New Features - Strata Cloud Manager - October 2025

Strata Cloud Manager for Configuration Management is a solution that is defined and controlled based on the region where it is deployed. You can deploy Strata Cloud Manager in the locations of your choosing, based on data location preferences and where you have the most users. This selection of locations allows for optimized performance, adherence to data residency requirements, and tailored user experiences based on geographical proximity. For this reason, we are rolling out region-specific support for Strata Cloud Manager as soon as we are able to do so for each region.

You can now deploy Strata Cloud Manager in the following additional regions for Configuration Management support in the Strata Cloud Manager 2025.R5.0 release: Brazil, Italy, Korea, Poland, and Spain .

The Global Configuration search feature is now available across the following regions: United States, Europe, and Singapore .

Migration Catalog addresses the lack of uniform workflows and discoverability across various migration efforts by providing a single, centralized location for all migration-related activities in Strata Cloud Manager. This catalog serves as a launching point for migration workflows, offering visibility into available migration options and their prerequisites, which helps administrators better understand Strata Cloud Manager’s migration capabilities.

When you access the Migration Catalog, you can view and select the Panorama-managed NGFW migration. The catalog implements a consistent user experience across different migration workflows based on a common stepper flow, similar to the existing Panorama-based NGFW migration. This standardization makes it easier for you to understand and navigate through the migration process regardless of which specific migration you are performing.

For migration options, the catalog explains the high-level workflow and prerequisites needed for successful configuration migration into Strata Cloud Manager. This transparency helps you prepare adequately before initiating any migration process, reducing the likelihood of encountering issues during migration and increasing the chances of a smooth transition to Strata Cloud Manager.

Organizations operate globally and frequently adhere to strict regional data compliance requirements when Advanced WildFire® is deployed into corporate networks for malware analysis. When using dynamic analysis for MacOSX files, meeting these geographic mandates can present a challenge. To address this control gap, the Advanced WildFire® service now provides the ability to choose the geographic location where MacOSX files are forwarded to for Advanced WildFire dynamic analysis. This ensures that customers maintain precise governance over where their samples are analyzed. This feature allows administrators to designate specific regional WildFire clouds—currently those located in the US, EU, Singapore, or Japan—to analyze and classify MacOSX files with WildFire verdicts using dynamic analysis, a high-fidelity sandboxing solution that tests the suspected file in a secure, virtualized environment to observe its behavior. The sample is temporarily sent to the region designated for MacOSX dynamic analysis, during which the file is analyzed and subsequently deleted. The sample analysis results are then sent to your configured WildFire public cloud region for access. The Advanced WildFire cloud uses the sample analysis results to generate and distribute signatures used by various Palo Alto Networks products to prevent further distribution of malicious threats contained in MacOSX files. By enforcing strict geographic boundaries for analysis, organizations can balance robust threat detection with regional data residency mandates. For maximum security, the forwarding functionality is disabled by default, ensuring configuration requires deliberate authorization. This capability strengthens compliance posture while leveraging the full detection power of Advanced WildFire.

Shared configuration management eliminates the complexity of managing security policies across multiple Palo Alto Networks services by allowing other Palo Alto Networks services to subscribe to and receive configuration objects from Strata Cloud Manager. Shared configuration management allows you to independently implement features without introducing inconsistencies or delays by providing a unified way for subscribers like Prisma SD-WAN Controller or Branch Sites for Prisma SD-WAN Ion devices to access and use Strata Cloud Manager managed NGFW and Prisma Access configurations.

Palo Alto Networks services can access Strata Cloud Manager configuration objects on a read-only basis while maintaining proper synchronization and usage tracking. Shared configurations enable you to share Security Profiles such as Threat Prevention, Anti-Spyware, Vulnerability Protection, URL Filtering, and DNS Security with Prisma SD-WAN Controller instances. You can track which shared objects are actively referenced by external services, and Strata Cloud Manager automatically blocks deletion of configuration objects that are currently in use by external subscribers to prevent configuration conflicts.

