1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access (Cloud Management)
    5. Third-Party SD-WAN Integration
    6. Aryaka SD-WAN Solution Guide
    7. Monitor and Troubleshoot the Aryaka Remote Network

    Monitor and Troubleshoot the Aryaka Remote Network

    The following sections show the tasks you perform to monitor traffic and troubleshoot issues for the remote network tunnel between the Aryaka SD-WAN and Prisma Access.

    Monitor Remote Network Traffic

    To monitor remote network tunnel traffic from the Aryaka SD-WAN, complete the following task.
    1. Click the
      Monitor
       tab, then select
      Cloud Security Connector Traffic
      .
    2. Pick a reference site, select a time, and click
      Apply
      .
      To zoom in any of these graphs, click a graph and drag the cursor.
      • The following information displays in the
        Internet Traffic
         graph:
        • Total Internet
          —All traffic forwarded to the internet.
        • Total Palo Alto
          —All internet traffic forwarded to Prisma Access.
        • Total Other
          —All traffic forwarded to internet that is not going to Prisma Access.
      • The
        Palo Alto Traffic
         graph shows traffic data (in Mbps) over IPSec tunnels to Prisma Access for the time period that you select. This graph shows traffic flow in both directions to Prisma Access.
      • The
        Palo Alto Received
         graph shows traffic received on the IPSec tunnels to Prisma Access. This graph shows all internet traffic inbound to the site from Prisma Access.
      • The
        Palo Alto Transmitted
         graph shows all traffic that is transmitted on IPSec tunnels to Prisma Access. This graph shows all traffic outbound to Prisma Access from the site.

    Troubleshoot the Aryaka Remote Network

    Prisma Access provides logs and widgets that provide you with the status of remote tunnels and the status of each tunnel.
    • Go to
      Manage
      Service Setup
      Remote Networks
       and check the
      Status
       of the tunnel.
    • Go to
      Activity
      Log Viewer
       and check the
      Common/System
       logs for IPSec- and IKE-related messages.
      To view VPN-relates messages, set the filter to
      sub_type.value = vpn
      .
      The message
      ignoring unauthenticated notify payload
       indicates that the route has not been added in the crypto map on the other side of the IPSec tunnel after the IPSec negotiation has already occurred.
    • Check the
      Firewall/Traffic
       logs and view the messages that are coming from the zone that has the same name as the remote network.
      In the logs, the remote network name is used as the source zone.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo