The All Users page provides an overview of all users connected
to Palo Alto Networks' security solutions, which include Next-Generation Firewall (NGFW) and
Prisma Access.
Where Can I Use This?
What Do I Need?
Prisma® Access (Managed by Strata Cloud Manager)
Prisma Access license
AI-Powered ADEM license
All Users provides an overview of all users connected to Palo Alto
Networks' security solutions, which include Next-Generation Firewall (NGFW) and Prisma
Access. You can easily determine a user's connection status to NGFW or Prisma Access,
whether at a branch site, service connection, or remote location. You can see:
The total number of unique users currently connected to Palo Alto Networks security
solutions and whether users are connected to NGFW and Prisma Access.
The number of users connected during a certain time range, broken down by users
connected through NGFW and Prisma Access.
Agent-based users that are connected through NGFW and Prisma Access.
Agent-based or browser-based Explicit Proxy users connected to NGFW and Prisma
Access.
A list of unmanaged device users accessing Prisma Access.
A list of users connecting from branch locations to Prisma Access.
A list of users connecting their data centers using specific service
connections.
All Users
In Strata Cloud Manager, go to Activity InsightsInsightsUsers to view information about your Prisma Access Agent
Users, Agentless Proxy Users,
Office Users, and Other Users.
You can filter the information shown on the All Users default
page by:
Enter a username in the Search field to find the user
you want.
Scope Selection—Select NGFW,
Prisma Access, or
All.
Connection Method—Select any of the following
connection methods:
All—All connection methods.
Access Agent—GlobalProtect or Prisma Access
Agent.
Agentless Proxy Users—Agentless proxy users
connect using Explicit Proxy.
Office—Office users are remote or branch
users.
Other—Other unique methods of
connectivity.
Subtenant—Subtenants listed by name.
All Users Table
The All Users table shows all the mobile users in your
environment. Select a User Name to go to this user's
details page, and click on the number of Threats to see
threat details.
User Name—The unique username or IP address.
Connection Method—How this user is connected:
All
Access Agent
Agentless Proxy
Office
Other
Last Device Location—Location of this device.
Threats—Number of threats this user faces. Click on
the number to see threat details.
Applications—Number of applications this user
has.
Data Usage—Total data usage in bytes.
Last Firewall/PA Location—Last connected NGFW name or
Prisma Access location.
Last Activity Time—Date and time this user was
active.
Users Details
Select the number in one of the User
widgets—Agent Users, Agentless Proxy
Users, Office Users, Other
Users—to go to the relevant details pages. For example, we have
selected the number under Agent Users to view information
about Access Agent Users .
Under Access Agent Users, you can view connected users and
user devices. See View Trend by Users or User
Devices connected to Prisma Access at the time indicated in
the timestamp. Hover over the View Trend by line in the
chart to see how many Users or User
Devices are connected and the time at which they were
connected.
Active Agentless Proxy Users
When you select Agentless Proxy Users, you see a graph
with Agentless Proxy User trends, how many
Active Users appear in the graph, and the
percentage of users who are active during the selected Time Range
versus the previous time range.
Select the number of Active Users to see data about
the Current Active Users via Explicit Proxy,
including the unique User Name, Last
Source Region, Last Used PA Location,
and Source IP address.
Monitored Users
If you have an AI-Powered ADEM license, you can view the number of
users being monitored by Autonomous DEM (ADEM) as well as the number of user
devices being monitored. See Autonomous DEM - Mobile Users for
further information.
Risky Users
View the number of users who are affected by threats. The Up or Down arrow
compares this time range with a previous time range to determine the
difference, in percentage, of the number of connected devices.
Access Agent Versions
Select View More Details for:Access Agent Versions shows the access
agent—GlobalProtect or Prisma Access
Agent—versions that your users’ devices are using to connect
to Prisma Access. You can see how many users are connecting with each
version. Use the data displayed to enforce compliance with the latest
GlobalProtect or Prisma Access
Agent versions
IP Pool Utilization
Static IP pools provide an alternate
means of allocating IP addresses to the agent users. To view P
pool utilization by different IP pool allocation theaters based on the
number of connected users at that time, select View More Details
for:IP Pool Utilization. The IP pool utilization
percentage on the graph is the number of IP pool blocks used out of all the
IP pool blocks that are available across all the subnets. You can
proactively add subnets when you see an IP pool bar approaching the maximum
capacity for any region.
