Monitor and Troubleshoot Explicit Proxy
Table of Contents
Monitor and Troubleshoot Explicit Proxy
Monitor and troubleshoot your Prisma Access Explicit
Proxy deployment.
After you have configured Explicit Proxy for mobile
users, monitor the status and troubleshoot any issues by checking
the status of your Prisma Access Explicit Proxy deployment.
- Select to see Explicit Proxy status.
The mobile usersStatusandConfig Statusfields indicate whether the connection between Prisma Access and your mobile users isOK, unable to fetch the status on the tunnel (Warning), or that the mobile users cannot connect to Explicit Proxy (Error).Click the hyperlink next toCurrent UsersandUsers (Last 90 days)to get more information about mobile users.- Current Users—The current number of authenticated users who have browsed traffic in the last five minutes.
- Users (Last 90 days)—The number of unique authenticated Explicit Proxy users for the last 90 days.
- Select to display a map showing the deployed Explicit Proxy locations.
- Select to view the following details:
- Explicit Proxy URL—The URL used for Explicit Proxy.
- ACS FQDN—The FQDN of the ACS.
- SAML Meta Data—The authentication profile metadata used by SAML. You canExport SAML Metadatato save the metadata file.
- To troubleshoot authentication-related issues, check the traffic logs () and authentication logs (). Explicit Proxy displays the following IP addresses and locations in the logs:
- IP Addresses—If mobile users bypass the ACS FQDN in the PAC file, the IP address displayed in theSourcecolumn in the Traffic logs and the Traffic logs and theIP Addresscolumn in the Authentication logs, when viewed under theExplicit_Proxy_Device_Group, will be same as the mobile user’s IP address. If users do not bypass the ACS FQDN in the PAC file, the source IP address is the public IP address of the Explicit Proxy cloud firewall where redirects are going to ACS.
- Locations—If mobile users bypass the ACS FQDN in the PAC file, the Region Name displayed in theRegionColumn inAuthentication Logs,Current Users, andUsers (Last 90 days)is one of the five 5 regions (us-west-2, us-east-1, eu-west-2, eu-west-3, ap-south-1) where the ACS is deployed, and shows the region where Explicit Proxy is performing the redirects from the client’s browser. If users do not bypass the ACS FQDN in the PAC file, the Region Name displayed in theRegionColumn inAuthentication Logs,Current Users, andUsers (Last 90 days)is one of the five 5 regions (us-west-2, us-east-1, eu-west-2, eu-west-3, ap-south-1) where the ACS is deployed, and shows the region where Explicit Proxy is performing the redirects from the Explicit Proxy firewall.