This FAQ is about the feature described here.
Is this feature available for Prisma Access and NGFW customers?
GlobalProtect App Log Collection is available for Prisma Access customers using 1.8 Plugin and above. It will be available soon for NGFW customers.
What platforms is this feature available for?
Windows, macOS, Linux, Android, and iOS.
Are there any OS specific limitations?
Navigate to the App Access Performance section in this document to view.
Is this feature enabled by default for all users?
Administrator has to enable this feature by setting “Enable App Log for Troubleshooting” to “Yes.” For a full list of prerequisites, visit here.
Can I enable this setting for a specific user group before doing a company-wide deployment?
Since this is available as a portal client app configuration, it can be applied to a user/user group allowing administrators to test with a small user group before attempting a company-wide deployment.
Do I have to download another certificate to secure communications between GlobalProtect on the endpoint and the Cortex Data Lake Instance?
Yes, administrators will be able to download the certificate using CLI in Prisma Access 1.8 Plugin. With Prisma Access 2.0 Innovation Plugin, administrators will be able to download the certificate using the Cloud Services plugin UI. For Prisma Access Tenants, the certificate will get downloaded to Mobile_User_Template and Location “Shared.” With NGFW deployments, admin can choose a template/template stack to download to, that the portal configuration is a part of.
Is there a diagram that explains how this works?
What do the logs contain? How different is it from the manual collection of logs?
Logs contain troubleshooting and diagnostics data improving the overall quality of information and presented in an easy-to-read format enhancing administrator’s ability to quickly troubleshoot connectivity, authentication, and performance issues. Troubleshooting logs contain information specific to portal and gateway connectivity, and the network state of the endpoint. Diagnostics data contains data related to the Endpoint State, Gateway Network Impairments, GlobalProtect App Health, and App Access Performance. It is worth noting that the debug log bundle (collected manually via Troubleshooting tab on GlobalProtect or via Explore App) will also contain troubleshooting and diagnostic logs.
What information do each of the above troubleshooting and diagnostics tests contain?
For a full list, navigate here.
Are the diagnostic tests done with/without GlobalProtect tunnel?
Yes, the Diagnostic Network Latency measurement tests are done once via GlobalProtect and once via physical adapter for administrators to compare and contrast what the latency measurements between endpoint and destination urls look like across the different interfaces.
Where are the logs sent?
Logs reported by end-users are sent to the customer’s Cortex Data Lake tenant and these logs are made available via the Explore App.
Can the GlobalProtect App Troubleshooting logs be forwarded from Cortex Data Lake?
Log-forwarding is currently not supported. Coming soon in a future release.