Monitor Zero Trust Sessions

Connection Events

After a Zero Trust Application Policy is deployed, new fields are available. To add the fields to the table view:

  1. Choose Analysis > Connections > Events.

  2. Go to the Table View of Connection Events tab.

  3. In the table view of events, multiple fields are hidden by default. To change the fields that appear, click the x icon in any column name to display a field selector.

  4. Choose the following fields:

    • Authentication Source

    • Zero Trust Application

    • Zero Trust Application Group

    • Zero Trust Application Policy

  5. Click Apply.

See Connection and Security-Related Connection Events in the Secure Firewall Management Center Administration Guide for more information on the connection events.

Zero Trust Dashboard

The Zero Trust dashboard allows you to monitor real-time data from active zero trust sessions on the devices.

The Zero Trust dashboard provides a summary of the top zero trust applications and zero trust users that are managed by the management center. Choose Overview > Dashboards > Zero Trust to access the dashboard.

The dashboard has the following widgets:

  • Top Zero Trust Applications

  • Top Zero Trust Users

CLI Commands

Log in to the device CLI and use the following commands:

CLI Command

Description

show running-config zero-trust

To view the running configuration for a zero trust configuration

show zero-trust

To display the run-time zero trust statistics and session information

show cluster zero-trust

To display the summary of zero trust statistics across nodes in a cluster

clear zero-trust

To clear zero trust sessions and statistics

show counters protocol zero_trust

To view the counters that are hit for zero trust flow

Diagnostics Tool

The diagnostics tool facilitates the troubleshooting process by detecting possible issues with zero trust configurations. The diagnostics can be classified into two types:

  • Application-specific diagnostics are used to detect issues such as:

    • DNS-related issues

    • Misconfigurations such as socket not open, and issues with classification and NAT rules.

    • Issues with deployment of zero trust policy or SSL rules

    • Issues with source NAT issues and exhaustion of PAT pool

  • General diagnostics are used to detect issues such as:

    • Strong cipher license not enabled

    • Invalid application certificate

    • SAML-related issues

    • Home agent and cluster bulk sync issues

To run the diagnostic tool:

  1. Click Diagnostics () next to the zero trust application that you want to troubleshoot. The Diagnostics dialog box appears.

  2. Choose the device from the Select Device drop-down list and click Run. A report is generated in the Reports tab after the diagnostic process is complete.

  3. To view, copy, or download the logs, click the Logs tab.