Update Issues

• Open the Prisma Access Browser and navigate to prisma://settings/help.
• Check the displayed version number and compare it to the latest version number on the download page.
• If the numbers are the same, no update is needed.

• Open a web browser and try to navigate to these URLs:
  • updates.talon-sec.com
  • bfe078e7921507bb.talon-sec.com
  • Go to prisma://troubleshoot, open Diagnostics, and make sure that the Update service is up and running.
• If the URLs cannot be reached:
  • Check your internet connection to make sure that it s stable.
  • Check your firewall to make sure that these URLs are bot blocked. If you are in a corporate environment, make sure that the URLs are whitelisted.

• If the “About” page shows: "An error occurred while checking for updates: Update check failed to start (error code 3: 0x80040154)":
  • Open the Task Scheduler.
    • Run the command taskschd.msc and check for the following taskd:
      • PANWUpdateTaskMachineCore
      • PANWUpdateTaskMachineUA
    • If these tasks are not present, the Omaha client may not be installed correctly.
    • Check the following directories to see if the Omaha client exists:
      • %PROGRAMFILES(x86)%\Palo Alto Networks\Update
      • %LOCALAPPDATA%\Palo Alto Networks\Update
    • If the tasks or files are missing, reinstall the Omaha client.

• Verify that the system has all required root certificates installed:
  • Open the Microsoft Management Console:
    • Run the command mmc.
    • In MMC, go to "File" > "Add/Remove Snap-in."
    • Select "Certificates" and click "Add."
    • Choose "Computer account" and click "Next," then "Finish."
  • In the MMC console, expand "Certificates" under "Trusted Root Certificate Authorities."
  • Check for the following certificates:
    • DigiCert Trusted Root G4 (requires 05:9b)
    • DigiCert Trusted G4 Code Signing (requires 08)
    • GlobalSign Root R6 (starts with 45)
  • If either certificate is missing, download and install them from the official DigiCert and GlobalSign websites:
    • DigiCert Root Certificates
    • GlobalSign Root Certificates
  • Follow the instructions on the websites to install the certificates on your system.

• Open the File Explorer and navigate to the Prisma Access Browser Installation directory:
  • %PROGRAMFILES(x86)%\Palo Alto Networks
  • %LOCALAPPDATA%\Palo Alto Networks
• Look for a directory corresponding to the new version number.
• Make sure that the executables in the new version directory are properly signed.
  • Right-click on an executable.
  • Select Properties, then go to the Digital Signatures tab.
  • Ensure that the signatures are valid.
• • If files are unsigned, check for possible issues such as download corruption, disk errors, or security product interference.

• Check the security product's logs for any entries related to Prisma Access Browser or its components.
• If any entries indicate that the update is being blocked, follow these steps:
  • Open the security product's control panel.
  • Navigate to the settings or exceptions/whitelist section.
  • Add the following executables and directories to the whitelist:
    • • Executables related to Prisma Access Browser.
      • Directories
        • %LOCALAPPDATA%\Palo Alto Networks\
        • %PROGRAMFILES(x86)%\Palo Alto Networks
        • %PROGRAMFILES%\Palo Alto Networks
• Temporarily disable the security product and attempt the update again to see if the issue is resolved.
• If the update succeeds with the security product disabled, re-enable it and ensure the necessary whitelisting is in place to prevent future issues.

• Test your network speed using an online speed test tool (e.g., speedtest.net).
• If the network speed is significantly lower than expected:
  • Restart your routers or modem.
  • Check to make sure that other devices on the network are not consuming excessive bandwidth,
  • If the issues persist, contact your Internet Service Provider.

Browsing Issues

• All Websites
  • Site Functionality in Other Browsers
    • Open a different browser (Chrome / Edge).
    • Navigate tot he websites that are experiencing issues in Prisma Access Browser.
    • See if the sites load and function correctly.
    • If they do not function correctly, the issue is likely a problem with the websites themselves or a broader network problem.

