Strata Cloud Manager
Manage: Overview
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
Manage: Overview
Learn about the management options available to you in Strata Cloud
Manager.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
Think of the Overview page as your launching point in to NGFW and Prisma Access both for
first time setup, and for day-to-day configuration management (ManageConfigurationNGFW and Prisma AccessOverview).
Global
Where Can I Use This? | What Do I Need? |
---|---|
|
|
If you select the Global configuration scope, you can view the
following details:
- Global folders you create and their variables
- Firewalls with config conflicts
- Firewall sync status and Firewall connectivity status
- General information
- Configuration snippets
- License
- Trusted tenants for snippet sharing
- Config version snapshots
Configuration Overview (Prisma Access)
Where Can I Use This? | What Do I Need? |
---|---|
|
|
If you’re just getting started with Prisma Access:
- The Basics checklist shows you on how to get up and running with Prisma Access; complete the tasks and walkthroughs here to get started with a basic setup; then, test your environment and build out your deployment.
For details on your Prisma Access environment:
- Review License details to see what’s included with your Prisma Access subscription.
- The About panel displays the software and tenant information for your Prisma Access environment.
For day-to-day configuration management:
- Get at-a-glance configuration status
- Standardize a common base configuration for a set of Prisma Access deployments using the configuration snippets
- Find configuration snapshots—compare configuration versions and restore (or load) an earlier version to recover from a configuration push with unintended impact to traffic flow or security
- Optimize your configuration by cleaning up unused objects and rules, and tightening rules that are introducing security gaps by allowing applications you’re not using
- Pinpoint areas where you can make configuration changes that would strengthen your security posture
- You can also find details about your Prisma Access license and what it includes
After completing basic setup, you can start testing your environment and building out
your deployment.
Basics
Prisma Access configuration Basics guide you to get up and
running with Prisma Access. Complete the tasks here to get started with a basic
setup, that you then can use to test your environment and build out your
deployment.
Each task links you to the page where you can set up the associated configuration;
when you’re done, tasks on this list show as complete. So, you can easily track
you’re progress at a glance, which is especially helpful if you’re in the onboarding
phase.
Walkthroughs
Some to-do’s also include walkthroughs that take you through the basic, required
steps to get your environment up and running.
Onboarding walkthroughs are available to you on the Overview
dashboard. You can click into to the help to see if there are walkthroughs available
for the page you’re on, and keep an eye out for walkthroughs you can launch directly
on the page:
Available Walkthroughs
|
Prisma Access Sync Status
On the Overview page, you can quickly check status for your
Prisma Access configurations. If you see something unexpected, drill down to
identify the impacted configuration. Here are statuses you might see:
- Configuration has not been pushed—So far, no configuration has been pushed to Prisma Access.
- This configuration is empty—A user pushed a blank configuration to Prisma Access. In this case, a configuration was previously in place, so the push to Prisma Access might have been to remove the configuration. Go to Push ConfigJobs to review recent changes.
- Out of sync—A user has pushed a configuration to Prisma Access but there is an error or warning related to the push. This might be a configuration issue or it might be an issue related to the push to Prisma Access.
- In sync—The latest configuration push to Prisma Access was successful, and there are no errors.
If you see something unexpected, click on the status to open a map view that shows
the locations where you have either mobile users (GlobalProtect or explicit proxy
connections), remote networks, or service connections. You can then pinpoint the
configuration that requires review or where you might need to make an update.
Global Find Using Config Search
Config Search allows you to find specific configuration objects and settings for a
particular string, such as IP addresses, object name, referenced objects, duplicate
objects, policy names, policy rules, policies covered for specific CVEs, rule UUID,
predefined snippets, or application name and get the list of all references where
the object is used.
- To launch Config Search, click the
- In the Config Search screen, you can search by using
the Config String, Location,
Object Type, Edited By, or
Edited At fields. Search tips:
- To find an exact phrase, enclose the phrase in quotes.
- Spaces in search terms are handled as AND operations. For example, if you search on corp policy, the search results include instances where corp and policy exist in the configuration.
- To rerun a previous search, click the Config Search icon, which displays the last 50 searches. Click any item in the list to rerun that search. The search history list is unique to each administrator account.
- Config Search is available for each field that’s searchable. For example, you can search on the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile, Application, UUID, and Service.
- Location is grouped by Folders and Snippets. You can select more than one location to search. If you do not select any location, All locations will be selected by default.
- If the object type is not selected, All will be selected.
- The search results are categorized and provide links to the configuration location in the Strata Cloud Manager, allowing you to easily find all occurrences and references of the searched string.
Configuration Overview (Strata Cloud Manager)
Where Can I Use This? | What Do I Need? |
---|---|
|
|
If you’re just getting started with Cloud Management of NGFW:
For day-to-day configuration management:
- Get at-a-glance summary of the current folder name, number of firewalls added to the folder, number of variables created for the folder.
- Gain visibility and control over local firewall configurations without
the need for switching between the central management and individual firewalls
for managing local configurations.
- Firewalls with config conflicts shows the number of firewalls with conflicts. View Conflicts to see conflicts for all firewalls and their respective locations. Click the individual firewall to further investigate device-level conflicts.
- Objects with config conflicts shows the number of conflicts per firewall. Click the number to view the conflicted objects and their corresponding types specific to that firewall. Click the object to get the granular details on the conflict.
- Standardize a common base configuration for a set of managed firewalls using configuration snippets.
- Configure managed firewalls in a high availability (HA) configuration to provide redundancy and ensure business continuity.
- Review the Connectivity Status of managed firewalls to Strata Cloud Manager.
- Review the configuration Sync Status between Strata Cloud Manager and the current running configuration on your managed firewalls.
For details on your managed firewalls:
- Review Content Distribution and Software Versions details to see which dynamic content updates and PAN-OS software versions are running on your managed firewalls.
- Review License details to see which licenses are activate on your managed firewalls.
Global Find Using Config Search
Config Search enables you to search configuration objects and settings for a
particular string, such as IP addresses, object name, referenced objects, duplicate
objects, policy names, policy rules, policies covered for specific CVEs, rule UUID,
predefined snippets, or application name and get the list of all references where
the object is used.
- To launch Config Search, click the
- In the Config Search screen, you can search by using
the Config String, Location,
Object Type, Edited By, or
Edited At fields. Search tips:
- To find an exact phrase, enclose the phrase in quotes.
- Spaces in search terms are handled as AND operations. For example, if you search on corp policy, the search results include instances where corp and policy exist in the configuration.
- To rerun a previous search, click the Config Search icon, which displays the last 50 searches. Click any item in the list to rerun that search. The search history list is unique to each administrator account.
- Config Search is available for each field that’s searchable. For example, you can search on the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile, Application, UUID, and Service.
- Location is grouped by folders and snippets. You can select more than one location to search. If you do not select any location, All locations will be selected by default.
- If the object type is not selected, All will be selected.
- The search results are categorized and provide links to the configuration location in the Strata Cloud Manager, allowing you to easily find all occurrences and references of the searched string.