Strata Cloud Manager lets you validate your configuration against predefined Best Practices and custom checks you create based on the needs of your organization. As you make changes to your service routes, connection settings, allowed services, and administrative access settings for the management and auxiliary interfaces for your firewalls, Strata Cloud Manager gives you assessment results inline so you can take immediate corrective action when necessary. This eliminates problems that misalignments with best practices can introduce, such as conflicts and security gaps.

Inline checks let you:

Strata Cloud Manager lets you validate your configuration against predefined Best Practices and custom checks you create based on the needs of your organization. As you make changes to your service routes, connection settings, allowed services, and administrative access settings for the management and auxiliary interfaces for your firewalls, Strata Cloud Manager gives you assessment results inline so you can take immediate corrective action when necessary. This eliminates problems that misalignments with best practices can introduce, such as conflicts and security gaps.

Inline checks let you:

(HA deployments only) In an Auto VPN with SD-WAN configuration, the Auto VPN can now generate the appropriate configuration automatically for the active and passive HA peers (both branch and hub HA pairs). It enables the HA failovers to be seamless between the HA pairs.

If your deployment has a requirement to delete sessions quickly, you can enable fast session delete, which allows Prisma Access to reuse TCP port numbers before the TCP TIME_WAIT period expires, and can be useful for SSL decrypted sessions that may be short-lived. You can enable this functionality for Remote Networks, Service Connections, and Mobile Users —GlobalProtect; for Mobile Users—Explicit Proxy deployments, this functionality is enabled by default and cannot be changed.

When you onboard a Service Connection or Remote Network connection, a public IP address is assigned for the other side of the IPSec tunnel (the Service IP Address). You use these public IP addresses for your CPE in you branch site or headquarters or data center location. Keeping records of all the IP addresses you need to configure on your CPE can be time consuming.

Instead of IP addresses, Prisma Access provides you FQDNs to use for the other end of the IPSec tunnel for Service Connections and Remote Network Connections, thus facilitating CPE setup at your branch sites or headquarters or data center locations.

Prisma Access is extending its support for IPv6 from private applications to encompass comprehensive end-to-end IPv6 support for Mobile Users, Remote Networks, and Service Connections. One advantageous aspect of native IPv6 support is its capacity to enable Mobile Users utilizing IPv6-only endpoints to establish connections with Prisma Access via IPv6 connections using GlobalProtect. Additionally, this support facilitates accessing public SaaS applications over the internet, particularly where those destinations necessitate IPv6 connections.

IPv6 boasts a significantly larger address space compared to IPv4, thereby accommodating an almost limitless number of unique IP addresses. Through native IPv6 support, Prisma Access is engineered to be compatible with both IPv6 and dual-stack connections, facilitating the migration process from IPv4 to IPv6. This compatibility ensures backward compatibility and empowers organizations in their transition to cloud-based and IPv6-enabled networks.

Prisma Access Explicit Proxy now supports service connections to enable you to access resources in your data center. With this change, you will still be able to benefit from a proxy connection while accessing external dynamic lists, partner apps, or private apps hosted in your data center.

Manually sharing and keeping the configuration synchronized across multiple tenants is both error prone and inefficient.

This feature provides a unique and flexible way to share common configuration in a multitenant environment. You can save and manage any combination of configuration as a snippet, seamlessly sharing them across tenants under a customer account. This offers tremendous flexibility and control in managing shared configuration across tenants. This feature offers a variety of use cases such as updating configurations from lab to production environments, migrating configurations between tenants, centralizing configuration management for common use cases across tenants, and managing global configurations in a multibusiness unit setup.

Config Search in Strata Cloud Manager enables you to search configuration objects and settings for a particular string, such as IP addresses, object name, referenced objects, duplicate objects, policy names, policy rules, policies covered for specific CVEs, rule UUID, predefined snippets, or application name.

The search results are categorized and provide links to the configuration location in the Strata Cloud Manager, allowing you to easily find all occurrences and references of the searched string.

Eliminate the need for context switching from central management to individual firewalls for managing local configurations.

This feature enhances readability, simplifies troubleshooting, and reduces manual effort by providing visibility and control over local firewall configurations through Strata Cloud Manager. Additionally, it identifies any conflicting or overridden objects between local and pushed configurations, making it easier to troubleshoot.

Embrace Web Access policies when creating new Internet Security policies or configurations, preserving existing rules in your setup. Web Security policies offer a framework for abstracting policies, enabling translation of user intent into the language understood by the enforcement node. This ensures continuity for current rules without altering user experience through default rule ordering.

This capability incrementally enhances existing Web Security workflows. Newly created Global Web Access policy rules are positioned between Web Security rules and the regular security rules, with Global Catch All policies placed on top of the intrazone default rules in post-rules.

You can now manage your Strata Logging Service instance with Strata Cloud Manager. After you have activated and deployed Strata Logging Service, log in to Strata Cloud Manager on hub and select SettingsStrata Logging Service to manage your Strata Logging Service instance. Additionally, you can also continue to use the Strata Logging Service standalone app available on the hub to manage your instances. The logging data is the same in both Strata Logging Service app and Strata Cloud Manager, except for their web interface differences.

Use Strata Logging Service to:

• Check the status of a Strata Logging Service instance
• View and onboard firewalls, Cloud NGFW, Prisma Access, or Panorama appliances
• View the allocated log storage quota, the available storage space, and the number of days the logs are retained based on your incoming log rate
• Configure log storage quota
• Search, filter, and export log data
• Forward log data to external servers for long-term storage, SOC, or internal audit

End User Coaching allows you to notify and coach end users when their actions violate a Security policy rule because it contains sensitive data that cannot leave your corporate network. Prisma Access (Managed by Strata Cloud Manager) administrators can immediately notify end users through the Access Experience User Interface (UI) when an end user uploads, downloads, or posts content that is blocked by Enterprise Data Loss Prevention (E-DLP). End user notifications are configured using the User Coaching Notification Template created on Strata Cloud Manager and are associated with a DLP rule for both File-Based and Non-File Based traffic. The notification template allows you to fully customize the message to be displayed in the notification and support variables to dynamically fill in DLP incident information based on the file name, traffic direction, application, and action. After an Enterprise DLP incident is generated, the end user who generated the incident can view the Data Security notification to view more details about current and past notifications.