The ACC includes the following predefined tabs for viewing network activity, threat activity, and blocked activity.
Displays an overview of traffic and user activity on your network including:
In addition, you can also view network activity by source or destination zone, region, or IP address, ingress or egress interfaces, and GlobalProtect host information such as the operating systems of the devices most commonly used on the network.
Displays an overview of the threats on the network, focusing on the top threats: vulnerabilities, spyware, viruses, hosts visiting malicious domains or URLs, top WildFire submissions by file type and application, and applications that use non-standard ports. The Compromised Hosts widget in this tab (the widget is supported on some platforms only), supplements detection with better visualization techniques; it uses the information from the correlated events tab (
) to present an aggregated view of compromised hosts on your network by source users/IP addresses and sorted by severity.
Automated Correlation Engine
Focuses on traffic that was prevented from coming into the network. The widgets in this tab allow you to view activity denied by application name, username, threat name, blocked content—files and data that were blocked by a file blocking profile. It also lists the top security rules that were matched on to block threats, content, and URLs.
Displays the activity of tunnel traffic that the firewall inspected based on your tunnel inspection policies. Information includes tunnel usage based on tunnel ID, monitor tag, user, and tunnel protocols such as Generic Routing Encapsulation (GRE), General Packet Radio Service (GPRS) Tunneling Protocol for User Data (GTP-U), and non-encrypted IPSec.
Displays an overview of user activity in your GlobalProtect deployment. Information includes the number of users and number of times users connected, the gateways to which users connected, the number of connection failures and the failure reason, a summary of authentication methods and GlobalProtect app versions used, and the number of endpoints that are quarantined.
In addition, this tab displays a chart view summary of devices that have been quarantined. Use the toggle at the top of the chart to view the quarantined devices by the actions that caused GlobalProtect to quarantine the device, the reason GlobalProtect quarantined the device, and the location of the quarantined devices.
Displays an overview of TLS/SSL decryption activity on the firewall. Information includes successful and unsuccessful decryption activity in your network, decryption failure reasons such as protocol, certificate, and version issues, TLS versions, key exchange algorithms, and the amount and type of decrypted and undecrypted traffic.
Use the ACC information to evaluate how decryption is working on your network and then use the Decryption Log to drill down into details.
You can also Interact with the ACC to create customized tabs with custom layout and widgets that meet your network monitoring needs, export the tab and share with another administrator.
Recommended For You
Recommended videos not found.