Prisma Access Insights
    : Manage GlobalProtect Mobile Users
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Access
    4. Prisma Access Insights
    5. Insights in Prisma Access
    6. Manage Mobile Users
    7. Manage GlobalProtect Mobile Users
    Download PDF

    Prisma Access Insights

    Manage GlobalProtect Mobile Users

    Table of Contents

    Manage GlobalProtect Mobile Users

    You can use the Mobile Users - GlobalProtect tab to manage and view data related to your mobile users that connect to Prisma Access through the GlobalProtect agent.
    You can use the Mobile Users - GlobalProtect tab to manage and view data related to your mobile users that connect to Prisma Access security services through the GlobalProtect agent on their devices.

    View the Health of Your GlobalProtect Mobile Users

    The Monitoring Summary tab gives you an overview of the health status of GlobalProtect Mobile Users logged into Prisma Access.

    Current Users

    Current displays the number of users connected to Prisma Access at the time the data was fetched or as indicated in the timestamp. A mobile user that connects to Prisma Access at least once in the past 90 days consumes an mobile user license. A mobile user license consumption considers only the unique username of the mobile user and not all of the devices that one user might have used to connect to Prisma Access.
    Select Connected Users to open the Current Connected Users window.
    Select any User to open the User Details Page and view that user’s statistics, including devices connected through Prisma Access locations, the user’s location, source IP address, device OS, GlobalProtect version on their device, and other details, and a table of all login events that occurred in the time interval selected on every device that the user has connected to Prisma Access.

    Mobile User License Consumption

    GlobalProtect License Consumption shows the total number of licenses consumed by unique mobile users that were connected to Prisma Access in the last 90 days, because licenses are based on the past 90 days of Prisma Access login data. A user who has logged in to Prisma Access at least once in the past 90 days contributes toward consumption of one Mobile User license.
    When you hover over the line chart, you’ll see the time stamp corresponding to the x-axis day reference with its license consumption figure, total licenses purchased for mobile users, license utilization as a percentage of the total licenses purchased, and the 90-day license computation time period used for determining the license consumption at the day referenced on the x-axis.
    You can view the mobile user license consumption trend, which is shown for the past 30 days regardless of the time filter you selected on the Monitoring Summary page. Hover over the line chart to display information on day referenced in the x-axis. Select the View Users button to open the Mobile Users License Consumption page and view data on users connected in the last 90 days. You can view the users list or export it in CSV format.
    Panorama Managed Prisma Access normalizes usernames to a single format to prevent the same mobile usernames (appearing in different formats) from being counted multiple times.
    For example, when users connect to a gateway, Panorama Managed Prisma Access can receive instances of the same username from the gateway in various formats, such as:
    • jane.doe@domain.com
    • domain\jane.doe
    • (null)\jane.doe@domain.com
    • jane.doe
    Before normalization, these instances of the same username are counted as individual users, causing the mobile user counts to be inflated incorrectly.
    After normalization, all usernames will be in the user.name@domain.com format, and the mobile user counts will accurately reflect the number of users who have connected to Panorama Managed Prisma Access within the last 90 days. If the username is already in the user.name@domain.com format, the username is not normalized.

    Top 5 Open Alerts by Severity

    By default, only the nodes with the top five most severe alerts during the Time Range selected appear. The vertical lines represent the severity of the alerts. Drilling down into an alert gives you more context of the underlying issue. These alerts cannot be cleared manually. They can be cleared only by resolving the underlying issue. View All Mobile User Alerts link takes you to the Alerts page, where you can filter the data displayed by Status and Use Case.
    When you drill down into an alert, the Alert Details page opens. This page displays the status and description of the alert along with other information, such as the Alert Generation Timestamp, alert status as to whether the alert is open, the alert type, Prisma Access location from where the alert was generated, and the name of the tenant that was affected. Select the name of the tenant to open the Prisma Access Location page for the tenant, which shows you the detailed tenant status.

    Top 5 Most Active Prisma Access Locations

    Use this bar graph to view the most active Prisma Access locations based on the number of connected users at that time. It shows you the top five sites based on users connected to a particular Prisma Access location. Hover over a bar to see the details of the number of Mobile Users that were logged in by region in the specified Time Range.

    GlobalProtect Version Distribution

    GlobalProtect Version Distribution shows the GlobalProtect versions that your users’ devices are using to connect to Prisma Access. The data displayed can be used to enforce compliance with the latest GlobalProtect app version. Select a GlobalProtect version in the trend chart to open the Mobile User List Page, where you can view connected users who have at least one device with the selected GlobalProtect version connected to Prisma Access.

    Current IP Pools Utilization

    Use the real-time bar graph to see IP pool utilization by different IP pool allocation theaters based on the number of connected users at that time. The IP pool utilization percentage on the bar graph is the number of IP pool blocks used out of all the IP pool blocks that are available across all the subnets. You can take proactive actions by adding subnets when you see an IP pool bar approaching the maximum capacity for any region.

    GlobalProtect Distribution Trend

    GlobalProtect Version Distribution provides the trend data shown here. Note that data on some of the less-used GlobalProtect versions may not appear on this trend chart.

