Verify If Remote Network Is Connected to Prisma Access
Focus
Focus
Prisma Access

Verify If Remote Network Is Connected to Prisma Access

Table of Contents

Verify If Remote Network Is Connected to Prisma Access

This section describes how to verify the connection status of a remote network site with Prisma Access.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
After you have configured the IPSec VPN device on the remote network, verify the tunnel status. When you verify the status of remote networks, remember the following:
  • Verify the status of the IPSec tunnel to your remote network.
  • The final step when verifying remote networks is to review the logs and ensure that traffic is flowing through Prisma Access. If there are errors or warnings, review the system logs in Prisma Access and local logs on the remote network device. Resolve any errors or warnings before proceeding with the configuration.
  • Continue adding remote networks as needed.

Verify If Remote Network Is Connected to Prisma Access (Strata Cloud Manager)

Learn how to verify the remote network connection status to Prisma Access in this section.
Select ManageConfigurationNGFW and Prisma Access, change the Configuration Scope to Prisma Access, and select Prisma Access Sync StatusRemote Networks.

Verify If Remote Network Is Connected to Prisma Access (Panorama)

Verify the status of an onboarded Prisma Access remote network connection.
  1. Select PanoramaCloud ServicesStatusStatus to verify that the remote network connections have been successfully deployed.
    The Deployment Status area allows you to view the progress of onboarding and deployment jobs before they complete, as well as see more information about the status of completed jobs.
  2. To display a map that shows the locations of the remote networks in the regions you have selected, select PanoramaCloud ServicesStatusMonitor and click the Remote Networks tab.
  3. Select a region to get more detail about that region.
  4. Click the tabs below the map to see additional remote network statistics.
    Status tab:
    • Location—The location where your remote network is deployed.
    • Remote Peer—The peer to which the remote network has an IPSec tunnel connection.
    • IPSec Termination Node—The IPSec termination node associated with the remote network. This field only displays if you allocate bandwidth by compute location.
    • ECMP—Whether you have enabled ECMP Load Balancing on this remote network connection.
    • Config Status—The status of your last configuration push to the service. If you have made a change locally, and not yet pushed the configuration to the cloud, the status shows Out of sync. Hover over the status indicator for more detailed information. After committing and pushing the configuration to Prisma Access, the Config Status changes to In sync.
    • BGP Status—Displays information about the BGP state between the firewall or router at the remote network location and Prisma Access. Although you might temporarily see the status pass through the various BGP states (idle, active, open send, open pend, open confirm, most commonly, the BGP status shows:
      • Connect—The router at the remote network location is trying to establish the BGP peer relationship with Prisma Access.
      • Established—The BGP peer relationship has been established.
        This field will also show if the BGP connection is in an error state:
      • Warning—There has not been a BGP status update in more than eight minutes. This may indicate an outage on the firewall.
      • Error—The BGP status is unknown.
    • Tunnel Status—The operational status of the connection between Prisma Access and the remote network.
    Statistics tab:
    • Location—The location where your remote network is deployed.
    • Remote Peer—The corporate location to which this remote network is setting up an IPSec tunnel.
    • Ingress Bandwidth (Mbps)—The bandwidth from the remote network location to Prisma Access.
      For the Ingress Bandwidth, Ingress Peak Bandwidth, Egress Bandwidth, and Egress Peak Bandwidth fields, when the bandwidth consumption on a remote network goes beyond 80% of the allocated bandwidth, the numbers display in a red color.
    • Ingress Peak Bandwidth (Mbps)—The peak load from the remote network location into the cloud service.
    • Egress Bandwidth (Mbps)—The bandwidth from Prisma Access into the remote network location.
    • Egress Peak Bandwidth (Mbps)—The peak load from Prisma Access into the remote network location.
    To find statistics about locations in the region, select Bandwidth Usage.
    Select the check mark for a location to see detailed bandwidth usage. For deployments that allocate bandwidth by compute location, select an IPSec termination node to view statistics for that node. Prisma Access uses the 95th percentile standard to gather statistics, which tracks bandwidth at peak utilization and ignores the top 5 percent of utilization peaks and large bursts.