New Features - Strata Cloud Manager - March 2026

Maintaining compliance against numerous governmental, industry, and internal security frameworks often involves time-consuming manual processes that can lead to security gaps, potential fines, and business disruption. To solve these challenges, the Compliance Center brings continuous, automated compliance assessments directly into Strata Cloud Manager. This feature provides flexible framework management for your Next-Generation Firewall (NGFW) and Prisma® Access configurations.

You can leverage the Compliance Center to:

• Assess your security posture continuously against required standards.

• Benchmark against industry standards, such as NIST CSF 2.0, or create custom organizational frameworks.

• Streamline remediation through a unified workflow to quickly identify and fix non-compliant configurations.

By automating these processes within your network security deployments, you easily ensure and demonstrate continuous adherence to security policies and regulatory mandates without relying on manual audits.

Palo Alto Networks now provides support for newly added endpoints published by Fastly® as part of the continuous expansion of the EDL (External Dynamic List) Hosting Service.

You can now deploy traditional High Availability active/passive configurations on PA-7500 firewalls (Generation 5 hardware platform). This capability addresses a critical gap for users who require active/passive failover solutions but cannot use NGFW clustering on these advanced platforms. When you configure traditional HA active/passive on these firewalls, you maintain similar configuration workflows and operational behaviors that you rely on with legacy HA deployments across other Palo Alto Networks platforms.

Unlike clustering where all members actively forward traffic, HA active/passive mode maintains the traditional model where only the active device processes traffic while the passive device remains in standby, ready to assume the active role during a failover event. You benefit from this approach when you need redundancy without the complexity of traffic distribution across multiple active devices, and when your deployment priorities focus on maintaining existing operational procedures rather than scaling throughput.

In HA Active/Passive mode, the PA-7500 firewalls must use the High Speed Chassis Interconnect (HSCI) to connect the two chassis. The HSCI interfaces aggregate both HA1 and HA2 functions: Session synchronization and configuration synchronization. The HSCI-A is the primary interface, whereas HSCI-B can be configured as a backup interface. You can configure this solution without requiring Panorama management, maintaining the same configuration and state synchronization capabilities that exist in current-generation platforms while providing the reliability and performance characteristics of the Generation 5 architecture.

The HA active/passive capability ensures you can migrate to newer hardware platforms without redesigning your high availability architecture, while still gaining access to the enhanced performance and feature capabilities that Generation 5 platforms deliver. This approach particularly suits environments where you require the processing power of modern hardware but must maintain the operational simplicity and predictable behavior patterns of traditional active/passive high availability configurations.

You can now manage and renew certificates used in Strata™ Cloud Manager through integrated Next-Gen Trust Security capabilities to prevent expired certificates and service disruptions caused by manual certificate management across hundreds or thousands of certificates.

Certificates from your Strata Cloud Manager configuration sync to the Next-Gen Trust Security inventory, providing PKI administrators with visibility into expiration status, usage locations, and cryptographic health. You can manage certificates individually or in bulk, and renew them using enterprise-approved certificate authorities configured through Next-Gen Trust Security issuing templates. After renewal, you push the configuration to your firewalls to complete the certificate update.

Manually searching through numerous network incidents to find issues affecting specific infrastructure components is time-consuming and delays troubleshooting. To solve this challenge, the primary impacted object type filter in Strata Cloud Manager introduces a dynamic, key-value-based filtering mechanism on the Incidents dashboard. When you analyze incidents across your network environment, you often need to focus on issues impacting particular sites, applications, or tunnels. This feature enables you to select an impacted object type and choose from dynamically populated values, streamlining your incident analysis workflow.

You can use this capability to investigate all incidents affecting a critical application, assess the reliability of a specific site over time, or correlate incidents across multiple components that share a common infrastructure element. The filter adapts to your incident context, ensuring that only relevant object types and values appear based on the incidents you are reviewing. By leveraging this feature, you perform faster root cause analysis, reduce mean time to resolution for incidents impacting business-critical objects, and make informed decisions about remediation priorities. This targeted visibility allows operations teams to transition seamlessly between broad incident monitoring and specific object-level investigation.

Organizations often struggle to quantify their security risk and prioritize the critical tasks required to align with Zero Trust principles. To solve these challenges, the Zero Trust Posture Center dashboard in Strata Cloud Manager provides a clear, actionable roadmap to enhance the security posture of your Next-Generation Firewall and Prisma® Access deployments.

The centralized hub provides several key capabilities:

• Quantifies risk through a data-driven assessment of your current security state.

• Prioritizes security tasks by identifying high-risk areas and focusing on stack-ranked recommendations.

• Streamlines management by integrating insights from Best Practice Checks, Policy Analyzer, Policy Optimizer, and Config Cleanup.

• Aligns with Zero Trust by organizing findings around the five critical pillars to enhance your security configuration.

This comprehensive approach helps network administrators and InfoSec teams easily ensure and demonstrate continuous adherence to security policies without manually aggregating data across multiple tools.