Focus

Prisma Access

Manage Secure Agentless Access Connections

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Select a Document
- 6.1 Preferred and Innovation
- 6.0 Preferred and Innovation
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
Activation & Onboarding
Administration
Select a Document
- 4.0 & Later
- Prisma Access China
Integrations
Incidents & Alerts

Configure Split Tunneling for Secure Agentless Access Traffic

Use Secure Agentless Access

Manage Secure Agentless Access Connections

Learn how to manage active Secure Agentless Access connections, such as viewing connection information or terminating a connection.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama or Strata Cloud Manager)	Prisma Access 5.2.1 Minimum Prisma Access dataplane version: 11.2.4 Prisma Access license with a Mobile User subscription Secure Agentless Access add-on license

You can manage active Secure Agentless Access (SAA) connections, such as viewing user and app connection information or terminating a connection.

To manage active SAA connections, go to ConfigurationSecure Agentless AccessActive Connections.

You can perform the following tasks:

Browse SAA connection information, such as:
- User Name—The username of the SAA user who is connected to the SAA portal
- Name—The name of the app that the user is accessing
- App Type—The type of app that’s being accessed (RDP, SSH, or VNC)
- FQDN/IP Address—The FQDN or IP address of the app that’s being accessed
- Source IP—The IP address of the user's device
- Device Type—The operating system running on the user's device
- Browser/Version—The type of browser and browser version that’s being used
- Start Time—The time when the SAA connection began
- Last Active—Whether the connection is still active by showing when the user last interacted with the app
You can arrange how the columns appear in the active connections table by selecting the Settings icon.
Refresh the connection information.
Remotely terminate a SAA connection by selecting one or more active connections from the table and clicking Disconnect.

You can also view logs that SAA automatically generates and the authentication logs in Cloud Identity Engine.

Monitor Secure Agentless Access Logs

SAA automatically generates logs and sends them to the Strata Logging Service, which provides an audit trail for SAA system and network events. The events will appear in the Log Viewer a few minutes after an event occurs.

To view the audit logs for SAA:
1. From Strata Cloud Manager, select Log Viewer.
2. Select Common/Audit and filter on Log Source = 'Secure Agentless Access'.
To view the event logs for SAA:
1. Select Incidents and AlertsLog Viewer.
2. Select Endpoint/Events and filter on Log Source = 'Secure Agentless Access' AND Classification = 'User connected to app'.

Monitor Secure Agentless Access Authentication

You can monitor the SAA users who authenticated with their IdP by viewing the Cloud Identity Engine authentication logs.

Navigate to Cloud Identity Engine from your Prisma Access tenant.
Select Authentication Logs.

Configure Split Tunneling for Secure Agentless Access Traffic

Use Secure Agentless Access

Prisma Access Docs

Manage Secure Agentless Access Connections

Prisma Access Docs

Manage Secure Agentless Access Connections

Monitor Secure Agentless Access Logs

Monitor Secure Agentless Access Authentication

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Best Practices

Experts Corner