Widget Descriptions
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 10.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- Cloud Management of NGFWs
-
- Management Interfaces
-
- Launch the Web Interface
- Configure Banners, Message of the Day, and Logos
- Use the Administrator Login Activity Indicators to Detect Account Misuse
- Manage and Monitor Administrative Tasks
- Commit, Validate, and Preview Firewall Configuration Changes
- Export Configuration Table Data
- Use Global Find to Search the Firewall or Panorama Management Server
- Manage Locks for Restricting Configuration Changes
-
-
- Define Access to the Web Interface Tabs
- Provide Granular Access to the Monitor Tab
- Provide Granular Access to the Policy Tab
- Provide Granular Access to the Objects Tab
- Provide Granular Access to the Network Tab
- Provide Granular Access to the Device Tab
- Define User Privacy Settings in the Admin Role Profile
- Restrict Administrator Access to Commit and Validate Functions
- Provide Granular Access to Global Settings
- Provide Granular Access to the Panorama Tab
- Provide Granular Access to Operations Settings
- Panorama Web Interface Access Privileges
-
- Reset the Firewall to Factory Default Settings
-
- Plan Your Authentication Deployment
- Configure SAML Authentication
- Configure Kerberos Single Sign-On
- Configure Kerberos Server Authentication
- Configure TACACS+ Authentication
- Configure RADIUS Authentication
- Configure LDAP Authentication
- Configure Local Database Authentication
- Configure an Authentication Profile and Sequence
- Test Authentication Server Connectivity
- Troubleshoot Authentication Issues
-
- Keys and Certificates
- Default Trusted Certificate Authorities (CAs)
- Certificate Deployment
- Configure the Master Key
- Export a Certificate and Private Key
- Configure a Certificate Profile
- Configure an SSL/TLS Service Profile
- Configure an SSH Service Profile
- Replace the Certificate for Inbound Management Traffic
- Configure the Key Size for SSL Forward Proxy Server Certificates
-
- HA Overview
-
- Prerequisites for Active/Active HA
- Configure Active/Active HA
-
- Use Case: Configure Active/Active HA with Route-Based Redundancy
- Use Case: Configure Active/Active HA with Floating IP Addresses
- Use Case: Configure Active/Active HA with ARP Load-Sharing
- Use Case: Configure Active/Active HA with Floating IP Address Bound to Active-Primary Firewall
- Use Case: Configure Active/Active HA with Source DIPP NAT Using Floating IP Addresses
- Use Case: Configure Separate Source NAT IP Address Pools for Active/Active HA Firewalls
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT
- Use Case: Configure Active/Active HA for ARP Load-Sharing with Destination NAT in Layer 3
- HA Clustering Overview
- HA Clustering Best Practices and Provisioning
- Configure HA Clustering
- Refresh HA1 SSH Keys and Configure Key Options
- HA Firewall States
-
- Use the Dashboard
- Monitor Applications and Threats
- Monitor Block List
-
- Report Types
- View Reports
- Configure the Expiration Period and Run Time for Reports
- Disable Predefined Reports
- Custom Reports
- Generate Custom Reports
- Generate the SaaS Application Usage Report
- Manage PDF Summary Reports
- Generate User/Group Activity Reports
- Manage Report Groups
- Schedule Reports for Email Delivery
- Manage Report Storage Capacity
- View Policy Rule Usage
- Use External Services for Monitoring
- Configure Log Forwarding
- Configure Email Alerts
-
- Configure Syslog Monitoring
-
- Traffic Log Fields
- Threat Log Fields
- URL Filtering Log Fields
- Data Filtering Log Fields
- HIP Match Log Fields
- GlobalProtect Log Fields
- IP-Tag Log Fields
- User-ID Log Fields
- Decryption Log Fields
- Tunnel Inspection Log Fields
- SCTP Log Fields
- Authentication Log Fields
- Config Log Fields
- System Log Fields
- Correlated Events Log Fields
- GTP Log Fields
- Syslog Severity
- Custom Log/Event Format
- Escape Sequences
- Forward Logs to an HTTP/S Destination
- Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
- Monitor Transceivers
-
- User-ID Overview
- Enable User-ID
- Map Users to Groups
- Enable User- and Group-Based Policy
- Enable Policy for Users with Multiple Accounts
- Verify the User-ID Configuration
-
- App-ID Overview
- App-ID and HTTP/2 Inspection