    Map View of Mobile Users Connected to Prisma Access

    The Map View tab shows all the mobile users connected to Prisma Access locations on a map. You can clarify information using Prisma Access Location or Mobile User in the filter icon. Prisma Access Location allows you to select the locations you want to view, and User allows you to select any user to view details on their location and devices.
    The inverted triangles on the map are color-coded to indicate Prisma Access location status:
    • Green: If any one instance is up, the MU location is connected, or up.
    • Red: If all instances are Down, the MU connection is disconnected, or down
    • Gray: If instance states are a mixture of disconnected and unknown, the MU location is unknown.
    Use the Real Time option on the time selector to see users who are currently connected to Prisma Access locations.
    The default view for the map shows the states of all Prisma Access locations configured for the tenant. Slide the Show all users toggle at the top of the map view to see users or clusters of users who were connected to Prisma Access in the selected time interval, along with the Prisma Access locations. Select aPrisma Access location to show only the users who were connected to that particular Prisma Access location with at least one device.
    Select a cluster to see details about users in that area. When you select a user in that cluster, a side panel with login trend data about this user opens.
    Use the Map View Time Range selector to view users connected to Prisma Access at time intervals other than Real Time, such as Last 24 hours. Hover on a location in the map to see the name of the location and the number of users connected to that location in the selected time interval. Note that time range selections other than Real Time could show a user connected from the same device to different Prisma Access locations at different times during the interval, while in real time, a user would be connected to a single Prisma Access location with one device.
    To see all users connected to a specific Prisma Access location, select the location icon on the map. A flight path appears from the Prisma Access location you selected to all users who are connected to this location.
    Select any cluster of users connected to your location, and zoom in to view details about users within each cluster. Select any user to see data about the devices this user employed to connect to this location, as well as other devices that the user may have used to connect to other Prisma Access locations. You can slide the Show All Users toggle to see all connected users on the Mobile User map.
    Select a flight path to see details about the connected users. The flight path shown (see the red circle in the following image) has six users, and a side panel opens to show information about them. Select any one of these users to see their information, such as device ID, IP address, last user location, and last login time.

    Monitor Connected Mobile Users

    The Mobile Users List tab provides data on your users connected during the Time Range selected. The Devices of Connected Users page corresponds with the Mobile Users List page, providing details about your users’ connected devices.

    Connected Users

    The (Number of) Connected Users trend chart displays the count of mobile users who were connected to Prisma Access during the time interval selected on the page time selector. The y-axis value at any point along the trend line indicates the exact number of users corresponding to the x-axis time indicator.

    All Connected Mobile Users

    The (Number of) Connected Users table following the chart displays all the users who were connected to Prisma Access within the specified Time Range selected, which is 30 days in the following example.
    To view data about users connected at a specific time, select a point in the Connected Users trend chart. The Connected Users table filters on the data point that you select. The table shows the users who are connected at that time, along with the number of devices they have connected to Prisma Access, the last location from where the user was recorded connecting to Prisma Access, and the last Prisma Access location where the user was connected with any device. Because this image shows a Time Range selected of Last 30 Days, the specific point you selected shows the users connected during a 3-hour interval between 04 Sep. 2022 1:22:34pm through 04 Sep. 2022 4:22:33pm.

    User Details Page

    From the Connected Users table, select a connected User to open the User Details page to view information about that unique user. The Devices of Connected User chart shows the Prisma Access locations used and how many times the user connected to each location, from any of their devices. Breaks in the instances mean there were no devices connected at that time.
    The (Number of) Devices table shows details about each device connected to Prisma Access using GlobalProtect. The (Number of) User Login/Logout Events (All Devices) table shows the unique login events that occurred from all devices belonging to the user with the associated session statistics in the selected time interval.
    View an example of the User Details page below:
    Select a connected user’s Last Prisma Access Location Used to go to the Prisma Access page and view details about the user’sPrisma Access locations.

    View Data About All Connected Users’ Devices

    The User Details Page shows the data of all connected devices during the Time Range selected. The Mobile Users List page corresponds with the Devices of Connected Users page, providing details about your users rather than the users’ connected devices.

    Devices of Connected Users

    Devices of Connected Users shows all mobile devices that were connected to Prisma Access during the time interval selected on the page time selector. The trend line shows the connectivity in terms of device count as connected to Prisma Access at various times corresponding to the x-axis time indicators.

    Devices

    The (Number of) Devices table displays all the devices connected to Prisma Access within the specified Time Range selected, which is 30 days in the following example. You can see in the Devices table that each device has its own row of data, regardless of its user.
    To view data about devices connected at a specific time, select a point in the Devices of Connected Users trend chart. The Total Devices table filters on the data point that you select. Because this image shows a selected Time Range of Last 30 Days, the specific point you selected shows the devices connected during a 3-hour interval between 12 Sep. 2022 6:37:02pm through 12 Sep. 2022 9:37:01pm.
    Select a specific user to view the User Details Page page.
    Select a device’s user’s Last Prisma Access Location Used to go to the Prisma Access Locations page and view details about the user’s Prisma Access locations.

    © 2024 Palo Alto Networks, Inc. All rights reserved.