Ad – Purchase on Amazon
Palo Alto Networks (PAN) firewalls Application Command Center (ACC) page visually depicts trends and a historic view of traffic on your network. The multiple tabs in ACC can provide in-depth and helpful information on network traffic, risk levels, and the number of threats detected, to name a few.
Although the Network Activity tab provides network traffic info, it does not provide a complete view (this can be debated). Over the years, and many times, I’ve had a need or request to check the complete path of Source and Destination traffic. This info is especially helpful during an issue, such as an excessive amount of traffic between two hosts.
A quick view of the Source and Destination is necessary during an event. The default Network Activity tab has useful information but not what I found useful during an event or researching traffic paths. To resolve this, I created a custom ACC tab with the following widgets:
- Ingress Interfaces
- Egress Interfaces
- Source IP Activity
- Destination IP Activity
- Source Zones
- Destination Zones
Custom ACC Tab
My custom ACC tab is one that I exported for import to other firewalls. The export is a txt file and is convenient for importing or sharing with others. The tab includes the widgets above and provides a complete path. The Application Usage widget can be added to include the application(s) seen.
For the most part, the six widgets above are enough of a start to have a complete view of the source and destination hosts from the firewall’s perspective.
Here is the custom ACC tab that I want to share. To download, right-click on the link and select “Save Link As.”
https://packetpassers.com/wp-content/uploads/2023/01/Srce-Dest.txt
Import a Custom ACC Tab
To import a custom ACC tab or the one downloaded above, follow these instructions.
In ACC, click the plus at the end of the tabs.
Click the Import button in the Add Custom Tab window.
In the Import Tab window, give the tab a name and select the file with the custom (or exported) tab. Then click OK.
Now the new tab is at the end of the existing tabs.
Set a Custom or Other Tab as Default
If you want to set this new tab or another as the default tab, you can follow these steps. Setting it as default moves it to the start of the tabs and will open by default. This will happen even if another tab is created or until another tab is made default.
On the tab, you want to make default, click the edit icon (pencil).
In the Edit Custom Tab window, click the pin icon. This makes this tab the default.
The tab is at the start of the tabs and opens by default.
Conclusion
The ACC tabs can provide a wealth of information. They should be used especially with the ability to customize for the needs of security, traffic, activity, or your needs.
For now, a custom tab has to be exported and then imported to share with others who have management accounts on the same firewall. The following link is about a feature request to be able to share a custom tab on the same firewall without having to export.
https://live.paloaltonetworks.com/t5/general-topics/publish-custom-acc-tabs/td-p/343964
References:
How to use the ACC:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClcvCAC
Working with Tabs & Widgets:
Copyright © Packet Passers 2024