- Manage Custom or Unknown Applications
- Safely Enable Applications on Default Ports
- Applications with Implicit Support
- Application Level Gateways
- Disable the SIP Application-level Gateway (ALG)
- Maintain Custom Timeouts for Data Center Applications
-
- Best Practices for Securing Your Network from Layer 4 and Layer 7 Evasions
- Set Up Antivirus, Anti-Spyware, and Vulnerability Protection
- Set Up File Blocking
- Prevent Brute Force Attacks
- Customize the Action and Trigger Conditions for a Brute Force Signature
- Enable Evasion Signatures
- Monitor Blocked IP Addresses
- Threat Signature Categories
- Create Threat Exceptions
- Custom Signatures
- Share Threat Intelligence with Palo Alto Networks
- Threat Prevention Resources
-
- Decryption Overview
-
- Keys and Certificates for Decryption Policies
- SSL Forward Proxy
- SSL Forward Proxy Decryption Profile
- SSL Inbound Inspection
- SSL Inbound Inspection Decryption Profile
- SSL Protocol Settings Decryption Profile
- SSH Proxy
- SSH Proxy Decryption Profile
- Profile for No Decryption
- SSL Decryption for Elliptical Curve Cryptography (ECC) Certificates
- Perfect Forward Secrecy (PFS) Support for SSL Decryption
- SSL Decryption and Subject Alternative Names (SANs)
- TLSv1.3 Decryption
- High Availability Support for Decrypted Sessions
- Decryption Mirroring
- Configure SSL Forward Proxy
- Configure SSL Inbound Inspection
- Configure SSH Proxy
- Configure Server Certificate Verification for Undecrypted Traffic
- Enable Users to Opt Out of SSL Decryption
- Temporarily Disable SSL Decryption
- Configure Decryption Port Mirroring
- Verify Decryption
-
- How Decryption Broker Works
- Layer 3 Security Chain Guidelines
- Configure Decryption Broker with One or More Layer 3 Security Chain
- Transparent Bridge Security Chain Guidelines
- Configure Decryption Broker with a Single Transparent Bridge Security Chain
- Configure Decryption Broker with Multiple Transparent Bridge Security Chains
- Activate Free Licenses for Decryption Features
-
- About Palo Alto Networks URL Filtering Solution
- How Advanced URL Filtering Works
- URL Filtering Inline ML
- URL Filtering Use Cases
- Plan Your URL Filtering Deployment
- URL Filtering Best Practices
- Activate The Advanced URL Filtering Subscription
- Test URL Filtering Configuration
- Configure URL Filtering
- Configure URL Filtering Inline ML
- Log Only the Page a User Visits
- Create a Custom URL Category
- URL Category Exceptions
- Use an External Dynamic List in a URL Filtering Profile
- Allow Password Access to Certain Sites
- URL Filtering Response Pages
- Customize the URL Filtering Response Pages
- HTTP Header Logging
- Request to Change the Category for a URL
-
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
- Virtual Routers
- Service Routes
- RIP
- Route Redistribution
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
- Dynamic DNS Overview
- Configure Dynamic DNS for Firewall Interfaces
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
-
- Policy Types
- Policy Objects
- Track Rules Within a Rulebase
- Enforce Policy Rule Description, Tag, and Audit Comment
- Move or Clone a Policy Rule or Object to a Different Virtual System
-
- External Dynamic List
- Built-in External Dynamic Lists
- Configure the Firewall to Access an External Dynamic List
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Exclude Entries from an External Dynamic List
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Register IP Addresses and Tags Dynamically
- Use Dynamic User Groups in Policy
- Use Auto-Tagging to Automate Security Actions
- CLI Commands for Dynamic IP Addresses and Tags
- Test Policy Rules
-
- Network Segmentation Using Zones
- How Do Zones Protect the Network?
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
End-of-Life (EoL)
Widget Descriptions
Each tab on the ACC includes a different set of widgets.
Widget | Description |
---|---|
Network Activity—Displays
an overview of traffic and user activity on your network. | |
Application Usage | The table displays the top ten applications
used on your network, all the remaining applications used on the
network are aggregated and displayed as other. The graph displays
all applications by application category, sub category, and application.
