Checklist for GlobalProtect App Log Collection for Troubleshooting

Use the following workflow to enable the GlobalProtect app log collection for troubleshooting:
With Cloud Managed Prisma Access, you can enable Log Collection for Troubleshooting for the GlobalProtect app by using the Prisma Access app on the hub to generate the certificate and to automatically import it so that the app can authenticate with Cortex Data Lake for log collection.
  • With the Cloud Services plugin 2.0 Innovation, if you have a deployment that uses Prisma Access or the next-generation firewall, you must use the Panorama web interface to set up GlobalProtect connectivity.
    • Generate a client certificate that is used to establish a connection from the GlobalProtect app to Cortex Data Lake.
      The
      globalprotect_app_log_cert
      certificate is automatically exported from the Panorama certificate store, and then automatically imported to the Panorama template where the GlobalProtect portal configuration resides.
    • Create or modify the existing GlobalProtect agent configuration for a specific group of users.
    • Select the
      globalprotect_app_log_cert
      certificate as the client certificate in the GlobalProtect portal configuration.
    With the Cloud Services plugin 1.8 and Cloud Services plugin 2.0 Preferred, you must use the commands to set up GlobalProtect connectivity.
    • Generate a client certificate that is used to establish a connection from the GlobalProtect app to Cortex Data Lake.
    • Export the
      gp_app_log_cert
      certificate from the Panorama certificate store.
    • Import the
      gp_app_log_cert
      certificate to the Panorama template where the GlobalProtect portal configuration resides.
    • Create or modify the existing GlobalProtect agent configuration for a specific group of users.
    • Select the
      gp_app_log_cert
      certificate as the client certificate in the GlobalProtect portal configuration.
    • Enable the GlobalProtect app log collection for troubleshooting on the GlobalProtect portal.
    • Configure the HTTPS-based destination URLs that can contain IP addresses or fully qualified domain names on the GlobalProtect portal. Later, these HTTPS-based destination URLs are used to initiate performance tests for probing.
  • Step 3: Report an issue from the GlobalProtect app for Windows, macOS, iOS, Android, and Linux
    • Open the GlobalProtect app.
    • Report an issue from the GlobalProtect from the end user’s endpoint.
    • (
      Optional
      ) Allow the GlobalProtect app to run additional diagnostic and performance tests both inside and outside of the tunnel, and also send the troubleshooting log bundle together with the issue reports upon user request.
    • View the troubleshooting or diagnostics log record uploaded to Cortex Data Lake.
    • View the details in the logs to help you to identify the root cause and to resolve connectivity, network access, or performance issues.

Recommended For You