: Troubleshoot Issues on SaaS Security Inline for Cloud Managed Prisma Access
Focus
Focus

Troubleshoot Issues on SaaS Security Inline for Cloud Managed Prisma Access

Table of Contents

Troubleshoot Issues on SaaS Security Inline for Cloud Managed Prisma Access

Learn how to troubleshoot issues on SaaS Security Inline for Cloud Managed Prisma Access, including onboarding and licensing failures.
As you use SaaS Security Inline, you might encounter errors. The most common errors are related to a missing license. Policy management is a team effort: to avoid these errors, it’s imperative that all Prisma Access administrators verify licensing before using SaaS Security Inline and configure and manage SaaS policy rule recommendations with guidelines in mind.
Symptom
Explanation
Solution
New recommendations aren’t displaying in Cloud Managed Prisma Access.
If the SaaS Security Inline license expires, the Prisma Access Cloud Management no longer pulls SaaS policy recommendations, so you cannot see new recommendations. However, SaaS policy recommendations that you already imported and applied as Security policy continue to work.
Renew your SaaS Security Inline license.
When your Web Security administrator attempts to import and commit a recommendation that uses a data profile, the operation fails with DLP profile is not a valid reference message.
The firewall must have an Enterprise DLP license to have a valid SaaS policy rule recommendation that uses data profiles—even if you have an Enterprise DLP license on another platform.
The SaaS Security Team recommends one of the following options:
  • Buy an Enterprise DLP license.
  • Remove the data profile from the SaaS policy rule recommendation.
.
You have automatic updates enabled and an update to an existing rule recommendation fails.
When an update fails, Cloud Managed Prisma Access retries every hour until the update succeeds. Such failures often correct themselves over the next polling cycle, when an ACE update occurs and new SaaS app signatures are made available to identify the SaaS apps identified in the rule recommendation.
Wait one hour, then click on the Last update failed link, and use the information provided to resolve the issue.