IP Pool Utilization Details
Current IP Pool Utilization—One IP pool address
block is a /24 subnet and has 254 IP addresses. Allocation of a pool
block counts toward utilization; however, allocating a pool block
doesn't mean that all IP addresses are in use. There are still available
pool blocks that can be allocated to new or existing mobile user
gateways as needed. See IP pool utilization by different IP pool
allocation theaters based on the number of connected users at that time.
IP Pool Allocation—The IP pool utilization
percentage on the graph is the number of IP pool blocks used out
of all the IP pool blocks that are available across all subnets.
You can take proactive actions by adding subnets when you see an
IP pool bar approaching the maximum capacity for any region.
Static IP Address Allocation provides an
alternate means of allocating IPs to the agent users. IP
Pool Detailsshows IP pool utilization displayed
under the IP Pool Name that comes from the
static IP pool configuration. Total IP Pool
Profiles shows the number of utilized profiles in
the IP pool, and Total Unused IP Addresses
shows the number of unused IP addresses in the IP pool.
The
IP Pool Details table shows:
IP Pool Name—Each connected pool user
by unique name.
Total IP Addresses—The total number
of users in the IP pool.
Active IP Addresses—The total number
of active users in the IP pool.
Peak Utilization Status—The highest
percentage of use for this IP pool during the selected
Time Range.
Last IP Assignment Timestamp—The last
time this IP pool was active.
Access Agent Users Table
The Access Agent Users table enables you to view your
current connected Access Agent Users by
Users or User Devices
during the time range selected. Select a User Name to
view information about the user's Activity,
Connectivity, and
Experience.
User Activity
See this user's Total Threats, Threats by
Risk Level, web browsing summary, and application summary
during the selected time range.
The Web Browsing Summary shows details about the URLs
this user has visited.
Overview shows the number of unique URLs that
this user has visited, Severity of URLs
(High, Medium, or
Low), and the number of
Malicious URLs this user has visited.
Most Visited Sites shows the most
visited sites in order of number of times visited, Site
Category, Risk
Level, and number of
Sessions, or visits the user made to
this site.
Blocked shows the number of
Blocked URLs this user tried to access,
the Severity of Blocked URLs
(High, Medium, or
Low), Malicious Blocked
URLs, and Blocked URLS with Most Visited
Sites.
Sessions shows:
Total Hits—The number of times this
user has accessed web sites.
Category Session Breakdown—Breaks
down the types of sites this user visited.
Top URL Categories for Sessions—The
top categories, in order, that this user visited.
Data Transfer shows the Total Data
Transferred, Category Data Transfer
Breakdown, and Top URL Categories for
Data Transfer table that shows
Category, Unique
URLs for each category, and Data
Transferred, in MB, for each category.
The Application Summary shows information about this
user's applications during the selected time range.
Activity—The user's number of Total
Apps, Applications by Risk Score,
Top App Categories, and a list of
All Applications that shows each one's
App Risk score. App risk scores are ranked in
numerical order from high (5) to low (0).
Blocked—The user's Total Blocked
Applications, Total Allowed
Applications, and the Total Blocked
Applications table that shows a list of blocked
applications by Application Name and
Rule.
Sessions—Details about each time the user
accessed each application. You can view the user's number of
Total Sessions, Category Sessions
Breakdown, and the Top Used
Applications, which shows the number of user sessions
for each application during the selected time range.
Data Transfer—The Total Data
Transferred, Category Data Transfer
Breakdown, and Top Applications with Data
Transferred by Application Name
and Data Transferred in MB.
User Connectivity
Understand your user's device connectivity by reviewing the
Connected User's Device Trend chart,
Connected User's Devices, and User
Login & Logout Events on all devices.
The Connected Devices User Trend chart shows
how many devices are connected at specific times during the selected
time range. Hover over a point in the chart to see how many devices
were connected at that date and time.
The Connected User's Devices table shows details
about each of the user's connected devices, by device name. View each
device's Last User Source IP Address, the
Last Private IP used, the Last
User Location, the Last Login
Time, the Last Logout Time,
Last Session Duration, and Auth
Type.
The User Login & Logout Events table provides
details about when this user logged in and logged out on all of their
devices. You can view each Device Name, the
device's User Source IP Address, its
Private IP, User
Location, Login Time,
Logout Time, Session
Duration, Auth Type,
OS Family or Version, Agent
Version, Firewall/Location, and
Agent Type.
