Select MonitorBranch SitesPrisma Access to view the health and connectivity of your Remote Networks and the usage
of all your Remote Networks deployed in different Prisma Access locations. It shows
you the real-time connectivity status and bandwidth consumption details, along with
other deployment details. You can also view the health of the tunnels configured in your
Remote Networks.
See Prisma Access Remote Networks for information
about how to plan your remote networks, allocate remote network bandwidth, and onboard
remote networks. To view your branch sites, go to MonitorBranch SitesPrisma Access.
Sites by Status
View your Remote Networks Sites by Status. You can see how
many sites are Up, Down, Inactive, or Not Available, and
how many sites have a Warning during the selected Time
Range.
Bandwidth Consumption
Bandwidth Consumption shows the highest peak bandwidth
consumed at a compute region across all of the tenant's compute regions in the
aggregate bandwidth allocation model. The highest peak bandwidth consumed by a site
across all sites is shown for the per-site bandwidth allocation model. The peak
values are computed for the selected time filter duration.
Select View Consumption by Compute Region to view consumption
values and trend charts for all compute regions and their configured IPSec
termination nodes.
View Consumption by Compute Regions
Navigate to MonitorBranch SitesPrisma Access. When using the Aggregate Bandwidth Allocation model, select
View Consumption by Compute Regions in the
Bandwidth Consumption widget to see bandwidth
consumption and trends for your regions. The Compute
Regions page shows bandwidth consumption data during the
Time Range you select. You can view a table with your
Compute Regions' Average Bandwidth, Median
Bandwidth, and Peak Bandwidth.
The Bandwidth Consumption Trend by Compute Region graph
shows data about your Compute Region. Filter the data to refine the information
you want to view.
Cumulative (Ingress + Egress),
Ingress, Egress, or
Ingress vs. Egress.
Peak, Average, or
Median.
Log Scale or Linear
Scale.
Compute Region—Select one or more region to
view.
The IPSec Termination Node Utilization graph allows you to
view bandwidth consumption for the IPSec Termination Nodes configured at a
specific Compute Region. Filter the data to refine the information you want to
view:
Select the Compute Region for which you want to view data.
Select the specific Site of the Compute Region you want to see.
Choose Node Aggregate or Breakdown by
Sites to view the bandwidth consumption trend for the sites
that terminate at the selected IPSec Termination Node.
View Peak, Average, or
Median.
View Log Scale or Linear
Scale.
Bandwidth Consumption Trend
On the main Branch Sites page, you can view your
Bandwidth Consumption Trend Sites per Compute Region for
all Compute Regions when using the Aggregate Bandwidth Allocation model or
Bandwidth Consumption Trend per Branch Sites when using
the Per-Site Bandwidth Allocation Model. For the Aggregate
Bandwidth Allocation model, you can select a Compute Region and then select the
sites in that Compute Region whose bandwidth consumption trend is of interest.
Filter the data to refine the information you want to view, and you can hover over
the chart to view the sites' bandwidth consumption at that time:
The default view shows Cumulative (Ingress + Egress)
bandwidth consumption. Other options are Ingress,
Egress, or Ingress vs.
Egress.
View the Peak, Median, or
Average bandwidth consumption trend during the
selected time range. The default setting is Peak
bandwidth consumption.
Log Scale or Linear
Scale.
Compute Region—View Compute Regions with a breakdown
of sites terminating in the region when the tenant uses the Aggregate
Bandwidth Allocation model. For each Compute Region, select the sites
terminating in the Compute Region to view their bandwidth consumption
trend.
Branch Sites—Select a minimum of 1 site and a maximum
of 10 sites to view their trend lines on the graph during the selected time
range.
Prisma Access Sites
The Prisma Access Sites table lists your remote Prisma Access sites and information.
Site Name—The Prisma Access site's unique name.
Site Status—Up, Down, Warning, or
Unknown.
Site Type—Third Party.
Site Location—Prisma Access site location.
Site BGP Status—Whether the site BGP status is Up,
Down, or Unknown.
Tunnel Status—The number of the site's tunnels and how many of those
tunnels are up.
Tunnel BGP Status—The BGP status for each tunnel.
Prisma Access Location—This Prisma Access site's
location. Select a location to view its Prisma Access Locations details.
Service Status—This field indicates the status of the instance or
firewall to which the site is connected. The status can be
Up, Down, or
Unknown.
Compute Location—All Prisma Access locations are mapped
to a security processing compute location or region based on optimized
performance and latency. At least two (often more) Prisma Access locations that
are geographically near each other are grouped into a single compute location.
Aggregated Bandwidth Allocated—The allocated aggregated bandwidth for the
site during the time range selected. This column appears only if you used the
aggregate bandwidth model.
