Secure Access Service Edge:Use the network diagnostics feature

Introduction to the network diagnostics feature

The network diagnostics feature for private access helps check whether your enterprise network is connected to the network of your office applications by using the Secure Access Service Edge (SASE) point of presence (POP) cluster, and provides link diagrams. If network issues occur, you can view the link diagrams and network issue descriptions to locate and troubleshoot the network issues.

You can perform end-to-end diagnostics or application diagnostics:

• End-to-end diagnostics: checks the network communications between the office terminals of users and the origin servers that house the office applications. This approach is applicable only when the SASE client is installed on the office terminals and logged on to. During the diagnostics process, connections are established by using the POPs in the SASE cluster.

  

• Application diagnostics: checks only the network communications between the POPs in the SASE cluster and the origin servers that house the office applications.

  

Prerequisites

• The version of the SASE client that is installed on the office terminals is V4.4.1 or later.

• The connection is enabled based on business requirements. For more information, see the following topics:

  • Business resources deployed in VPCs that are not connected to CEN

  • Business resources deployed in VPCs that are connected to CEN

  • Use a SASE connector

  • Use other Alibaba Cloud network instances

• Office applications that you want to manage are added to SASE. For more information, see Add an office application to SASE.

• A zero trust policy is configured. For more information, see Configure a zero trust policy.

Create a diagnostics task

1. Log on to the SASE console.

2. In the left-side navigation pane, choose Private Access > Network Diagnostics.

3. On the Network Diagnostics page, click Create Task. In the Create Diagnostics Task panel, configure parameters. The following table describes the parameters.

   Parameter	Description
   Task Type	The type of the diagnostics task. You can select a task type based your business requirements. Valid values: End-to-end Diagnostics: checks the network communications between the office terminals of users and the origin servers that house the office applications. Application Diagnostics: checks only the network communications between the POPs in the SASE cluster and the origin servers that house the office applications. If you select Application Diagnostics, the security baselines that are configured in the zero trust policy do not take effect during the diagnostics process
   Task Object	The diagnostics object, which includes users and applications. Specific device or User Group If you select End-to-end Diagnostics, the task object is a user. You must select a specific device for the user. If you select Application Diagnostics, you must select a user group because the application policy is delivered at the user group level. Application Protocol: TCP and UDP are available. Application Address If you set Application Protocol to UDP, you must specify the IP address and port number of the application and can configure Probe Request and Response to verify that your data packets are sent to the origin servers and obtain the configured response from the origin servers. If you do not configure Probe Request, SASE automatically sends the preset request. If you do not configure Response, any response is accepted.
   Access Point	The POP in the SASE cluster. We recommend that you select a POP that is nearest to the origin servers or business servers to reduce network latency. If you select End-to-end Diagnostics, the default value Automatic Selection is available. If you select Application Diagnostics, you must select a POP from the drop-down list.

4. Click OK. After the network diagnostics task is created, the system automatically runs the task.

View the diagnostics results

1. After the task is complete, find the task that you want to manage and click View in the Actions column to view the network diagnostics results.

   

2. If the connection is abnormal, view the link diagrams and network issue descriptions to locate and troubleshoot the network issues.

   

3. After the issues are resolved, click Retry in the Actions column to execute the task again.

Delete the diagnostics task

If you no longer need the diagnostics task, find the task and click Delete in the Actions column.