>
    Troubleshoot NGFW Connectivity and Policy Enforcement Anomalies
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. NGFW AIOps
    4. AIOps for NGFW
    5. Troubleshoot NGFW Connectivity and Policy Enforcement Anomalies
    Download PDF

    Next-Generation Firewall

    Manage: Troubleshoot NGFW Connectivity and Policy Enforcement Anomalies

    Table of Contents

    Troubleshoot NGFW Connectivity and Policy Enforcement Anomalies

    Troubleshoot issues on your NGFWs.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Cloud Managed)
    • NGFW (PAN-OS or Panorama Managed)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use Strata Cloud Manager)
       is required for Cloud Management for NGFWs
    • Cortex Data Lake license is required for logging
    • If you have a Prisma Access license, you can use
      Folder Management
       to view your predefined folders and enable Web Security for a folder
    Troubleshoot your NGFWs from Strata Cloud Manager without having to move between various firewall interfaces. If you experience connectivity issues after deploying and configuring your NGFWs, you can get an aggregate view of your routing and tunnel states, and drill down to specifics to find anomalies and problematic configurations.
    Troubleshoot your identity-based policy rules and dynamically defined endpoints. You can check the status of specific NGFWs and expose possible mismatches between how you expect a policy to work and its actual enforcement behavior.
    Troubleshooting
     lets you drill down on issue that might arise within these networking and identity features–track down and resolve connectivity issues or policy enforcement anomalies:
    Network Troubleshooting
    Identity and Policy Troubleshooting
    Go to the feature you want to troubleshoot and select the
    Troubleshooting
     button to get started.
    View and sort troubleshooting jobs you've run by Status, Action, Search Target, and Timestamp.
    Feature
    Feature Location
    Available Actions
    Action Scope
    Job Output Organized By:
    DNS Proxy (Network)
    Manage Configuration
    NGFW and Prisma Access
    Device Settings
    DNS Proxy
    • Show DNS Proxy Cache
    • Search the DNS Proxy Cache
    Firewalls you specify
    • Domain Name
    • IP Address
    • Type–IPv4 Address Record (A), IPv6 Address Record (AAAA), Canonical Name Record (CNAME), Mail Exchange Record (MX), and Pointer to a canonical name (PTR)
    • Class: Internet (IN TCP/IP), Chaos (CH), and Hesiod (HS)
    • Time-to-live (TTL) in seconds
    • Hits–Number of times the record was requested since the last reboot
    NAT (Network)
    Manage Configuration
    NGFW and Prisma Access
    Network Policies
    NAT
    Show the NAT Rule IP Pool
    Firewalls you specify
    • Rule
    • Type
    • Used
    • Available
    • Memory Size Ratio
    User Groups (Identity)
    Manage Configuration
    NGFW and Prisma Access
    Identity Services
    Cloud Identity Engine
    • Show User Group
    • Search User Group
    Firewalls you specify
    • Username
    • Group
    Manage Configuration
    NGFW and Prisma Access
    Objects
    Address
    Address Groups
    • Show All Dynamic Address Groups
    • Search for a Dynamic Address Group (Chosen from a list)
    Firewalls you specify
    • Name
    • Filter
    • Members
    Manage Configuration
    NGFW and Prisma Access
    Objects
    Dynamic User Groups
    • Search by Dynamic User Group
    • Search by Username
    Firewalls you specify
    • Members (Username) and / or Dynamic User Group
    User ID (Identity)
    Manage Configuration
    NGFW and Prisma Access
    Identity Services
    Identity Redistribution
    • Show All User IP Mapping
    • Search For User IP Mapping
    Firewalls you specify
    • IP
    • User
    • From
    • Idle Timeout
    • Max Timeout

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.