Peak Burst Bandwidth Consumed—The cumulative peak value obtained by
combining the ingress and egress values for this site during the selected time
range selected.
Avg Bandwidth Consumed—The cumulative average value obtained by combining
the ingress and egress values for this site during the selected time range.
Disconnections—How many disconnections occurred at this site during the
selected time range.
Disconnections Duration—The total amount of time, in seconds, the site
was disconnected during the selected time range.
High-Performance Branch Site Visibility
High-performance branches (RN-HP) have different attributes than the legacy
branches, and both will coexist in your tenant. High-performance branch sites in
Prisma Access have the following benefits:
The architecture addresses capacity efficiencies by separating network
processing functions from security processing functions. An ION device
with large packet-processing ability terminates multiple branch
connections with up to 5-Gbps capacity and distributes the security
processing to SPNs.
You can use a single IP or FQDN to terminate multiple branches in the region
to a single network processing node (NPN).
You no longer have to monitor and manage the termination of branch sites to
IPSec termination nodes. Suitable SPNs carry out branch traffic inspection,
and the NPN performs load balancing.
You can attain true high availability by being able to specify different
regions for redundancy.
You can view both high-performance and legacy branches in your environment. In
Strata Cloud Manager, go to MonitorBranch SitesPrisma Access, and from the Prisma Access Sites table,
select a branch site.
Prisma Access Site Details
Select any Prisma Access Site Name to view its
Site Status, where you can see its
Connectivity and BGP
Status (Up,
Down, Inactive, or
Not Available).
You can view Cumulative (Ingress + Egress) information
in the Bandwidth Consumption Trend chart.
You can filter the information in the chart by
Ingress, Egress,
Ingress Vs. Egress, or the default
Cumulative (Ingress + Egress).
View the chart data by Peak,
Average, or Median
consumption for the branch site.
Route Table Visibility
To help you address reachability challenges, we offer visibility into the route
table at each remote network site. You can perform a route table search for a
destination IP address to determine whether there is a route available to reach
the desired destination. With this information, you can investigate other
potential causes of failure. This knowledge allows you to focus your efforts on
resolving any issues that might be affecting reachability.
Select View Routing Table to see this branch's
Routing Table, which has IP routes for destinations
available at the branch from Prisma Access.
Use the search bar to select the destination or look up the route.
Use the drop-down to filter by Flag.
The routing table shows:
#—Route number.
Destination—IP address and subnet of the
reachable network.
Next Hop—IP address of gateway at the next hop
toward the destination network. A next hop of 0.0.0.0 indicates the
default route.
Metric—Metric for the route determined by the
routing protocol.
Flag—Information for this route, as follows:
A B—Active and learned from BGP.
A C—Active and connected.
Destination—network.
A H—Active and connected.
Destination—host only.
A R—Active and learned from RIP.
O1—OSPF external type-1.
O2—OSPF external type-2.
Oi—OSPF intra-area.
Oo—OSPF interarea.
S—Inactive and static.
A S—Active and static.
View this branch's Bandwidth Consumption Trend for the
last 30 days.
Baseline computation requires you to have the ADEM-AIOps
license.
Tunnels
See how many tunnels there are for this site, and view each tunnel's details. To
download tunnels data, select the Download icon.
Tunnel Name—The tunnel's unique name.
Prisma Access Location—The Prisma Access location for this remote
network.
Tunnel Status—Up,
Down, Init, or
Unavailable.
Tunnel BGP Status—Up,
Down, or Unknown.
Tunnel Monitoring—If you have enabled Tunnel
Monitoring, this column shows whether it's
Up or Down. If you
haven't enabled it, this column shows Not
Configured.
Average Throughput—The average bandwidth for the tunnel for the
selected time range.
Peak Throughput—The peak bandwidth for the tunnel for the
selected time range.
Source IP Address—The source IP address.
Destination Endpoint Address—IP or FQDN address for Prisma Access
to determine whether the tunnel is up.
Disconnections—Number of disconnections during the selected time
range.
Disconnections Duration—How long, in seconds, the tunnel is
disconnected during the selected time range.
Select a Tunnel Name to see its Tunnel Status,
Bandwidth Consumption Trend, and other tunnel
details.
Tunnel Trends
With Tunnel Monitoring enabled, you can select a
number of tunnels and view their median Round-Trip
Time. If you don’t specify a set of tunnels, by default the
median RTT is computed for the 10 tunnels with the highest observed RTT.
Aggregated Tunnel Connectivity shows you the total
number of connected tunnels for the selected time range. Hover over either
graph to see the number of connections at a specific time.
Commits Pushed shows how many commits were pushed
during the selected Time Range and when the
Last Push Commit occurred.
Site Status
Site Status shows site availability during the time range
selected. Green means the site was up during this time, red means
the site was down, and gray means no data was available during the time
shown.
