New Features - Strata Cloud Manager - May 2024

The Authorized Support Center (ASC) Support View dashboards have been consolidated and fully integrated back into the Strata Multitenant Cloud Manager. This move centralizes critical troubleshooting resources, providing ASC partners with a more streamlined and unified experience for managing multiple tenant environments. The ASC Support View remains exclusively dedicated to partners, equipping them with the tools and data necessary to efficiently address L1 and L2 support issues for their customers' cloud-managed SASE (Secure Access Service Edge) deployments, encompassing Prisma® Access and Prisma® SD-WAN. This feature is available in Strata Multitenant Cloud ManagerASC Support View .

The integration emphasizes deep operational visibility for support engineers. The ASC Support View offers essential dashboards and reports that allow partners to proactively monitor the health and performance of customer services. Key features include comprehensive status monitoring for services, as well as granular performance metrics related to Tunnel Status, Auto Scaling, and Throughput to quickly identify and resolve service disruptions. Additionally, the view provides the status of all tenant upgrades and a simplified way to monitor ongoing Prisma Access and Prisma SD-WAN incidents, ensuring partners can maintain maximum customer uptime and rapidly engage in break-fix scenarios.

The Strata Multitenant Cloud Manager enables managed security service providers (MSSP) or distributed enterprise customers of Prisma Access to define and enforce global security policies in all or some of their child tenants. You would use this to create repeatable common configurations that can be applied to many tenants, while allowing for granular customization of configurations at the individual tenants for local tenant admins. Bulk configuration management is only supported for Cloud managed tenants. Panorama managed tenants are not supported as part of this feature. This feature is available in Strata Multitenant Cloud ManagerManageBulk Configuration .

Configuration push latency often slows down essential network deployments and complex configuration updates across distributed NGFW . To enhance operational agility and speed, Strata Cloud Manager now optimizes communication protocols for configuration transfers. This crucial update introduces transparent compression for configuration exchanges.

When a security administrator pushes a configuration change from Strata Cloud Manager to a managed NGFW running PAN-OS 11.2 or later release, Strata Cloud Manager compresses the XML configuration during transmission. This compression reduces the file size by at least 15% to significantly speeds up deployment times and reduces bandwidth utilization. Additionally, all NGFW responses back to Strata Cloud Manager, including commit status updates and data queries, are also compressed by at least 15%. This two-way compression is transparent to the user and does not affect the NGFW management or data processing functions.

For Enterprise IT and IT Enabled Services (ITES) companies that need to control which users have access to their customer projects, Dynamic Privilege Access provides a seamless, secure, and compartmentalized way for your users to access only those projects that they are assigned to. Employees are typically assigned to several customer projects and are provided with siloed access to these projects so that an authorized user can access only one customer project at a time.

The Dynamic Privilege Access feature in Prisma Access provides dynamic privileges for your users based on the workflow or project that your users select in the Prisma Access Agent. Your users can have dynamic privileges based on the combination of the user group and IP pool that is assigned to a project. This unique combination defines a project. With Dynamic Privilege Access, you can isolate resources in your network so that they are only accessible to your users according to the projects they are assigned to.

A new predefined role called the Project Admin is available to allow project administrators to create and manage project definitions. Project administrators have the ability to map projects to select Prisma Access location groups, and create IP address assignments using DHCP based on the project and location group.

You can gain visibility into your Prisma Access Agent deployment by using Strata Cloud Manager to monitor your users' project activity, and view the service consumption and security posture in your network.

Dynamic Privilege Access enables Prisma Access to apply different network and Security policy rules to mobile user flows based on the project your users are working on. In the Strata Cloud Manager Command Center, navigate to Activity InsightsProjects, where you can view user-based access information in your environment

Managing explicit proxy traffic using single or multiple Proxy Auto-Configuration (PAC) files introduces complexity and management burden. You can now manage traffic flow and bypass rules by using Forwarding Profiles instead of only a single PAC file. Forwarding Profiles enable you to define forwarding rules and objects from a dedicated interface rather than dealing with the inherent technical complexity of a PAC file.

If you currently use a PAC file, you can migrate to Forwarding Profiles by importing the PAC file into a profile. Additionally, if you manage multiple PAC files for different traffic types, you can import these PAC files into separate profiles to use them simultaneously. In addition to standard proxy deployments, you can also use Forwarding Profiles to define the flow of traffic through GlobalProtect GlobalProtect® in Proxy or Tunnel and Proxy mode.

You can edit a proxy auto-configuration (PAC) file for explicit proxy that meets your requirement. GlobalProtect app proxies traffic to Prisma Access based on forwarding rules and logic from the PAC file. You can edit the PAC file content under Forwarding Rules.

If your Prisma® Access deployment uses a large number of sessions, and you would like to delete those sessions quickly, you can enable fast session delete, which allows Prisma Access to reuse TCP port numbers before the TCP TIME_WAIT period expires. This reuse of the TCP port numbers can be useful if your deployment has a large number of SSL decrypted sessions that may be short-lived. You can choose to enable this functionality for Prisma Access Remote Networks, Service Connections, and Mobile Users—GlobalProtect®; for Mobile Users—Explicit Proxy deployments, this functionality is enabled by default and you cannot disable it.

Prisma Access adds to the static IP address functionality for mobile users, where you can assign static IP addresses to users based on the Prisma Access theater or User-ID. To enhance IP address assignment for mobile users, you can now use location groups and user groups as a criteria, in addition to theater and User-ID. In addition, the number of supported IP address pool profiles is increased to 10,000. Activity Insights: Users allows you to view and monitor static IP address enhancements for mobile users.

You can use the Cloud Identity Engine with Prisma Access to apply information from third-party IoT detection sources to simplify the task of identifying and closing security gaps for devices in your network. See Configure Third-Party Device-ID in Prisma Access for details about setup and configuration.

Go to InsightsSecurityDevice Security to get insights on your IoT devices, such as the number of IoT devices connected within the last 30 minutes, all IoT devices connected during the time range selected, and details about all connected IoT devices.