About Access Analyzer
Table of Contents
Expand all | Collapse all
- Products That Use Autonomous DEM
- View App Acceleration Metrics with AI-Powered ADEM
- ADEM Data Collection and Agent Processes
About Access Analyzer
Learn about the Access Analyzer, which provides automatic monitoring of your SASE
environment.
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The Access Analyzer provides automatic monitoring of your SASE environment. It offers a
natural-language query interface for contextual troubleshooting and what-if analysis to
analyze access and connectivity issues in your SASE environment. You can run
natural-language queries to check connectivity between:
- User to SaaS application
- User to private application hosted on premises or on a remote branch office
- User to remote site
- Site to network
- Site to site
The Access Analyzer uses
Prisma Access
topology, firewall configuration, Security
policy, firewall network operational state (for routing, FIB, and so on), and other
relevant firewall and authentication logs collected by the AIOps platform to provide a
comprehensive connectivity analysis. The Application Analyzer checks for problems
with:- User authentication
- Access topology
- Network services, such as DNS and authentication servers
- Prisma Accessnodes, such as mobile user gateways, portals, remote networks, and service connections
- Network connectivity
- Security policy analysis
- Logs from relevant sources, such asPrisma Accessnodes, GlobalProtect logs, and Traffic logs
- Known incidents that are affecting connectivity
The Access Analyzer provides an analysis of issues in your environment and an actionable
summary. You will be able to view information about various issues, as described
below.
Issue Type | Description of Issue |
|---|---|
Infrastructure Issues | |
Remote network (RN), Mobile User (MU), Gateway (GW), Service
Connection (SC) | Primary or secondary node is down |
RN, MU, GW, SC | Primary or secondary tunnel is down |
RN, MU, GW, SC | Degraded performance, such as latency and packet drops |
RN, MU, GW, SC | Network reachability |
MU Portal | MU portal is down |
MU Portal | MU portal is unreachable |
Customer Network Service Issues | |
DNS, Authentication (such as Radius) Server Issue | Network reachability |
DNS, Authentication (such as Radius) Server Issue | Degraded performance |
DNS, Authentication (such as Radius) Server Issue | Security policy configuration |
Identity SaaS Service Issues (such as Hosted Active Directory [AD],
MFA) | Network reachability |
Identity SaaS Service Issues (such as Hosted AD, MFA) | Degraded performance |
Identity SaaS Service Issues (such as Hosted AD, MFA) | Security policy configuration |
Client Connectivity Issues | |
GlobalProtect Client | Client version mismatch |
GlobalProtect Client | The client's local network is down |
GlobalProtect Client | GlobalProtect client tunnel is down |
GlobalProtect Client | Explicit Proxy is unreachable |
GlobalProtect Client | GlobalProtect client authentication failure |
ISP | ISP outage |
ISP | ISP degraded service |
Authentication | Authentication server connectivity |
Authentication | Authentication configuration issue |
SaaS Applications Connectivity Issues | |
SaaS Application Unreachable or Degraded Service | Network reachability |
SaaS Application Unreachable or Degraded Service | Security policy configuration |
SaaS Application Unreachable or Degraded Service | Degraded performance |
Private Application Connectivity Issues | |
Private Application is Unreachable or Degraded | The primary or secondary remote network or service connection node is
down |
Private Application is Unreachable or Degraded | The primary or secondary external or internal tunnel is down |
Private Application is Unreachable or Degraded | Network reachability |
Private Application is Unreachable or Degraded | Security policy configuration |
Private Application is Unreachable or Degraded | Degraded performance |