Filter GlobalProtect Logs for Gateway Latency in PAN-OS
In PAN-OS, filter GlobalProtect logs for gateway tunnel
latency to troubleshoot connection and performance issues.
To help you troubleshoot connection
and performance issues for a specific user, GlobalProtect collects
and reports telemetry information for latency between the GlobalProtect
gateway and the endpoint. With this information, you can identify
the gateway the user is connected to, the current stage of the connection,
and statistics about the pre-tunnel and post-tunnel network latency.
Pre-tunnel latency measurements are based on the OpenSSL
handshake. The time is measured from the initial SYN until the TCP
3-way handshake is completed.
Post-tunnel latency measurements are taken after the tunnel
is established. The time is measured for the round trip time (RTT)
of a single tunnel keep-alive from an ICMP probe. The post-tunnel
time is often faster, as it measures the single keep-alive and not
the whole TCP handshake.