Our recent webinar, “A 360-Degree View into Network Security Management with Panorama,” which discussed the enhanced features of Panorama and ACC in PAN-OS 7.0, was our most popular to date and received so many questions that we couldn’t address them all during the allotted webcast time. So the Palo Alto Networks product management team provided answers to your questions on functionality, speed and more.
We will continue to answer questions from our PAN-OS 7.0 webinar every week, so stay tuned.
Question 1: We have faced a lot of issues with slowness in populating the ACC data in 6.X PAN-OS. Is the 7.0 better, with respect to performance? Answer: Slowness is likely unrelated to ACC, although some performance enhancements (such as query caching) have been implemented to speed up the loading of the ACC.
Question 2: Can you describe what functionality an organization might lose with the new ACC? Answer: All the old ACC functionality has been implemented with the 7.0 ACC. In fact, we have added new widgets, such as Top 10 Interfaces, and we will continue to add new widgets in new releases.
Question 3: Will the new ACC act like SIEM in any way? Do we get any functionality to generate incidents or tickets for the malicious traffic by sending that data to an external ticketing system? Answer: Today, you can forward any log (system, configuration, traffic, correlation, etc.) to any SYSLOG server using standard or custom format over UDP/TCP/SSL. We have plans to implement higher level integration to any HTTP-based server such as ServiceNow.
Question 4: When you create a local filter, does that only apply to the specific widget in which you entered the filter? Answer: Yes. Global filters apply to all widgets and local apply only to the specific widget. There is a button that allows you to “promote” a local filter to a global.
Question 5: Does ACC have any direct integration with VMware NSX as part of threat response? Answer: No.
Question 6: Could we see an example of how to drill down through the ACC on a test PA? Answer: Contact your SE or reseller. They can use our demo systems to show you.
Question 7: Will the ACC show me more granular activity from a user? Answer: The User Activity widget will show you the top 10 users by bytes/sessions/threats/etc. This is displayed in a table.
Question 8: Can ACC work with archival type data? Say Panorama is disconnected from the network for a while and when you reconnect to the firewalls? Answer: ACC from Panorama always works by accessing its own database and does not need the device to be online.