After an interruption occurs, such as a networking connectivity issue,
the Prisma Access Agent will attempt to restore the tunnel and maintain connectivity without
user intervention.
Automatic tunnel restoration enhances the end-user experience by maintaining
consistent and efficient connectivity for Prisma Access Agents. This feature
automatically restores secure connections after interruptions, reducing user
frustration and minimizing work disruptions.
Automatic tunnel restoration is a standard feature of Prisma Access Agents so no
configuration is required for it to work. To understand automatic tunnel
restoration, you should be familiar with the following key concepts:
Connectivity Modes
Depending on how you configured the Prisma Access Agent, your users will connect to a
gateway using one of the following modes:
Always On—In this mode, the Prisma Access Agent continuously attempts
to maintain a connection to a location. Users can't disconnect, and the
sign-out option is disabled in the Prisma Access Agent app.
On-Demand—This mode allows users to choose when to connect or
disconnect. When users choose the Best Location, the
agent behaves like it's in Always On mode until manually disconnected.
Location Selection
Your users can connection to a location using (gateway) the following methods:
Best location selection—This method selects the optimal location based
on various factors. It's used when no specific location is chosen or when
reconnection to a chosen location fails in Always On mode.
Manual location selection—Users can choose a specific location to
connect to. The behavior differs based on the connectivity mode.
Monitoring and System Changes
Prisma Access Agent monitors various network and system changes, including:
- Network status changes such as internet connectivity coming up or going
down
- System sleep mode and resume events
- Service disable or enable events
- Service restarts due to reboots, upgrades, or crashes
Restoration Window
The Prisma Access Agent will attempt to restore the connection for up to 30 minutes
after an interruption occurs. This time frame will help to significantly reduce
manual reconnections due to changes in network conditions.
- When a connection interruption occurs, the Prisma Access Agent initiates the
secure tunnel restoration process.
- The agent attempts to restore the connection for up to 30 minutes.
- If successful within this time frame, the connection is reestablished without
user intervention.
- If unsuccessful after 30 minutes, the user might need to manually reinitiate the
connection.
Tunnel restoration behavior differs depending on the connectivity mode for the
agent.
Tunnel Restoration in Always On Mode
In Always On mode, the Prisma Access Agent actively attempts to maintain a constant
connection:
- If the user manually chooses a location and it becomes unavailable, Prisma
Access Agent will try to reconnect to the chosen location.
- If reconnection to the chosen location fails, Prisma Access Agent automatically
switches to the best location.
- The agent continuously attempts to restore the connection, trying up to five
times using the best location.
- The system will notify users about connection status changes in the Prisma
Access Agent app.
Tunnel Restoration in On-Demand Mode
In On-Demand mode, the restoration behavior depends on how the connection was
initiated:
- If the user chose Best Location, the agent behaves
similarly to Always On mode until manually disconnected.
- If the user chose a specific location:
- Prisma Access Agent attempts to reconnect only to that location.
- If reconnection fails, it does not connect to any other location.
- Users are notified of failed connection attempts.
- After a manual disconnect, the Prisma Access Agent remains in a disconnected
state until the user initiates a new connection.
In both modes, Prisma Access Agent monitors network and system changes to trigger
restoration attempts when necessary, ensuring optimal connectivity within the
30-minute restoration window.
