Strata Cloud Manager
Manage: Push Config
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
Manage: Push Config
How to use Strata Cloud Manager to push configuration changes to your NGFWs and
Prisma Access.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
After you make configuration changes and are ready to activate them, you must push the changes to
your firewalls. You have the option to push all configuration changes or to select
specific administrators to include in the push. Pushing changes from all
administrators is required for your first configuration push. You can choose which
configuration changes you want to push to Prisma Access:
- Web SecurityPush Web Security updates to Prisma Access.
- Mobile Users — GlobalProtectPush Global Protect updates to Prisma Access.
- Mobile Users — Explicit ProxyPush Explicit Proxy updates to Prisma Access.
- Remote NetworksPush Remote Networks updates to Prisma Access.
- Service ConnectionsPush Service Connection updates to Prisma Access.
You can push a configuration while another configuration push is taking place. Prisma
Access applies configuration changes in the order you submit them.
In the event a configuration is pushed in error, or a change causes network or
security disruption, you can revert the Prisma Access configuration to the most
recent running Prisma Access configuration. This allows you to revert the Prisma
Access configuration back to a running configuration you know is functional and does
not compromise your network security. You do not have the option to select a
specific running configuration. Prisma Access automatically selects the last known
running configuration and reverts to it.
- Log in to Strata Cloud Manager.Make configuration changes as needed.Push Config and Push your configuration changes.Alternatively, you can select ManageOperationsPush Config To Devices.In the Push Config dialog box, you can Ignore Security Check Failures. This feature allows you to continue with push operations even when certain checks would block the process. If you leave the check box unchecked (the default setting), and a best practice check with a “block” action fails, Strata Cloud Manager stops the push.You can Ignore Security Check Failures only if your role includes the Override Security Check Block Action permission.(Optional) Add New Filter.You can filter the devices displayed in the push scope by applying filters. Applying filters impacts only which firewalls or Prisma Access deployments are displayed in the push scope and has no impact on which devices you push to.Edit the Push Scope.Editing the push scope allows you to push targeted configuration changes to some or all of your firewalls or Prisma Access deployments.Performing a partial configuration push is not supported and you must push the entire Strata Cloud Manager configuration if you:
- Configure a new tenant and this is your first configuration push.
- Onboard a firewall to Strata Cloud Manager.
- Onboard a Prisma Access mobile users and remote users.
- Rename or move a folder so that it’s nested under a different folder.
- Move a firewall to a different folder.
- Rename, associate, or disassociate a snippet.
- Load a configuration.
- Revert the configuration to the last pushed configuration or to a previous configuration version snapshot.
- Admin Scope — Select which administrator configuration changes to include in the push. By default, admin scope selects the current user, and changes made by that user are pushed to the selected firewalls or Prisma Access deployments. Selecting changes Changes from all admins includes all configuration changes made by all administrators.Editing the admin scope to select specific administrators includes all the configuration changes made by the selected administrators. This option can't be used when performing your first config push. Selecting specific configuration changes to include in the push is not supported.
- Push Scope — Select the deployment types or folders you want to push to. When you select a deployment or folder, the configuration changes are pushed to all firewalls or deployments.When you select a folder that contains child folders, all child folders and the associated firewalls or Prisma Access deployments are included in the push. Selecting a specific firewall or a Prisma Access deployment automatically selects the folder it’s associated with.
Push Config and Push.Review the push targets and Push.Review configuration push status.In the event a configuration is pushed in error, or a change causes network or security disruption, you can revert your Prisma Access configuration.View Prisma Access Jobs
You can view the Jobs history on Prisma Access to display details about operations that admins initiated, as well as automatic content and license updates. This includes any configuration commits, pushes and reverts. You can use the Jobs view to troubleshoot failed operations, investigate warnings associated with completed commits, or cancel pending commits.- Launch Prisma Access.On the top menu bar, select Push Config and view the Prisma Access Jobs.Perform any of the following tasks:
- Investigate warnings or failures—Read the entries in the Summary column for warning or failure details.
- View a commit description—If an administrator entered a commit description, you can refer to the Description column to understand the purpose of the commit.
- Check the position of an operation in the queue—View the operation position and status to determine the position of the operation.