Focus

Prisma Access

Use Serviceability Commands for Troubleshooting (Strata Cloud Manager)

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Use Serviceability Commands for Troubleshooting (Strata Cloud Manager)

Use Logging Status, Routing Information, and EDL Info and Status to retrieve troubleshooting information.

To retrieve serviceability information for a Prisma Access (Managed by Strata Cloud Manager) deployment, complete these steps.

Navigate to the serviceability commands.
- For service connections, go to ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessService Connections.
- For remote networks, go to ConfigurationNGFW and Prisma AccessConfiguration ScopePrisma AccessRemote Networks.
View the info in the Serviceability Commands area.
- Routing Information—Provides you with routing information for service connections or remote networks. To view service connection information, select the service connection or remote network name from the drop-down. Click Show to show the routing table for the service connection or remote network connection.
  The Routing Table shows the following information:
  - Destination—The IP address and subnet of networks that the virtual router can reach.
  - Nexthop—The IP address of the device at the next hop toward the Destination network. A next hop of 0.0.0.0 indicates the default route.
  - Metric/AD—The Metric for the route. When a routing protocol has more than one route to the same destination network, it prefers the route with the lowest metric value. Each routing protocol uses a different type of metric; for example, BGP uses the Multi Exit Discriminator (MED) Attribute. Prisma Access considers the metric when making routing decisions; for example, given the same route, Prisma Access prefers a static route with a lower metric over a BGP route with a higher metric.
  - Flags—The set of flags that are displayed for the route.
    A?B—Active and learned from BGP
    A C—Active and a result of an internal interface (connected) - Destination = network
    A H—Active and a result of an internal interface (connected) - Destination = Host only
    A R—Active and learned from RIP
    A S—Active and static
    O1—OSPF external type-1
    O2—OSPF external type-2
    Oi—OSPF intra-area
    Oo—OSPF inter-area
    S—Inactive (because this route has a higher metric) and static
- Service IP Address—Retrieves the Service IP Address for a remote network or service connection.
  The service endpoint address is the FQDN or IP address that you use as the peer IP address for your CPE when you set up the IPSec tunnel for your service connection or remote network connection.
- Clear Security Associations—Clears the security associations for a remote network or service connection.
  If you need to adjust the cryptographic profiles for an IPSec tunnel to resolve a mismatch, you can use this tool to clear the current IKE or IPSec security associations from both your CPE and Prisma Access, and then renegotiate the tunnel.
(Optional) To export the results of the troubleshooting commands to a .csv file, select Export to CSV after running the command.

Prisma Access Docs

Use Serviceability Commands for Troubleshooting (Strata Cloud Manager)

Prisma Access Docs

Use Serviceability Commands for Troubleshooting (Strata Cloud Manager)

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner