You can perform a configuration audit to see the configuration changes made between two selected configuration versions. This allows your administrators to assess and document impact of configuration changes, trace back changes in case of an outage, and perform regular audits in order to adhere to security compliance standards. Enhancements to configuration audits now allow you to not only view the entire XML differences between the two selected config versions, but also provides you per-object granular view of the change data.

The

XML Diff

displays the XML file differences between any two selected config versions. The

Change Summary

provides a granular details about each of the configuration objects that added, deleted, or modified between the older selected config version and the newest selected config version. The type granular details are:

Tags allow you to identify the purpose or function of a policy rule and help you better organize your policy rulebase. After you apply tags to the policy rules in your policy rulebase, you can use the Tag Browser to visually group and manage your policy rulebase based on the tags you assigned to your policy rules. When viewing your policy rulebase using tags, you can perform operational procedures such as adding, deleting, or moving policy rules with the applied tagging more easily. Additionally, you can filter your policy rulebase using tags to apply one or more tag search filters to the policy rulebase to narrow down the list of policy rules displayed. Viewing your policy rulebase using tags maintains the rule evaluation order.

Policy rulebase management using tags is supported for across all policy rulebases. For firewalls managed by a Panorama management server, you can create and assign tags to policy rules from Panorama. Both Panorama, managed firewalls, and standalone firewalls running PAN-OS 10.2.5 or later 10.2 or PAN-OS 11.0.3 or later release support policy rulebase base management using tags.

In air-gapped deployments where your devices have no outbound internet connection, you can enable Secure Copy Protocol (SCP) to upload supported file types to an air-gapped device. To perform an SCP upload, you must enable SCP upload functionality for each specific Superuser administrator you want to allow to perform an SCP upload, and isn't a global device configuration. Once SCP uploads are enabled for a Superuser admin, you can use this admin to write scripts and automation for supported file uploads directly to your air-gapped device using the CLI rather than the web interface.

SCP upload are supported from devices running a Microsoft Windows, macOS, or any Linux operating system. SCP upload must be performed from your device command line. SCP applications like WinSCP and FileZilla are not supported. A system log is generated when you successfully SCP a file to your device or if an SCP upload fails for any reason.

You can SCP the following files to your device:

The Strata Cloud Manager Command Center

is your new NetSec homepage; it is your first stop to assess the health, security, and efficiency of your network. In a single view, the command center shows you all users and IoT devices accessing the internet, SaaS applications, and private apps, and how Prisma Access, your NGFWs, and your security services are protecting them.

The command center provides you with four different views, each with its own tracked data, metrics, and actionable insights to examine and interact with:

Summary:
A high-level look at all your network and security infrastructure. Monitor the traffic between your sources (users, IoT) and applications (private, SaaS), and see metrics onboarded security subscriptions.
Threats:
Dig deeper into anomalies on your network and block threats that are impacting your users. Review the traffic inspected on your network and see how threats are being detected and blocked around the clock by your Cloud-Delivered Security subscriptions.
Operational Health:
Review incidents of degraded user experience on your network and see root-cause analysis of the issues and remediation recommendations.
Data Security:
Find high-risk sensitive data and update data profiles to further secure your network. Review the sensitive data flow across your network and SaaS applications.

When the command center surfaces an issue through one of these views that you should address or investigate (an anomaly, a security gap, a degraded user experience, something that impacts the security and health of your network), it provides a path to where you can take actions to further secure your network.

For example, if you are looking at the Threats view and would like more information about Command and Control threats on your network, you can click C2 in the Blocked and Alerted Threats table and jump to Activity Insights, where you can drill down and investigate details about all the Command and Control threats, such as the threat name, severity, and change the action from Alert to Drop.