Focus

Prisma SD-WAN

Troubleshoot Standard VPNs

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Troubleshoot Installation Scenarios

Enable, Pause, Disable, and Uninstall the CloudBlade

Troubleshoot Standard VPNs

Lets see how to troubleshoot the standard VPNs in Prisma SD-WAN Zscaler CloudBlades.

Where Can I Use This?	What Do I Need?
Strata Cloud Manager	Prisma SD-WAN license Zscaler Enforcement Nodes (ZEN) Integration CloudBlade

Start with the Zscaler Test Page to verify and troubleshoot client traffic to and through Zscaler Enforcement Nodes (ZENs). All application and path metrics will also be collected and reported, and all application monitoring alarms and alerts will be generated for Standard VPNs. To troubleshoot Standard VPNs, view Alerts and Alarms, Connectivity of Standard VPNs at the site level, and Activity charts to view possible issues with the VPN. In addition, device toolkit commands can be used to view Standard VPN stats, status, and summary.

Use the Zscaler Test Page

Zscaler provides a diagnostic page that allows for verification and troubleshooting of client traffic to and through Zscaler ZENs. To access the page from any client, open the link http://ip.zscaler.com.

For more details on this tool, refer to the Zscaler Knowledgebase article, How can I check if a user’s traffic is going to Zscaler?.

View Standard VPN at Site Level

To view the interface status at the site level, go to WorkflowsPrisma SD-WAN SetupBranch Sites.

Select a site, and under Overlay Connections, click Standard VPN to view the status of the Standard VPN.

View Alerts and Alarms

If a Standard VPN tunnel interface is down, an alarm will be raised, just like it would for any other interface within the system.

View Activity Charts

All activity charts can be filtered based on paths, including Standard VPNs.

In Strata Cloud manager, go to MonitorBranch SitesPrisma SD-WAN.

In the Activity tab, under WAN, select Standard VPN, use the filters to select the site connectivity, and time range to see the specific analytics for that path.

Zscaler Location Gateway Options

CloudBlade version 1.2.2 supports the following gateway options:

Options	Corresponding Prisma Access for NetworksTag
Use XFF from Client Request	Gateway Options: <True \| False>Sub Locations: Disabled
Enforce Zscaler App SSL Setting	Deprecated
Enable SSL Inspection	Deprecated
Enforce Firewall Control	<True \| False>
Enforce Authentication	<True \| False>
Enable IP Surrogate	<True \| False>Idle time: <val>Idle time metric: <minutes \| hours \| days>
Enable Surrogate IP for KnownBrowsers	<True \| False>Refresh time: <val>Refresh time metric: <minutes \| hours \| days>
Enable Caution	<True \| False>
Enable AUP	<True \| False>Frequency (days): <val>Block Internet Access: <True \| False>Force SSL Inspection: <True False>

Troubleshoot Installation Scenarios

Enable, Pause, Disable, and Uninstall the CloudBlade

Prisma SD-WAN Docs

Troubleshoot Standard VPNs

Prisma SD-WAN Docs

Troubleshoot Standard VPNs

Use the Zscaler Test Page

View Standard VPN at Site Level

View Alerts and Alarms

View Activity Charts

Zscaler Location Gateway Options

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources