Strata Cloud Manager Getting Started
  • Strata Cloud Manager Getting Started
  • Strata Cloud Manager Documentation
  • All Documentation
>
ZTNA Connectors
Focus
Download PDF
Focus
  1. Home
  2. Strata Cloud Manager
  3. Strata Cloud Manager Getting Started
  4. Monitor: Strata Cloud Manager
  5. Monitor: Data Centers
  6. ZTNA Connectors
Download PDF
Strata Cloud Manager

ZTNA Connectors

Table of Contents

ZTNA Connectors

View and monitor ZTNA Connectors to see the status and performance of your ZTNA connectors and connector groups.
The Zero Trust Network Access (ZTNA) Connector simplifies private application access for all your applications. The ZTNA Connector VM in your environment automatically forms tunnels between your private applications and Prisma Access. View a summary of all configured ZTNA connectors, including the Application Targets associated with the connector, its average and median bandwidth, and the Status (Up, Partially Up, or Down). Select MonitorData CentersZTNA Connectors in Strata Cloud Manager to see how your ZTNA connectors and connector groups are performing.

ZTNA Connector Groups Status

The Connectors in each group determine a Connector Group's Status.
  • If all Connectors in a Connector Group are up, the Status is Up (green).
  • If all the Connectors are down, the status is Down (red).
  • If some Connectors are up and some are down, the Status is Partially Up (orange).
  • Disabled Connectors appear as gray.

ZTNA Connectors Status

View a summary of all configured Connectors, including the Application Targets associated with the Connector and the Status.
Select any Connector Name to see details about the associated Connector groups and Application Targets associated with each Connector.

ZTNA Access Objects

Get visibility into your private apps that were added through ZTNA Connector access objects by viewing data such as the number of apps added by FQDNs, IP subnets, and wildcards, each access object's connectivity status, and the Connector Groups and Connectors associated with each access object. By viewing this information, you can get an overall picture of the health and connectivity of your deployment.
The private apps in the data centers connect to Prisma Access through your Connector virtual machines (VMs). You can add apps based on these access objects—FQDNs, FQDN wildcards, or IP subnets.
  • FQDNs—Prisma Access resolves the FQDNs of the applications you onboard to ZTNA Connector to the IP addresses in the Application IP address block.
  • Wildcards—For wildcard-based apps, create an FQDN-based connector group, then specify the wildcard to use (for example, *.example.com) for the app target. When users access sites that match the wildcard, those apps are automatically onboarded for access from ZTNA Connector for your mobile users and remote network users.
  • IP Subnets—Create an IP subnet-based Connector group, and then enter the IP subnet to use for the app target.

All Access Objects

View Total ZTNA Access Objects to view information about all of your ZTNA Connector access objects—FQDNs, wildcards, and IP subnets—in real time. The number in Total ZTNA Access Objects and ZTNA Access Objects table should match, representing the number of FQDN apps, subnet apps, and discovered wildcard apps.
  • View a graph of the Total ZTNA Access Objects in your environment by Status, which means the automated secure tunnels for the access object are Up, Partially Up, Down, or Disabled. If the status is down, the connector associated with this access object can't reach your application.
    • Up—All tunnels are up.
    • Partially Up—Some tunnels are up and others are down or disabled.
    • Down—All tunnels are down.
    • Disabled—All tunnels are disabled.
    Select a status color square in the Total ZTNA Access Objects widget to sort access objects by Status in the ZTNA Access Objects table.
  • Total Wildcards and Total IP Subnets summarizes how many IP Subnets and Wildcard rules you've onboarded. This is the number of wildcard rules that you created, which is a different total than the number of apps discovered as a result of creating these rules.
  • ZTNA Access Objects provides information about all of your access objects.
    • Access Object—Select a specific access object to view its details.
    • Status—The automated secure tunnel for the access object is Up, Partially Up, Down, or Disabled.
    • FQDN/IP Subnet—The FQDN or IP subnet used to add this access object.
    • Fabric IP (If Applicable)—The fabric IP associated with this access object.
    • Connector Groups—Connector Groups are logical groupings of connectors and applications. View the Connector Groups associated with an access object.
    • Connectors—Connectors represent the VMs running in your data centers that connect to Prisma Access. View the Connectors associated with an access object.
Select any Access Object to view its details.
  • Connector Groups—See how many Connector Groups are associated with this access object. Select a Connector Group to view information about its Service Connections.
  • Connector Group Status (Current)—Up, Partially Up, Down, or Disabled.
  • Connectors—Number of Connectors in this Connector Group.
  • Application Targets—Number of Application Targets in this Connector Group.
  • Bandwidth—Select the Bandwidth button to view bandwidth information for this access object.
Select any of an access object's Connectors to view its details.
  • PA (Prisma Access) Location—The Prisma Access Location associated with each Connector.
  • Config status—The Connector's configuration status is OK or Error. If the status is Error, the ZTNA Connector hasn't finished onboarding.
  • Fabric CIDR—The Fabric CIDR associated with this Connector.
  • Tunnel Status (Current)—The automated secure tunnel status for this Connector.
  • Controller Connectivity—Up, Partially Up, Down, or Disabled.

Wildcards

Select Wildcards to see your wildcard access objects. View Total Wildcards by status and the number of Total Wildcards and Total IP Subnets.
Select the arrow next to a wildcard or select View Details for information about the access objects that make up this wildcard.
  • Access Object—Select a specific access object to view its details.
  • Status—The automated secure tunnel for the access object is Up, Partially Up, Down, or Disabled.
  • FQDN/IP Subnet—The FQDN or IP subnet used to add this access object.
  • Fabric IP (If Applicable)—The fabric IP associated with this access object.
  • Connector Groups—Connector Groups are logical groupings of connectors and applications. View the Connector Groups associated with an access object.
  • Connectors—Connectors represent the VMs running in your data centers that connect to Prisma Access. View the Connectors associated with an access object.
Select any Access Object to view its details.
  • Connector Groups—See how many Connector Groups are associated with this access object. Select a Connector Group to view information about its Service Connections.
  • Connector Group Status (Current)—Up, Partially Up, Down, or Disabled.
  • Connectors—Number of Connectors in this Connector Group.
  • Application Targets—Number of Application Targets in this Connector Group.
  • Bandwidth—Select the Bandwidth button to view bandwidth information for this access object.
Select Connector Groups or Connectors to see the unique connector groups or connectors associated with the access objects in the wildcard.

IP Subnets

Select IP Subnets to see your total of IP subnet access objects. One IP subnet access object consists of a grouping of several different apps.
View Total IP Subnets in your environment by Status (Up, Partially Up, Down, or Disabled).
IP Subnet ZTNA Access Objects provides information about all of your access objects.
    • Access Object—Select a specific access object to view its details.
    • Status—Up, Partially Up, Down, or Disabled.
    • IP Subnet—The IP subnet used to add this access object.
    • Connector Groups—Connector Groups are logical groupings of connectors and applications. View the connector groups associated with an access object.
    • Connectors—Connectors represent the VMs running in your data centers that connect to Prisma Access. View the connectors associated with an access object.
Select any Access Object to view its details.
  • Connector Groups—See how many Connector Groups are associated with this access object. Select a Connector Group to view information about its Service Connections.
  • Connector Group Status (Current)—Up, Partially Up, Down, or Disabled.
  • Connectors—Number of Connectors in this Connector Group.
  • Application Targets—Number of Application Targets in this Connector Group.
  • Bandwidth—Select the Bandwidth button to view bandwidth information for this access object.
Select Connector Groups or Connectors to see the unique connector groups or connectors associated with the access objects in the IP Subnet.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.