Checklist for GlobalProtect App Log Collection for Troubleshooting
Use the following workflow to enable
the GlobalProtect app log collection for troubleshooting:
With Cloud Managed Prisma Access, you can enable Log Collection for Troubleshooting for
the GlobalProtect app by using the Prisma Access app on the hub
to generate the certificate and to automatically import it so that
the app can authenticate with Cortex Data Lake for log collection.
With the Cloud
Services plugin 2.0 Innovation, if you have a deployment that uses
Prisma Access or the next-generation firewall, you must use the Panorama
web interface to set up GlobalProtect connectivity.
Generate a client certificate
that is used to establish a connection from the GlobalProtect app
to Cortex Data Lake.
is automatically exported from the Panorama certificate store, and
then automatically imported to the Panorama template where the GlobalProtect portal
Enable the GlobalProtect app log collection for troubleshooting
on the GlobalProtect portal.
Configure the HTTPS-based destination URLs that can contain
IP addresses or fully qualified domain names on the GlobalProtect
portal. Later, these HTTPS-based destination URLs are used to initiate
performance tests for probing.
Report an issue from the GlobalProtect from the end user’s endpoint.
) Allow the GlobalProtect app to run additional diagnostic
and performance tests both inside and outside of the tunnel, and also
send the troubleshooting log bundle together with the issue reports upon