ACC (Application Command Center) Tab:

o PA Firewalls offer interactive graphical summary of applications, URLs, users and threats.
o PA Firewalls also offer interactive graphical summary of content traversing the network.
o The ACC tab makes use of the firewall logs to provide the visibility of the traffic patterns.
o Also, Info on threats, user activity, Rule usage & many other information graphical form.
o ACC includes predefined tabs for viewing network activity, threat activity & blocked activity.
o Application Command Center displays an overview of traffic & user activity on the network.

Local Filters:
o In Palo Alto Network Firewall Local filters are applied on a specific widget only.
o In PA Firewall Local filter allows to interact with graph and customize the display.
o Can dig into details & access information you want to monitor on a specific widget.
o Apply a widget or Local filter, which is a filter that is local to a specific widget only.
o To create widget filter that is persistent across reboots, use Set Local Filter option.
o Set Filter allows you to set a local filter that is persistent across the reboots of PA.

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Global Filters:
o In PA Firewall Global filters are applied across the ACC (Application Command Center).
o In PA Firewall the Global Filters allow you to set the filter across all widgets and all tabs.
o A Global filter allows you to pivot display around the details you care about right now.
o In PA Firewall Global Filter exclude the unrelated information from the current display.
o For example, suppose want to view all events related to a specific user and application.
o Apply user’s IP address & application as a global filter & view only related information.
o Relating to that user and application through all the tabs and widgets on the ACC tab.
o In PA Firewall, Global filters are not persistent across reboots like widget or local filter.

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

ACC Overview:

1 Tabs The ACC includes predefined tabs that provide visibility into network
traffic, threat activity, blocked activity and tunnel activity.
2 Widgets Each tab includes a default set of widgets that best represent the events
and trends associated with the tab.
3 Time The charts and graphs in each widget provide a real-time and historic
view. You can choose a custom range or use the predefined time periods
that range from the last 15 minutes up to the last 30 days or last 30
calendar days.
4 Global The global filters allow you to set the filter across all tabs. The charts and
Filters graphs apply the selected filters before rendering the data.
5 Application The application view allows you filter the ACC view by either the
View sanctioned and unsanctioned applications in use on your network or by
the risk level of the applications in use on your network. Green indicates
sanctioned applications, blue unsanctioned applications, and yellow
indicates applications that have different sanctioned state across
different virtual systems or device groups.
6 Risk Meter The risk meter (1=lowest to 5=highest) indicates the relative security risk
on your network.
7 Export You can export the widgets displayed in the current tab as a PDF.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

ACC Tabs:
Network Activity:
o The Network Activity displays an overview of traffic and user activity on your network.
o This tab focuses on the top applications being used, the top users who generate traffic.
o Drill down into bytes, content, threats or URLs accessed by user & most used security rules.
o Can also view the network activity by source or destination zone, region, or IP address.
o By ingress or egress interfaces & by host information such as operating systems of devices.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Threat Activity:
o In PA Firewall the Threat activity tab, displays overview of the threats on the network.
o Focuses on top threats, vulnerabilities, spyware, viruses & hosts visiting malicious domains.
o Or URLs, top WF submissions by file type and apps and applications use non-standard ports.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Blocked Activity:
o PA Firewall, this Tab focuses on traffic that was prevented from coming into the network.
o The widgets in this tab allow you to view activity denied by application name, username.
o Threat name, content and the top security rules with a deny action that blocked traffic.

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Tunnel Activity:
o Displays activity of tunnel traffic that firewall inspected based on tunnel inspection policies.
o Info includes the tunnel usage based on tunnel ID, monitor tag, user, and tunnel protocols.
o Tunnel Activity includes Tunnel ID usage, Tunnel Monitor Tag Usage & Application usage.
o Its also Tunneled user Activity, Tunnel Source IP Activity & Tunnel Destination IP activity.

7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

The ACC runs reports against aggregated data from all the sessions, threats, URLs, WildFire
events, data logs, and file logs.

8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Pencil option to edit the tab and + To Add an Activity tab.

Auto Refresh check box, Manual Refresh option, Help button and Risk-O-Meter

Time frame dropdown, Global Filters that will affect all the graphs in the ACC tab. This whole
section is collapsible, if you click on the small arrow pointing left.

9 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Click the pencil option to edit the Network Activity tab; you see an Edit Custom Tab pop-up that
shows widgets in the workspace.

If you would like to add a new section and more widgets, click Add Widget Group.

10 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

If you want to add any widgets to the new group you just added, click Add Widget.

11 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

If you move or change anything accidentally, and want to reset default view, click Reset View in
the upper right pop-up window.

Maximize and View more data — Creates a popup window that fills the screen and does not
display any graphs, only text. The option also expands the number of lines that are displayed.

Set local filters—This popup window allows you to create a new filter for this widget. Select
Apply to display the filter.

12 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

If click on a graph or on the text below, it will drill down & add that information to local filter.
To remove the filter, click the "X" to the left of the filter name. You also can add this to the
global filter by clicking the "<-|" to the right of the filter. Will also see this same symbol "<-|"
when hovering over any text that is clickable.

Another nice feature on any of the values displayed, a dropdown arrow provides even more
options. Depending on what you are looking at, you will have different options.

if you hover over an application, and select the dropdown, you will see. Global Find — Displays
a Search window in the upper right corner of the WebGUI and displays search results.

13 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Value — Displays value information about the application.

If you are looking at IP-related data, you will have other options.

14 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Global Find:
Displays a Search window in the upper right corner of the WebGUI and displays search results.

Who Is:
Pulls up a new browser window to Network Solutions and shows the "Who Is" record of this IP.

Search HIP Report:

Allows you to search through the Host Information Profile on this IP to correlate the data with a
possible GlobalProtect user.

Promote as Address:
By Clicking Promote as Address will immediately promote the item as a global filter.

15 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Maximize Widget Icon: Clicking on the icon with the diagonal arrow maximizes the view of the
current widget and shows more detailed data.

Custom Filter” Icon: Click on the icon with the funnel to create a custom filter that will remain
active even when all Global Filters get deleted.

“Jump to Log” Icon: Click on the icon with the bulleted list to jump to the log data associated
with the particular widget.

“Print/Export” Icon: Click on this icon to export or print a particular widget. In most cases, data
will be exported as a PDF. From the maximized view, you can also export data as a CSV file.

In the top right of each widget there are different graph types you can select for each widget.
The available graph types vary by widget. Click on the icon that displays the desired graph type
and the widget will automatically display the selected graph.

16 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717