Inconsistent security policies and overly permissive Layer 4 rules across your Strata Cloud Manager and Panorama® deployments create unnecessary attack surface. Policy Optimizer in Strata Cloud Manager now extends its analysis of overly permissive security rules to include Panorama-managed environments. This feature helps organizations strengthen their security posture across all global Next-Generation Firewall (NGFW) and Prisma Access deployments, ensuring consistent security regardless of the chosen policy management method.

This feature enables the modernization of legacy, overly permissive Layer 4 rules. It achieves this by identifying broad "any" entries—such as for source user, source address, destination address, or application—and recommending replacements. These new App-ID™ and User-ID™–based policies are grounded in actual network traffic and user behavior logs. Policy Optimizer continuously analyzes historical logs to surface targeted, high-value recommendations, effectively reducing the attack surface, enforcing the principle of least-privilege access, and elevating overall policy hygiene for a stronger security architecture.