down
Private Application is Unreachable or Degraded
The primary or secondary external or internal tunnel is down
Private Application is Unreachable or Degraded
Network reachability
Private Application is Unreachable or Degraded
Security policy configuration
Private Application is Unreachable or Degraded
Degraded performance