Monitor and Troubleshoot the Aryaka Remote Network

The following sections show the tasks you perform to monitor traffic and troubleshoot issues for the remote network tunnel between the Aryaka SD-WAN and Prisma Access.

Monitor Remote Network Traffic

To monitor remote network tunnel traffic from the Aryaka SD-WAN, complete the following task.
  1. Click the
    tab, then select
    Cloud Security Connector Traffic
  2. Pick a reference site, select a time, and click
    To zoom in any of these graphs, click a graph and drag the cursor.
    • The following information displays in the
      Internet Traffic
      • Total Internet
        —All traffic forwarded to the internet.
      • Total Palo Alto
        —All internet traffic forwarded to Prisma Access.
      • Total Other
        —All traffic forwarded to internet that is not going to Prisma Access.
    • The
      Palo Alto Traffic
      graph shows traffic data (in Mbps) over IPSec tunnels to Prisma Access for the time period that you select. This graph shows traffic flow in both directions to Prisma Access.
    • The
      Palo Alto Received
      graph shows traffic received on the IPSec tunnels to Prisma Access. This graph shows all internet traffic inbound to the site from Prisma Access.
    • The
      Palo Alto Transmitted
      graph shows all traffic that is transmitted on IPSec tunnels to Prisma Access. This graph shows all traffic outbound to Prisma Access from the site.

Troubleshoot the Aryaka Remote Network

Prisma Access provides logs and widgets that provide you with the status of remote tunnels and the status of each tunnel.
  • Go to
    Service Setup
    Remote Networks
    and check the
    of the tunnel.
  • Go to
    Log Viewer
    and check the
    logs for IPSec- and IKE-related messages.
    To view VPN-relates messages, set the filter to
    sub_type.value = vpn
    The message
    ignoring unauthenticated notify payload
    indicates that the route has not been added in the crypto map on the other side of the IPSec tunnel after the IPSec negotiation has already occurred.
  • Check the
    logs and view the messages that are coming from the zone that has the same name as the remote network.
    In the logs, the remote network name is used as the source zone.

Recommended For You