: Manage GlobalProtect Mobile Users
Focus
Focus

Manage GlobalProtect Mobile Users

Table of Contents

Manage GlobalProtect Mobile Users

You can use the Mobile Users - GlobalProtect tab to manage and view data related to your mobile users that connect to
Prisma Access
through the GlobalProtect agent.
You can use the
Mobile Users - GlobalProtect
tab to manage and view data related to your mobile users that connect to
Prisma Access
security services through the GlobalProtect agent on their devices.

View the Health of Your GlobalProtect Mobile Users

The
Monitoring Summary
tab gives you an overview of the health status of GlobalProtect Mobile Users logged into
Prisma Access
.

Current Users

Current
displays the number of users connected to
Prisma Access
at the time the data was fetched or as indicated in the timestamp. A mobile user that connects to
Prisma Access
at least once in the past 90 days consumes an mobile user license. A mobile user license consumption considers only the unique username of the mobile user and not all of the devices that one user might have used to connect to
Prisma Access
.
Select
Connected Users
to open the
Current Connected Users
window.
Select any
User
to open the User Details Page and view that user’s statistics, including devices connected through
Prisma Access
locations, the user’s location, source IP address, device OS, GlobalProtect version on their device, and other details, and a table of all login events that occurred in the time interval selected on every device that the user has connected to
Prisma Access
.

Mobile User License Consumption

GlobalProtect License Consumption
shows the total number of licenses consumed by unique mobile users that were connected to
Prisma Access
in the last 90 days, because licenses are based on the past 90 days of
Prisma Access
login data. A user who has logged in to
Prisma Access
at least once in the past 90 days contributes toward consumption of one Mobile User license.
When you hover over the line chart, you’ll see the time stamp corresponding to the x-axis day reference with its license consumption figure, total licenses purchased for mobile users, license utilization as a percentage of the total licenses purchased, and the 90-day license computation time period used for determining the license consumption at the day referenced on the x-axis.
You can view the mobile user license consumption trend, which is shown for the past 30 days regardless of the time filter you selected on the Monitoring Summary page. Hover over the line chart to display information on day referenced in the x-axis. Select the
View Users
button to open the
Mobile Users License Consumption
page and view data on users connected in the last 90 days. You can view the users list or export it in CSV format.
Panorama Managed Prisma Access
normalizes usernames to a single format to prevent the same mobile usernames (appearing in different formats) from being counted multiple times.
For example, when users connect to a gateway,
Panorama Managed Prisma Access
can receive instances of the same username from the gateway in various formats, such as:
  • jane.doe@domain.com
  • domain\jane.doe
  • (null)\jane.doe@domain.com
  • jane.doe
Before normalization, these instances of the same username are counted as individual users, causing the mobile user counts to be inflated incorrectly.
After normalization, all usernames will be in the
user.name@domain.com
format, and the mobile user counts will accurately reflect the number of users who have connected to
Panorama Managed Prisma Access
within the last 90 days. If the username is already in the
user.name@domain.com
format, the username is not normalized.

Top 5 Open Alerts by Severity

By default, only the nodes with the top five most severe alerts during the
Time Range
selected appear. The vertical lines represent the severity of the alerts. Drilling down into an alert gives you more context of the underlying issue. These alerts cannot be cleared manually. They can be cleared only by resolving the underlying issue.
View All Mobile User Alerts
link takes you to the
Alerts
page, where you can filter the data displayed by
Status
and
Use Case
.
When you drill down into an alert, the
Alert Details
page opens. This page displays the status and description of the alert along with other information, such as the Alert Generation Timestamp, alert status as to whether the alert is open, the alert type,
Prisma Access
location from where the alert was generated, and the name of the tenant that was affected. Select the name of the tenant to open the
Prisma Access
Location page for the tenant, which shows you the detailed tenant status.

Top 5 Most Active
Prisma Access
Locations

Use this bar graph to view the most active
Prisma Access
locations based on the number of connected users at that time. It shows you the top five sites based on users connected to a particular
Prisma Access
location. Hover over a bar to see the details of the number of Mobile Users that were logged in by region in the specified
Time Range
.

GlobalProtect Version Distribution

GlobalProtect Version Distribution
shows the GlobalProtect versions that your users’ devices are using to connect to
Prisma Access
. The data displayed can be used to enforce compliance with the latest GlobalProtect app version. Select a GlobalProtect version in the trend chart to open the Mobile User List Page, where you can view connected users who have at least one device with the selected GlobalProtect version connected to
Prisma Access
.

Current IP Pools Utilization

Use the real-time bar graph to see IP pool utilization by different IP pool allocation theaters based on the number of connected users at that time. The IP pool utilization percentage on the bar graph is the number of IP pool blocks used out of all the IP pool blocks that are available across all the subnets. You can take proactive actions by adding subnets when you see an IP pool bar approaching the maximum capacity for any region.

GlobalProtect Distribution Trend

GlobalProtect Version Distribution
provides the trend data shown here. Note that data on some of the less-used GlobalProtect versions may not appear on this trend chart.