Use this widget to scan for applications being used on the network,
it informs you about the predominant applications using bandwidth,
session count, file transfers, triggering the most threats, and
accessing URLs. Sort attributes: bytes, sessions, threats,
content, URLs Charts available: treemap, area, column, line
(the charts vary by the sort by attribute selected) |
User Activity | Displays the top ten most active users on
the network who have generated the largest volume of traffic and
consumed network resources to obtain content. Use this widget to
monitor top users on usage sorted on bytes, sessions, threats, content
(files and patterns), and URLs visited. Sort attributes: bytes,
sessions, threats, content, URLs Charts available: area, column,
line (the charts vary by the sort by attribute selected) |
Source IP Activity | Displays the top ten IP addresses or hostnames
of the devices that have initiated activity on the network. All
other devices are aggregated and displayed as other. Sort
attributes: bytes, sessions, threats, content, URLs Charts
available: area, column, line (the charts vary by the sort by attribute
selected) |
Destination IP Activity | Displays the IP addresses or hostnames of
the top ten destinations that were accessed by users on the network. Sort
attributes: bytes, sessions, threats, content, URLs Charts
available: area, column, line (the charts vary by the sort by attribute
selected) |
Source Regions | Displays the top ten regions (built-in or
custom defined regions) around the world from where users initiated
activity on your network. Sort attributes: bytes, sessions,
threats, content, URLs Charts available: map, bar |
Destination Regions | Displays the top ten destination regions
(built-in or custom defined regions) on the world map from where
content is being accessed by users on the network. Sort attributes:
bytes, sessions, threats, content, URLs Charts available:
map, bar |
HIP Information | Displays information on the state of the hosts
on which the GlobalProtect agent is running; the host system is
a GlobalProtect endpoint. This information is sourced from entries
in the HIP match log that are generated when the data submitted
by the GlobalProtect app matches a HIP object or a HIP profile you
have defined on the firewall. If you do not have HIP Match logs,
this widget is blank. To learn how to create HIP objects and HIP
profiles and use them as policy match criteria, see Configure HIP-Based Policy Enforcement. Sort
attributes: profiles, objects, operating systems Charts available:
bar |
Rule Usage | Displays the top ten rules that have allowed
the most traffic on the network. Use this widget to view the most
commonly used rules, monitor the usage patterns, and to assess whether
the rules are effective in securing your network. Sort attributes:
bytes, sessions, threats, content, URLs Charts available:
line |
Ingress Interfaces | Displays the firewall interfaces that are
most used for allowing traffic into the network. Sort attributes:
bytes, bytes sent, bytes received Charts available: line |
Egress Interfaces | Displays the firewall interfaces that are
most used by traffic exiting the network. Sort attributes:
bytes, bytes sent, bytes received Charts available: line |
Source Zones | Displays the zones that are most used for
allowing traffic into the network. Sort attributes: bytes,
sessions, threats, content, URLs Charts available: line |
Destination Zones | Displays the zones that are most used by
traffic going outside the network. Sort attributes: bytes,
sessions, threats, content, URLs Charts available: line |
Threat Activity—Displays
an overview of the threats on the network | |
Compromised Hosts | Displays the hosts that are likely compromised
on your network. This widget summarizes the events from the correlation
logs. For each source user/IP address, it includes the correlation
object that triggered the match and the match count, which is aggregated
from the match evidence collated in the correlated events logs.
For details see Use the Automated Correlation Engine. Available
on the PA-5200 Series, PA-7000 Series, and Panorama. Sort
attributes: severity (by default) |
Hosts Visiting Malicious URLs | Displays the frequency with which hosts
(IP address/hostnames) on your network have accessed malicious URLs.
These URLs are known to be malware based on categorization in PAN-DB. Sort
attributes: count Charts available: line |
Hosts Resolving Malicious Domains | Displays the top hosts matching DNS signatures;
hosts on the network that are attempting to resolve the hostname
or domain of a malicious URL. This information is gathered from
an analysis of the DNS activity on your network. It utilizes passive
DNS monitoring, DNS traffic generated on the network, activity seen
in the sandbox if you have configured DNS sinkhole on the firewall,
and DNS reports on malicious DNS sources that are available to Palo
Alto Networks customers. Sort attributes: count Charts
available: line |
Threat Activity | Displays the threats seen on your network.
This information is based on signature matches in Antivirus, Anti-Spyware,
and Vulnerability Protection profiles and viruses reported by WildFire. Sort
attributes: threats Charts available: bar, area, column |
WildFire Activity by Application | Displays the applications that generated
the most WildFire submissions. This widget uses the malicious and
benign verdict from the WildFire Submissions log. Sort attributes:
malicious, benign Charts available: bar, line |
WildFire Activity by File Type | Displays the threat vector by file type.
This widget displays the file types that generated the most WildFire
submissions and uses the malicious and benign verdict from the WildFire
Submissions log. If this data is unavailable, the widget is empty. Sort
attributes: malicious, benign Charts available: bar, line |
Applications using Non Standard Ports | Displays the applications that are entering
your network on non-standard ports. If you have migrated your firewall
rules from a port-based firewall, use this information to craft
policy rules that allow traffic only on the default port for the
application. Where needed, make an exception to allow traffic on
a non-standard port or create a custom application. Sort attributes:
bytes, sessions, threats, content, URLs Charts available:
treemap, line |
Rules Allowing Applications On
Non Standard Ports | Displays the security policy rules that
allow applications on non-default ports. The graph displays all
the rules, while the table displays the top ten rules and aggregates
the data from the remaining rules as other. This information
helps you identify gaps in network security by allowing you to assess
whether an application is hopping ports or sneaking into your network.
