Prisma Access
Cloud Management
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Traffic Replication in Prisma Access (Strata Cloud Manager)
Prisma Access
(Strata Cloud Manager
)Learn how to replicate
Prisma Access
traffic in Prisma Access (Managed by Strata Cloud Manager)
. To configure traffic replication in and access the PCAP files, complete the following
steps.
- Onboard and configure Mobile Users—GlobalProtect for the locations where you want to enable Traffic Replication andCommit and Pushyour changes.You must have the Mobile Users—GlobalProtect locations enabled before enabling traffic replication for those locations.
- (Optional) Apply SSL decryption on the packet captures.
- Go toPrisma Access (Managed by Strata Cloud Manager)and selectand click the gear to edit thePrisma AccessSetupPrisma AccessTraffic ReplicationSettings.
- EnablePacket captures after applying SSL decryption rulesto apply your already-configured SSL decryption policies on the PCAP files.Only traffic that matches with the inline SSL decryption policy will be decrypted.If you select this option, the PCAP files will use the same decryption rules that you have specified in your deployment. If you deselect this option, no decryption will be performed on the PCAP files, regardless of the decryption rules you have configured.
- ForTraffic Replication encryption certificate, select any certificate you have added in thepage orObjectsCertificate ManagementCertificatesCustom CertificatesGenerateImportthe certificate to use for SSL decryption.The certificate consists of a public and private key. Upload the public key inPrisma Access; you keep the private key and use it for decryption when you download the zipped PCAP files from the storage bucket. In this way, you guarantee that only your organization can access the storage bucket where the PCAP files are stored.
- Configure the GCP service account you created in Step 1.Traffic replication is supported only for GCP accounts. This service account is used to share read-only access to the storage buckets where the PCAP files are stored in the locations where you have enabled traffic replication. You create these service accounts in your GCP account using normal GCP service account creation procedures. It is your responsibility to control what users have access to these service accounts. Any users who have both access to the PCAP files and access to the private key would have access to the PCAP files.
- In theAccess Managementarea,Add Accountdetails to share read-only access to the storage buckets where the PCAP files are stored.
- Enter the following parameters:
- Give the account a uniqueAccount Name.
- SpecifyGCPas theTypefor the account.
- Specify theAccountinformation from the GCP service account you created.
- Enter aMember/Username for the GCP service account.
- Configure traffic replication for one or more Mobile User locations.
- In theTraffic Replicationarea, select the locations where you want to enable traffic replication, then selectMobile Users.You select theCompute Locationthat is associated with. Traffic replication is enabled for all Mobile Users clients connected to the selected locations.Prisma AccessLocations
- Savethe configuration.
- Commit and push your changes.
- Select.ManageOperationPush Config
- SelectMobile Users Containerin thePush Scope, thenPush ConfigandPushyour changes.
- Review the push targets andPush.
- Check the status of traffic replication by going to.Prisma AccessSetupPrisma AccessTraffic Replication
- Download the PCAP files.Use theCloud Storage Linksto access the PCAP files in your GCP storage buckets.
- These storage buckets support the same regular operations, commands, and queries as any other GCP storage buckets.
- You can download PCAP data for up to 72 hours. After 72 hours, the files are permanently deleted.
- Files are encrypted using your public key.
- Maximum file size is 200 MB or 5 minutes of packet capture, whichever is smaller.
- List the files in your service by entering entergsutil ls gs://, where<storage_bucket_link>/<storage_bucket_link>is the storage link in your GCP service account where the files are stored.
- Download the files from your service account by entering the entergsutil cp gs://, where:<storage_bucket_link>/<file_name><destination folder>
- <storage_bucket_link>is the storage link in your GCP service account where the files are stored.
- <file_name>is the name of the PCAP file.
- <destination folder>is the folder where you want the PCAP file to be downloaded.
- Unzip the downloaded files.
- Decrypt the downloaded files.