Focus

Prisma Access

Manage Privileged Remote Access Connections

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Activation & Onboarding
Administration
Version
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
- Prisma Access China
Integrations
Incidents & Alerts

Configure Split Tunneling for Privileged Remote Access Traffic

Use Privileged Remote Access

Manage Privileged Remote Access Connections

Learn how to manage active Privileged Remote Access connections, such as viewing connection information or terminating a connection.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama or Strata Cloud Manager)	Prisma Access 5.2.1 Minimum Prisma Access dataplane version: 11.2.4 Prisma Access license with a Mobile User subscription Privileged Remote Access add-on license

You can manage active Privileged Remote Access (PRA) connections, such as viewing user and app connection information or terminating a connection.

To manage active PRA connections, go to WorkflowsPrivileged Remote AccessActive Connections.

You can perform the following tasks:

Browse PRA connection information, such as:
- User Name—The username of the PRA user who is connected to the PRA portal
- Name—The name of the app that the user is accessing
- App Type—The type of app that’s being accessed (RDP, SSH, or VNC)
- FQDN/IP Address—The FQDN or IP address of the app that’s being accessed
- Source IP—The IP address of the user's device
- Device Type—The operating system running on the user's device
- Browser/Version—The type of browser and browser version that’s being used
- Start Time—The time when the PRA connection began
- Last Active—Whether the connection is still active by showing when the user last interacted with the app
You can arrange how the columns appear in the active connections table by selecting the Settings icon.
Refresh the connection information.
Remotely terminate a PRA connection by selecting one or more active connections from the table and clicking Disconnect.

You can also view logs that PRA automatically generates and the authentication logs in Cloud Identity Engine.

Monitor Privileged Remote Access Logs

PRA automatically generates logs and sends them to the Strata Logging Service, which provides an audit trail for PRA system and network events. The events will appear in the Log Viewer a few minutes after an event occurs.

To view the audit logs for PRA:
1. From Strata Cloud Manager, select Incidents and AlertsLog Viewer.
2. Select Common/Audit and filter on Log Source = 'Privileged Remote Access'.
To view the event logs for PRA:
1. Select Incidents and AlertsLog Viewer.
2. Select Endpoint/Events and filter on Log Source = 'Privileged Remote Access' AND Classification = 'User connected to app'.

Monitor Privileged Remote Access Authentication

You can monitor the PRA users who authenticated with their IdP by viewing the Cloud Identity Engine authentication logs.

Navigate to the Cloud Identity Engine from your Prisma Access tenant.
Select Authentication Logs.

Configure Split Tunneling for Privileged Remote Access Traffic

Use Privileged Remote Access

Prisma Access Docs

Manage Privileged Remote Access Connections

Prisma Access Docs

Manage Privileged Remote Access Connections

Monitor Privileged Remote Access Logs

Monitor Privileged Remote Access Authentication

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner