The ACC includes predefined tabs that provide visibility into network traffic, threat activity, blocked activity, tunnel activity

, and mobile network activity (if GTP security is enabled)

. For information on each tab, see ACC Tabs.

Each tab includes a default set of widgets that best represent the events and trends associated with the tab. The widgets allow you to survey the data using the following filters: bytes (in and out), sessions, content (files and data), URL categories, applications, users, threats (malicious, benign, grayware, phishing), and count. For information on each widget, see ACC Widgets.

The charts and graphs in each widget provide a real-time and historic view. You can choose a custom range or use the predefined time periods that range from the last 15 minutes up to the last 90 days or last 30 calendar days.

The time period used to render data, by default, is the last hour. The date and time interval are displayed on screen. For example:

The global filters allow you to set the filter across all tabs. The charts and graphs apply the selected filters before rendering the data. For information on using the filters, see ACC Actions.

The application view allows you filter the ACC view by either the sanctioned and unsanctioned applications in use on your network, or by the risk level of the applications in use on your network. Green indicates sanctioned applications, blue unsanctioned applications, and yellow indicates applications that have different sanctioned state across different virtual systems or device groups.

The risk meter (1=lowest to 5=highest) indicates the relative security risk on your network. The risk meter uses a variety of factors such as the type of applications seen on the network and the risk levels associated with the applications, the threat activity and malware as seen through the number of blocked threats, and compromised hosts or traffic to malware hosts and domains.

The data used for the display varies between the firewall and Panorama™. You have the following options to select what data is used to generate the views on the ACC:

Virtual System

: On a firewall that is enabled for multiple virtual systems, you can use the

Virtual System

drop-down to change the ACC display to include all virtual systems or just a selected virtual system.

Device Group

: On Panorama, you can use the

Device Group

drop-down to change the ACC display to include data from all device groups or just a selected device group.

Data Source

: On Panorama, you can also change the display to use

Panorama

or

Remote Device Data

(managed firewall data). When the data source is

Panorama

, you can filter the display for a specific device group.