Prisma Access
Monitor and Troubleshoot Explicit Proxy
Table of Contents
Monitor and Troubleshoot Explicit Proxy
Monitor and troubleshoot your
Prisma Access
Explicit
Proxy deployment.Where Can I Use
This? | What Do I Need? |
|---|---|
|
|
Learn how to monitor and troubleshoot your
Prisma Access
Explicit
Proxy deployment.Cloud Management
Cloud Management
Monitor
Prisma Access
Explicit Proxy deployment details to help you troubleshoot any
issue.- Click to view data related to mobile users. TheMobile Userspage is specific to the connect method you’re using.
- If you're using Strata Cloud Manager, click and selectExplicit Proxyconnected method.
- In Strata Cloud Manager, select and select the connection method asExplicit Proxyto view Mobile Users that connect toPrisma Accesssecurity services through Explicit Proxy on a web browser on their devices.
- Select to see an overview of the health of all yourPrisma Accesslocations for mobile users.
- Check the traffic logs (Incidents & Alerts > Log Viewerand select the log typeTraffic) and authentication logs (Incidents & Alerts > Log Viewerand select the log typeAuthentication) to troubleshoot authentication-related issues.
Panorama
Panorama
After you have configured Explicit Proxy for
mobile users, monitor the status and troubleshoot any issues by
checking the status of your
Prisma Access
Explicit Proxy deployment.- Select to see Explicit Proxy status.
The mobile usersStatusandConfig Statusfields indicate whether the connection betweenPrisma Accessand your mobile users isOK, unable to fetch the status on the tunnel (Warning), or that the mobile users cannot connect to Explicit Proxy (Error).Click the hyperlink next toCurrent UsersandUsers (Last 90 days)to get more information about mobile users.- Current Users—The current number of authenticated users who have browsed traffic in the last five minutes.
- Users (Last 90 days)—The number of unique authenticated Explicit Proxy users for the last 90 days.
- Select to display a map showing the deployed Explicit Proxy locations.
- Select to view the following details:
- Explicit Proxy URL—The URL used for Explicit Proxy.
- ACS FQDN—The FQDN of the ACS.
- SAML Meta Data—The authentication profile metadata used by SAML. You canExport SAML Metadatato save the metadata file.
- To troubleshoot authentication-related issues, check the traffic logs () and authentication logs (). Explicit Proxy displays the following IP addresses and locations in the logs:
- IP Addresses—If mobile users bypass the ACS FQDN in the PAC file, the IP address displayed in theSourcecolumn in the Traffic logs and the Traffic logs and theIP Addresscolumn in the Authentication logs, when viewed under theExplicit_Proxy_Device_Group, will be same as the mobile user’s IP address. If users do not bypass the ACS FQDN in the PAC file, the source IP address is the public IP address of the Explicit Proxy cloud firewall where redirects are going to ACS.
- Locations—If mobile users bypass the ACS FQDN in the PAC file, the Region Name displayed in theRegionColumn inAuthentication Logs,Current Users, andUsers (Last 90 days)is one of the five 5 regions (us-west-2, us-east-1, eu-west-2, eu-west-3, ap-south-1) where the ACS is deployed, and shows the region where Explicit Proxy is performing the redirects from the client’s browser. If users do not bypass the ACS FQDN in the PAC file, the Region Name displayed in theRegionColumn inAuthentication Logs,Current Users, andUsers (Last 90 days)is one of the five 5 regions (us-west-2, us-east-1, eu-west-2, eu-west-3, ap-south-1) where the ACS is deployed, and shows the region where Explicit Proxy is performing the redirects from the Explicit Proxy firewall.