Monitor Zero Trust Sessions
Connection Events
After a Zero Trust Application Policy is deployed, new fields are available. To add the fields to the table view:
-
Choose Analysis > Connections > Events.
-
Go to the Table View of Connection Events tab.
-
In the table view of events, multiple fields are hidden by default. To change the fields that appear, click the x icon in any column name to display a field selector.
-
Choose the following fields:
-
Authentication Source
-
Zero Trust Application
-
Zero Trust Application Group
-
Zero Trust Application Policy
-
-
Click Apply.
See Connection and Security-Related Connection Events in the Secure Firewall Management Center Administration Guide for more information on the connection events.
Zero Trust Dashboard
The Zero Trust dashboard allows you to monitor real-time data from active zero trust sessions on the devices.
The Zero Trust dashboard provides a summary of the top zero trust applications and zero trust users that are managed by the management center. Choose Overview > Dashboards > Zero Trust to access the dashboard.
The dashboard has the following widgets:
-
Top Zero Trust Applications
-
Top Zero Trust Users
CLI Commands
Log in to the device CLI and use the following commands:
CLI Command |
Description |
---|---|
show running-config zero-trust |
To view the running configuration for a zero trust configuration |
show zero-trust |
To display the run-time zero trust statistics and session information |
show cluster zero-trust |
To display the summary of zero trust statistics across nodes in a cluster |
clear zero-trust |
To clear zero trust sessions and statistics |
show counters protocol zero_trust |
To view the counters that are hit for zero trust flow |
Diagnostics Tool
The diagnostics tool facilitates the troubleshooting process by detecting possible issues with zero trust configurations. The diagnostics can be classified into two types:
-
Application-specific diagnostics are used to detect issues such as:
-
DNS-related issues
-
Misconfigurations such as socket not open, and issues with classification and NAT rules.
-
Issues with deployment of zero trust policy or SSL rules
-
Issues with source NAT issues and exhaustion of PAT pool
-
-
General diagnostics are used to detect issues such as:
-
Strong cipher license not enabled
-
Invalid application certificate
-
SAML-related issues
-
Home agent and cluster bulk sync issues
-
To run the diagnostic tool:
-
Click Diagnostics () next to the zero trust application that you want to troubleshoot. The Diagnostics dialog box appears.
-
Choose the device from the Select Device drop-down list and click Run. A report is generated in the Reports tab after the diagnostic process is complete.
-
To view, copy, or download the logs, click the Logs tab.