01-04-2023 04:21 AM
Hi all,
I have a prisma sase instance, which i tried to connect via a service connection to our azure cloud tenant. We do so in conjunction with setting up global protect as our always on vpn so that users will be able to access azure/365 resources via the prisma.
Currently our tunnel is down(dosent impact users since we are still using the old vpn we have) and i cant for the life of me find the reason for it being down. documentation didn't offer help.
any help will bee appreciated, and tell me if i need to share more information.
01-07-2023 09:23 AM - edited 01-09-2023 09:35 AM
You just need to be the Responder in a VPN tunnel to see more details as Prisma Access by default is the Responder ( you can see my article https://live.paloaltonetworks.com/t5/general-articles/prisma-access-sase-extra-security-tips-and-fea... ) just check on Panorama the System logs in the GUI that Prisma Access sends to Panorama or the Cloud GUI (if you are using prisma access without Panorama).
The only thing you can't when Prisma Access is the responder is to enable ike debug as this posssible for on-prem firewalll when they are the responder:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClivCAC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcKCAS
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PORsCAO
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
