Checklist for GlobalProtect App Log Collection for Troubleshooting
Use the following workflow to enable
the GlobalProtect app log collection for troubleshooting:
With Cloud Managed Prisma Access, you can enable Log Collection for Troubleshooting for
the GlobalProtect app by using the Prisma Access app on the hub
to generate the certificate and to automatically import it so that
the app can authenticate with
With the Cloud
Services plugin 2.0 Innovation, if you have a deployment that uses
Prisma Access or the next-generation firewall, you must use the Panorama
web interface to set up GlobalProtect connectivity.
Generate a client certificate
that is used to establish a connection from the GlobalProtect app
to
Cortex
Data Lake
.
The
globalprotect_app_log_cert
certificate
is automatically exported from the Panorama certificate store, and
then automatically imported to the Panorama template where the GlobalProtect portal
configuration resides.
Enable the GlobalProtect app log collection for troubleshooting
on the GlobalProtect portal.
Configure the HTTPS-based destination URLs that can contain
IP addresses or fully qualified domain names on the GlobalProtect
portal. Later, these HTTPS-based destination URLs are used to initiate
performance tests for probing.
Report an issue from the GlobalProtect from the end user’s endpoint.
(
Optional
) Allow the GlobalProtect app to run additional diagnostic
and performance tests both inside and outside of the tunnel, and also
send the troubleshooting log bundle together with the issue reports upon
user request.