• Open the firewall settings on your device:
  • Windows: Control Panel > System and Security > Windows Defender Firewall
  • macOS: System Preferences > Security & Privacy > Firewall
• Check the list of allowed applications and processes.
• Ensure that Executables related to the Prisma Access Browser, as well as the following directories are allowed through the firewall:
  • %LOCALAPPDATA%\Palo Alto Networks\
  • %PROGRAMFILES(x86)%\Palo Alto Networks
  • %PROGRAMFILES%\Palo Alto Networks
• If necessary, manually add Prisma Access Browser to the firewall's list of allowed applications.
• Examine firewall logs to find relevant clues for a block and possibly whitelist Prisma Access Browser executables and directories.

• Open Prisma Access Browser and navigate to the extensions page: prisma://extensions/
• Disable all extensions.
• Try accessing the problematic websites again. If the sites work, enable the extensions one at a time to identify the problematic one.

Specific Websites

• Open a different browser (Chrome / Edge).
• Navigate tot he websites that are experiencing issues in Prisma Access Browser.
• See if the sites load and function correctly.
• If they do not function correctly, the issue is likely a problem with the websites themselves or a broader network problem.

• Open the firewall settings on your device:
  • Windows: Control Panel > System and Security > Windows Defender Firewall
  • macOS: System Preferences > Security & Privacy > Firewall
• Check the list of allowed applications and processes.
• Ensure that Executables related to the Prisma Access Browser, as well as the following directories are allowed through the firewall:
  • %LOCALAPPDATA%\Palo Alto Networks\
  • %PROGRAMFILES(x86)%\Palo Alto Networks
  • %PROGRAMFILES%\Palo Alto Networks
• If necessary, manually add Prisma Access Browser to the firewall's list of allowed applications.
• Examine firewall logs to find relevant clues for a block and possibly whitelist Prisma Access Browser executables and directories.

• Open the developer tools in Prisma Access Browser (press Ctrl+Shift+I or F12).
• Navigate to the "Application" tab.
• Expand the "Cookies" section and check for any cross-site cookies used by the website.
• Ensure that Prisma Access Browser is configured to allow cross-site cookies:
  • Go to prisma://settings/cookies and ensure that "Block third-party cookies" is disabled.
• If cross-site cookies are required, add the specific sites to the list of allowed cookies.

• Open the developer tools in Prisma Access Browser (press Ctrl+Shift+I or F12).
• Navigate to the "Network" tab.
• Reload the website and observe the network requests.
• Look for any blocked resources and note their URLs.
• Ensure that the website's configuration does not blacklist any necessary resources:
  • Go to prisma://settings/security and check for any site-specific configurations.
  • Add any necessary resources to the whitelist.

• Open Prisma Access Browser and navigate to the extensions page: prisma://extensions/
• Disable all extensions.
• Try accessing the problematic websites again. If the sites work, enable the extensions one at a time to identify the problematic one.

• Open Prisma Access Browser and navigate to the problematic site.
• Check if the site is being accessed in IE mode.
• If it only works in IE but not in Prisma Access Browser IE mode, a feature may be missing.

Extension Issues

• Install the extension in Chrome and Edge browsers.
• Verify that the extension functionality is consistent across both browsers.
• Note any specific differenced or issues encountered.

• Open the Development Console (usually accessed by right-clicking the web page and selecting Inspect or by pressing CTRL+Shift+I).
• Look for any errors or warnings related to NaCl.
• In Chrome, some extensions may explicitly mention NaCl errors or dependencies in the console output.

• Review the extension's documentation or support resources.
• Check if the extension requires any desktop-installed services or applications to function correctly.
• Test the extension's functionality both with and without any associated desktop services installed.

PWA Issues

• Ensure the user is running the latest version of Prisma Access Browser.
• Guide the user to update Prisma Access Browser to the latest available version if necessary.
• Verify if the issue persists after updating.

• Attempt to install the PWA in both Chrome and Edge browsers.
• Make sure that the installation process completes successfully without any errors.
• Compare the installation behavior with Prisma Access Browser to identify any discrepancies.

• Inform users about the Chromium limitation affecting PWAs when there are multiple profiles in use.
• Explain that only one profile can utilize PWAs due to how Chromium handles app installations and storage.
• Advise your users to check if multiple profiles are active and recommend using PWAs in the profile where it is most needed.