Monitor Prisma Access Hub Application and Link Performance
Table of Contents
2.2
Expand all | Collapse all
-
- Create a Link Tag
- Configure an SD-WAN Interface Profile
- Configure a Physical Ethernet Interface for SD-WAN
- Configure an Aggregate Ethernet Interface and Subinterfaces for SD-WAN
- Configure Layer 3 Subinterfaces for SD-WAN
- Configure a Virtual SD-WAN Interface
- Create a Default Route to the SD-WAN Interface
-
- Create a Path Quality Profile
-
- Create a SaaS Quality Profile
- Use Case: Configure SaaS Monitoring for a Branch Firewall
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to the Same SaaS Application Destination
- Use Case: Configure a Hub Firewall Failover for SaaS Monitoring from a Branch Firewall to a Different SaaS Application Destination
- SD-WAN Traffic Distribution Profiles
- Create a Traffic Distribution Profile
- Create an Error Correction Profile
- Configure an SD-WAN Policy Rule
- Allow Direct Internet Access Traffic Failover to MPLS Link
- Configure DIA AnyPath
- Distribute Unmatched Sessions
- Configure HA Devices for SD-WAN
- Create a VPN Cluster
- Create a Full Mesh VPN Cluster with DDNS Service
- Create a Static Route for SD-WAN
Monitor Prisma Access Hub Application and Link Performance
Monitor your Prisma Access Hub by viewing the health status of applications and
links.
Monitor the application and link performance for your Prisma Access Hub to troubleshoot
issues by viewing summary information across all VPN clusters and then successively
drilling down to isolate the issues to affected sites, applications, and links.
Visibility on SD-WAN traffic is shown on the Prisma Access deployment or SD-WAN
firewall receiving the traffic. For example, for traffic from the hub firewall to
the branch firewall, the SD-WAN monitoring data is reflected on the branch firewall.
The landing dashboard displays:
- App Performance
- Impacted—One or more applications in the VPN cluster for which none of the paths have jitter, latency, or packet loss performance that meet the specified thresholds in the Path Quality Profile in the list of paths from which the firewall can choose.
- OK—Number of VPN clusters, hubs, and branches that are experiencing no jitter, latency, or packet loss performance issues.
- Link Performance
- Error—One or more sites in the VPN cluster have connectivity issues such as when a tunnel or a virtual interface (VIF) is down.
- Warning—Number of VPN clusters, hubs, and branches that have links with jitter, latency, or packet loss performance measurements that exceed the moving seven-day average value of the metric.
- OK—Number of VPN clusters, hubs, and branches that are experiencing no jitter, latency, or packet loss performance issues.
From the landing dashboard, narrow
the view to impacted applications or links that have the Error or
Warning status. Then select an affected site to view site-level details.
From the site, view application-level or link-level details.
See Monitor SD-WAN Application and Link Performance to monitor
application and link performance across all your SD-WAN sites.
If
no data is present or the screen indicates that SD-WAN is undefined,
check in the Compatibility Matrix that
the Panorama release you are using supports the SD-WAN plugin release
you are trying to use.
- Log in to the Panorama Web Interface.
- Select PanoramaSD-WANMonitoring to view at-a-glance health status summaries of your VPN clusters, hubs, and branches.
- Filter the SD-WAN monitoring to display only your Prisma Access Hub-Spoke
VPN clusters.
- Click an App Performance or Link Performance summary that indicates Impacted, Error, or Warning counts to view a detailed list of sites and their status based on latency, jitter, and packet loss.
- In the VPN Cluster filter, select Prisma Access Hub-Spoke.
- Click a Site to view in-depth health details for the Prisma Access Hub.
- Review the Prisma Access Hub in-depth health details. The site data displays the Prisma Access Onboarding details, as well App Performance and Link Performance including the impacted applications.For SaaS applications over a Direct Internet Access (DIA) link, the SaaS Monitoring column indicates whether the app is created in a SaaS Quality profile and associated with one or more SD-WAN policy rules.
-
Disabled—The app is not a SaaS application configured in a SaaS Quality profile.
-
Enabled—The app is a SaaS application configured in a SaaS Quality profile and is associated with one or more SD-WAN policies.
If you associated an error correction profile with an SD-WAN policy rule for an application, the Error Correction Applied columns displays if and what type of error correction was applied. Additionally, you can view the Error Corrected Sessions/Impacted Sessions/Total Sessions to understand how many sessions were error corrected by the branch or hub firewall out of the total number of sessions for the specified timeframe.Click PDF/CSV to export the detailed health information for the applications and links in the Site in PDF or CSV format -
- Click an impacted application to view application-level
or link-level details.For example, view the link characteristics for an application to understand the latency, jitter and packet loss for the application over the specified link. Additionally, you can view when error correction was applied for the link.