For example, you can validate whether you have a rule that allows
traffic on any port except the default port for the application.
Say for example, you have a rule that allow DNS traffic on its application-default port
(port 53 is the standard port for DNS). This widget will display
any rule that allows DNS traffic into your network on any port except
port 53. Sort attributes: bytes, sessions, threats, content,
URLs Charts available: treemap, line |
Blocked Activity—Focuses
on traffic that was prevented from coming into the network | |
Blocked Application Activity | Displays the applications that were denied
on your network, and allows you to view the threats, content, and
URLs that you kept out of your network. Sort attributes: threats,
content, URLs Charts available: treemap, area, column |
Blocked User Activity | Displays user requests that were blocked
by a match on an Antivirus, Anti-spyware, File Blocking or URL Filtering
profile attached to Security policy rule. Sort attributes:
threats, content, URLs Charts available: bar, area, column |
Blocked Threats | Displays the threats that were successfully
denied on your network. These threats were matched on antivirus
signatures, vulnerability signatures, and DNS signatures available
through the dynamic content updates on the firewall. Sort
attributes: threats Charts available: bar, area, column |
Blocked Content | Displays the files and data that was blocked
from entering the network. The content was blocked because security
policy denied access based on criteria defined in a File Blocking
security profile or a Data Filtering security profile. Sort
attributes: files, data Charts available: bar, area, column |
Security Policies Blocking Activity | Displays the security policy rules that
blocked or restricted traffic into your network. Because this widget displays
the threats, content, and URLs that were denied access into your
network, you can use it to assess the effectiveness of your policy
rules. This widget does not display traffic that blocked because
of deny rules that you have defined in policy. Sort attributes:
threats, content, URLs Charts available: bar, area, column |
GlobalProtect Activity—Displays
information of user activity in your GlobalProtect deployment. | |
Successful GlobalProtect Connection Activity | Displays a chart view of GlobalProtect connection
activity over the selected time period. Use the toggle at the top
of the chart to switch between connection statistics by users, portals
and gateways, and location. Sort attributes: users, portals/gateways,
location Charts available: bar, line |
Unsuccessful GlobalProtect Connection Activity | Displays a chart view of unsuccessful GlobalProtect
connection activity over the selected time period. Use the toggle
at the top of the chart to switch between connection statistics
by users, portals and gateways, and location. To help you identify
and troubleshoot connection issues, you can also view the reasons
chart or graph. For this chart, the ACC indicates the error, source
user, public IP address and other information to help you identify
and resolve the issue quickly. Sort attributes: users, portals/gateways,
reasons, location Charts available: bar, line |
GlobalProtect Deployment Activity | Displays a chart view summary of your deployment.
Use the toggle at the top of the chart to view the distribution
of users by authentication method, GlobalProtect app version, and
operating system version. Sort attributes: auth method, globalprotect
app version, os Charts available: bar, line |
GlobalProtect Quarantine Activity | Displays a chart view summary of devices
that have been quarantined. Use the toggle at the top of the chart
to view the quarantined devices by the actions that caused GlobalProtect
to quarantine the device, the reason GlobalProtect quarantined the
device, and the location of the quarantined devices. Sort
attributes: actions, reason, location Charts available: bar,
line |
SSL Activity—Displays
information about SSL/TLS activity in your network. | |
Traffic Activity | Shows SSL/TLS activity compared to non-SSL/TLS
activity by total number of sessions or bytes. |
SSL/TLS Activity | Shows successful TLS connections by TLS
version and application or SNI. This widget helps you understand
how much risk you are taking on by allowing weaker TLS protocol
versions. Identifying applications and SNIs that use weak protocols
enables you to evaluate each one and decide whether you need to
allow access to it for business reasons. If you don’t need the application
for business purposes, you may want to block the traffic instead
of allowing it. Click an application or an SNI to drill down and
see detailed information. |
Decryption Failure Reasons | Shows the reasons for decryption failures,
such as certificate or protocol issues, by SNI. Use this information
to detect problems caused by Decryption policy or profile misconfiguration
or by traffic that uses weak protocols or algorithms. Click a failure
reason to drill down and isolate the number of sessions per SNI
or click an SNI to see the failures for that SNI. |
Successful TLS Version Activity | Shows the amount of decrypted and non-decrypted
traffic by sessions or bytes. Traffic that was not decrypted may
be excepted from decryption by policy, policy misconfiguration,
or by being on the Decryption Exclusion List (DeviceCertificate ManagementSSL Decryption Exclusion). |
Successful Key Exchange Activity | Shows successful key exchange activity per
algorithm, by application or by SNI. Click a key exchange algorithm
to see the activity for just that algorithm or click an application
or SNI to view the key exchange activity for that application or
SNI. |