Map View of Mobile Users Connected to
Prisma Access

The
Map View
tab shows all the mobile users connected to
Prisma Access
locations on a map. You can clarify information using
Prisma Access
Location
or
Mobile User
in the filter icon.
Prisma Access
Location
allows you to select the locations you want to view, and
User
allows you to select any user to view details on their location and devices.
The inverted triangles on the map are color-coded to indicate
Prisma Access
location status:
  • Green: If any one instance is up, the MU location is connected, or up.
  • Red: If all instances are
    Down
    , the MU connection is disconnected, or down
  • Gray: If instance states are a mixture of disconnected and unknown, the MU location is unknown.
Use the
Real Time
option on the time selector to see users who are currently connected to
Prisma Access
locations.
The default view for the map shows the states of all
Prisma Access
locations configured for the tenant. Slide the
Show all users
toggle at the top of the map view to see users or clusters of users who were connected to
Prisma Access
in the selected time interval, along with the
Prisma Access
locations. Select a
Prisma Access
location to show only the users who were connected to that particular
Prisma Access
location with at least one device.
Select a cluster to see details about users in that area. When you select a user in that cluster, a side panel with login trend data about this user opens.
Use the
Map View
Time Range
selector to view users connected to
Prisma Access
at time intervals other than
Real Time
, such as
Last 24 hours
. Hover on a location in the map to see the name of the location and the number of users connected to that location in the selected time interval. Note that time range selections other than
Real Time
could show a user connected from the same device to different
Prisma Access
locations at different times during the interval, while in real time, a user would be connected to a single
Prisma Access
location with one device.
To see all users connected to a specific
Prisma Access
location, select the location icon on the map. A flight path appears from the
Prisma Access
location you selected to all users who are connected to this location.
Select any cluster of users connected to your location, and zoom in to view details about users within each cluster. Select any user to see data about the devices this user employed to connect to this location, as well as other devices that the user may have used to connect to other
Prisma Access
locations. You can slide the
Show All Users
toggle to see all connected users on the Mobile User map.
Select a flight path to see details about the connected users. The flight path shown (see the red circle in the following image) has six users, and a side panel opens to show information about them. Select any one of these users to see their information, such as device ID, IP address, last user location, and last login time.

Monitor Connected Mobile Users

The
Mobile Users List
tab provides data on your users connected during the
Time Range
selected. The Devices of Connected Users page corresponds with the
Mobile Users List
page, providing details about your users’ connected devices.

Connected Users

The
(Number of) Connected Users
trend chart displays the count of mobile users who were connected to
Prisma Access
during the time interval selected on the page time selector. The y-axis value at any point along the trend line indicates the exact number of users corresponding to the x-axis time indicator.

All Connected Mobile Users

The
(Number of) Connected Users
table following the chart displays all the users who were connected to
Prisma Access
within the specified
Time Range
selected, which is 30 days in the following example.
To view data about users connected at a specific time, select a point in the
Connected Users
trend chart. The
Connected Users
table filters on the data point that you select. The table shows the users who are connected at that time, along with the number of devices they have connected to
Prisma Access
, the last location from where the user was recorded connecting to
Prisma Access
, and the last
Prisma Access
location where the user was connected with any device. Because this image shows a
Time Range
selected of
Last 30 Days
, the specific point you selected shows the users connected during a 3-hour interval between 04 Sep. 2022 1:22:34pm through 04 Sep. 2022 4:22:33pm.

User Details Page

From the
Connected Users
table, select a connected
User
to open the
User Details
page to view information about that unique user. The
Devices of Connected User
chart shows the
Prisma Access
locations used and how many times the user connected to each location, from any of their devices. Breaks in the instances mean there were no devices connected at that time.
The
(Number of) Devices
table shows details about each device connected to
Prisma Access
using GlobalProtect. The
(Number of) User Login/Logout Events (All Devices)
table shows the unique login events that occurred from all devices belonging to the user with the associated session statistics in the selected time interval.
View an example of the
User Details
page below:
Select a connected user’s
Last
Prisma Access
Location Used
to go to the
Prisma Access
page and view details about the user’s
Prisma Access
locations.

View Data About All Connected Users’ Devices

The
User Details Page
shows the data of all connected devices during the
Time Range
selected. The Mobile Users List page corresponds with the Devices of Connected Users page, providing details about your users rather than the users’ connected devices.

Devices of Connected Users

Devices of Connected Users
shows all mobile devices that were connected to
Prisma Access
during the time interval selected on the page time selector. The trend line shows the connectivity in terms of device count as connected to
Prisma Access
at various times corresponding to the x-axis time indicators.

Devices

The
(Number of) Devices
table displays all the devices connected to
Prisma Access
within the specified
Time Range
selected, which is 30 days in the following example. You can see in the
Devices
table that each device has its own row of data, regardless of its user.
To view data about devices connected at a specific time, select a point in the
Devices of Connected Users
trend chart. The
Total Devices
table filters on the data point that you select. Because this image shows a selected
Time Range
of
Last 30 Days
, the specific point you selected shows the devices connected during a 3-hour interval between 12 Sep. 2022 6:37:02pm through 12 Sep. 2022 9:37:01pm.
Select a specific user to view the User Details Page page.
Select a device’s user’s
Last
Prisma Access
Location Used
to go to the Prisma Access Locations page and view details about the user’s
Prisma Access
locations.

Recommended For You