Prisma Access
Panorama
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Panorama
Panorama
After you have configured Explicit Proxy for
mobile users, monitor the status and troubleshoot any issues by
checking the status of your
Prisma Access
Explicit Proxy deployment.- Selectto see Explicit Proxy status.PanoramaCloud ServicesStatusStatusThe mobile usersStatusandConfig Statusfields indicate whether the connection betweenPrisma Accessand your mobile users isOK, unable to fetch the status on the tunnel (Warning), or that the mobile users cannot connect to Explicit Proxy (Error).Click the hyperlink next toCurrent UsersandUsers (Last 90 days)to get more information about mobile users.
- Current Users—The current number of authenticated users who have browsed traffic in the last five minutes.
- Users (Last 90 days)—The number of unique authenticated Explicit Proxy users for the last 90 days.
- Selectto display a map showing the deployed Explicit Proxy locations.PanoramaCloud ServicesStatusMonitorMobile Users—Explicit Proxy
- Selectto view the following details:PanoramaCloud ServicesStatusNetwork DetailsMobile Users—Explicit Proxy
- Explicit Proxy URL—The URL used for Explicit Proxy.
- ACS FQDN—The FQDN of the ACS.
- SAML Meta Data—The authentication profile metadata used by SAML. You canExport SAML Metadatato save the metadata file.
- To troubleshoot authentication-related issues, check the traffic logs () and authentication logs (MonitorLogsTraffic). Explicit Proxy displays the following IP addresses and locations in the logs:MonitorLogsAuthentication
- IP Addresses—If mobile users bypass the ACS FQDN in the PAC file, the IP address displayed in theSourcecolumn in the Traffic logs and the Traffic logs and theIP Addresscolumn in the Authentication logs, when viewed under theExplicit_Proxy_Device_Group, will be same as the mobile user’s IP address. If users do not bypass the ACS FQDN in the PAC file, the source IP address is the public IP address of the Explicit Proxy cloud firewall where redirects are going to ACS.
- Locations—If mobile users bypass the ACS FQDN in the PAC file, the Region Name displayed in theRegionColumn inAuthentication Logs,Current Users, andUsers (Last 90 days)is one of the five 5 regions (us-west-2, us-east-1, eu-west-2, eu-west-3, ap-south-1) where the ACS is deployed, and shows the region where Explicit Proxy is performing the redirects from the client’s browser. If users do not bypass the ACS FQDN in the PAC file, the Region Name displayed in theRegionColumn inAuthentication Logs,Current Users, andUsers (Last 90 days)is one of the five 5 regions (us-west-2, us-east-1, eu-west-2, eu-west-3, ap-south-1) where the ACS is deployed, and shows the region where Explicit Proxy is performing the redirects from the Explicit Proxy firewall.