When making pushes to other services, reverting those pushes should be avoided as it may cause issues with your configuration.

You can now view and download signature-based packet captures (PCAPs), along with the inline detected PCAPs in threat logs from Log Viewer. These packet captures provide context around a threat to help you report false-positives or learn more about the methods used by the attacker. To download a PCAP, view threat type logs in Log Viewer and download packet captures.

Previously, managing Autonomous Digital Experience Management (ADEM) hosted in China required using a separate interface from ADEM deployed in other global locations. ADEM hosted in China now leverages the Strata Cloud Manager, aligning it with AI-Powered ADEM deployed in other locations.

This enhancement provides a unified and more usable experience, allowing you to use the same streamlined interface and visualization tools across all your ADEM environments while complying with all regulations and mandates. While this integration delivers a significantly improved and consistent operational view, note that some functionalities available in ADEM deployments in other locations are not currently supported for ADEM hosted in China.

Note: Please contact your account team to enable this feature.

You can configure and manage NGFW clustering for PA-7500 devices directly through Strata Cloud Manager (SCM). This feature enables you to group two PA-7500 firewalls into a single logical cluster entity that operates in device redundancy mode with one routing domain. When you configure clustering, SCM treats the cluster as a unified device where you apply all policies, objects, and networking configurations to the cluster folder rather than individual devices. This approach simplifies management while providing high availability for your network infrastructure.

The Strata Cloud Manager Unified Incident Framework offers a consistent and centralized approach to managing incidents across your various security products. This framework addresses the challenges you face in monitoring diverse network security deployments by consolidating all incidents into a single, unified interface. This gives you comprehensive visibility into your entire security infrastructure.

The unified dashboard displays a summary of all incidents, including the total number of open incidents and breakdowns by product type, category, severity, and priority. You can readily access detailed information for each incident, encompassing the title, severity level, affected objects, recommended remediation steps, and relevant timestamps.

The framework supports flexible notification mechanisms, including email, webhooks, and integrations with ITSM systems, ensuring that you remain informed of critical issues even outside the product interface. You can customize incident settings to focus on issues pertinent to your specific deployments by defining criteria for incident generation and configuring notification preferences.

Strata Cloud Manager now organizes Security Posture Settings under the Unified Incident Framework to deliver a unified and contextual incident management experience. Previously, you could access the security posture check from Configuration > Posture > Settings . With the unified incident framework, these security posture settings have moved to Incidents > Settings . This update aligns all posture-related rules and custom checks with incident workflows, enabling easier correlation between configuration issues and the incidents they generate.

Leveraging the Unified Incident Framework provides the following benefits:

• Consistent Incident Management: Ensures a uniform approach to incident handling.
• Faster troubleshooting: Centralized visibility and detailed information facilitate quicker identification and resolution of issues.
• Informed Decision-Making: Comprehensive context enables a better understanding of the impact and root cause of incidents.
• Improved Operational Efficiency: Streamlined processes and reduced incident fatigue enhance overall operational effectiveness.

This comprehensive design helps you maintain optimal health and security across your infrastructure, reducing the overhead and inefficiencies associated with managing disparate alerting systems.

The NetSec Health Dashboard provides a comprehensive view of your organization's network security health across all user devices, branch sites and AI-Powered ADEM monitored applications. Previously, NGFW users lacked a unified way to understand the end-to-end health of users and applications across their organization. This dashboard enhances the existing SASE health dashboard by integrating the health and experience scores from both your Next-Generation Firewall (NGFW) deployments and your Prisma Access (PA) environment into a single pane of glass. Currently, the dashboard shows unified digital experience insights from NGFW deployments for user devices only.

The interactive view in the dashboard shows the experience scores to highlight the status of user devices, sites, and applications in your organization as Good, Fair, and Poor. You can further drill down to analyze user-specific details, users’ browsing experience, network segments causing degradation, and open device incidents. For sites, you can review Prisma SD-WAN and third-party connectivity data and any related open incidents. For monitored applications, the dashboard shows application availability and critical end-to-end performance metrics.