Focus

Prisma Access

ZTNA Connector Logs

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Monitor ZTNA Connector

Prisma Access Colo-Connect

View ZTNA Connector Logs

View ZTNA Connector logs in Prisma Access.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama)	Prisma Access 4.0 `Prisma Access` 5.0 supports wildcards and IP subnet-based app targets. Prisma Access 5.0.1 supports associating multiple connector groups with FQDN Targets and Wildcard Targets and introduces proximity-based application routing. ZTNA Connector add-on license The Business license with the add-on license includes eight ZTNA Connectors, 100 FQDN, and four IP subnet functionality. The Business Premium license with the add-on license includes 40 ZTNA Connectors, 300 FQDN, and unlimited IP subnet functionality. The Advanced license with the add-on license has unlimited ZTNA Connectors, FQDN, and IP subnet functionality. If you don't purchase the ZTNA Connector add-on license, Prisma Access licenses include 20 apps, two connectors, and four IP subnets. This functionality is provided for the purpose of trying out ZTNA Connectors in your environment.

Where Can I Use This?

What Do I Need?

Prisma Access (Managed by Strata Cloud Manager)

Prisma Access (Managed by Panorama)

Prisma Access

4.0

Prisma Access 5.0 supports wildcards and IP subnet-based app targets.

Prisma Access

5.0.1 supports associating multiple connector groups with FQDN Targets and Wildcard Targets and introduces proximity-based application routing.

ZTNA Connector add-on license

The Business license with the add-on license includes eight ZTNA Connectors, 100 FQDN, and four IP subnet functionality.

The Business Premium license with the add-on license includes 40 ZTNA Connectors, 300 FQDN, and unlimited IP subnet functionality.

The Advanced license with the add-on license has unlimited ZTNA Connectors, FQDN, and IP subnet functionality.

If you don't purchase the ZTNA Connector add-on license,

Prisma Access

licenses include 20 apps, two connectors, and four IP subnets. This functionality is provided for the purpose of trying out ZTNA Connectors in your environment.

All ZTNA Connector traffic is logged to the Cortex Data Lake. To store Prisma Access logs in Cortex Data Lake, you must estimate and purchase the appropriate amount of log storage in Cortex Data Lake. We recommend that you increase the percentage of your total Cortex Data Lake capacity storage by 10% to store ZTNA Connector logs.

Make sure that you’ve configured a Log Forwarding profile that forwards the desired log types to Cortex Data Lake. Cortex Data Lake will send an email notification to purchase more storage when the log storage quota reaches 90%. If you don’t purchase more storage, the older logs will be purged.

Regardless of the management interface you’re using for Prisma Access—Panorama or Cloud Management—you can view your logs in Prisma Access (Managed by Strata Cloud Manager) under

Activity

Logs

Log Viewer

If you're using Strata Cloud Manager, go to

Incidents & Alerts

Log Viewer

ZTNA Connector provides the following Network logs.

Audit Logs
- are available through the Prisma SASE Platform and provide records of administrators' configuration changes in the ZTNA Connector. You can use these logs for the compliance and troubleshooting purpose.

You might filter the audit logs by time range, site, device, and type. The Audit logs provide the following details:

Number of attempted logins to an enterprise portal by a specific user from a particular IP address.

Whether an application or application Connector is onboarded or deleted.

When a Connector upgrade is scheduled.

View of all system changes and access attempted.

ZTNA Connector Audit logs aren’t available in the Prisma Access web interface. To view Audit logs, you must open a Support case with Palo Alto Networks Technical Support.

Traffic logs
- display an entry for the start and end of each session. Each entry includes the date and time, source and destination zones, addresses and ports, application name, security rule name applied to the flow, rule action (allow, deny, or drop), ingress and egress interface, number of bytes, and session end reason.

The Type column indicates whether the entry is for the start or end of the session.

The Action column indicates whether the firewall allowed, denied, or dropped the session.

A drop indicates the security rule that blocked the traffic specified any application, while a deny indicates the rule identified a specific application.

If the firewall drops traffic before identifying the application, such as when a rule drops all traffic for a specific service, the Application column displays not-applicable.

The App-ID for a ZTNA Connector is the custom App-ID.

If the traffic hits the Mobile User Gateway,

Destination Address

column displays the RFC 6598 IP address.

Config logs
- display entries for changes to the ZTNA Connector configuration. Each entry includes the date and time, the administrator's username, the IP address from where the administrator made a change, the type of client, the type of command executed, the command status (succeeded or failed), the configuration path, and the values before and after the change.

Cloud Management

Panorama

Cloud Management

View ZTNA Connector logs in Cloud Management.

Use the following workflow to view ZTNA Connector logs in Cloud Managed Prisma Access.

Select

Activity

Logs

Log Viewer

If you're using Strata Cloud Manager, go to

Incidents & Alerts

Log Viewer

Select the type of log you want to view: Audit, Traffic, and Config logs.

Select a time range for which you want to view logs.

Provide this query string to narrow down the list of ZTNA Connector logs:

log_source_name = 'PA_CONN'

The logs include the following details:

Timestamp

Connector Name

Original source IP address of the client

Original source port of the client

Translated IP address of the Connector

Translated port of the Connector

Translated destination IP address

Translated destination port

Panorama

View ZTNA Connector logs in Panorama Managed interface.

Use the following workflow to view ZTNA Connector logs in Prisma Access (Managed by Panorama) Access.

Select

Monitor

Logs

Select a log type from the list:

Audit

Traffic

, and

Config

logs.

Click the arrow to the right of any column header, and select

Columns

Select columns to display from the list. The log updates automatically to match your selections.

Click the

spyglass

icon for a specific log entry. The

Detailed Log View

has more information about the source and destination of the session, as well as a list of sessions related to the log entry.

Monitor ZTNA Connector

Prisma Access Colo-Connect

Prisma Access Docs

ZTNA Connector Logs

Prisma Access Docs

View ZTNA Connector Logs

Cloud Management

Panorama

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner