AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Prisma Access
license
Think of the Overview page as your launching point in to NGFW and Prisma Access both for
first time setup, and for day-to-day configuration management (
AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Prisma Access
license
If you select the
Global
configuration scope, you can view the
following details:
Global folders you create and their variables
Firewalls with config conflicts
Firewall sync status and Firewall connectivity status
General information
Configuration snippets
License
Trusted tenants for snippet sharing
Config version snapshots
Configuration Overview (Prisma Access)
Where Can I Use This?
What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access
license
If you’re just getting started with Prisma Access:
The
Basics
checklist shows you on how to get up and
running with Prisma Access; complete the tasks and walkthroughs here to get
started with a basic setup; then, test your environment and build out your
deployment.
Standardize a common base configuration for a set of Prisma Access deployments
using the configuration snippets
Find configuration
snapshots—compare configuration versions and restore (or load) an earlier
version to recover from a configuration push with unintended impact to traffic
flow or security
Optimize
your configuration by cleaning up unused objects and rules, and
tightening rules that are introducing security gaps by allowing applications
you’re not using
After completing basic setup, you can start testing your environment and building out
your deployment.
Basics
Prisma Access configuration
Basics
guide you to get up and
running with Prisma Access. Complete the tasks here to get started with a basic
setup, that you then can use to test your environment and build out your
deployment.
Each task links you to the page where you can set up the associated configuration;
when you’re done, tasks on this list show as complete. So, you can easily track
you’re progress at a glance, which is especially helpful if you’re in the onboarding
phase.
Walkthroughs
Some to-do’s also include walkthroughs that take you through the basic, required
steps to get your environment up and running.
Onboarding walkthroughs are available to you on the
Overview
dashboard. You can click into to the help to see if there are walkthroughs available
for the page you’re on, and keep an eye out for walkthroughs you can launch directly
on the page:
Available Walkthroughs
Onboard Remote Networks
Onboard Your HQ or Data Center (Service Connections)
Onboard Mobile Users (GlobalProtect)
Onboard Mobile Users (Explicit Proxy)
Turn on decryption
Policy Optimizer
Create a Security Rule
Create a Security Profile
Set Up SAML Authentication
Prisma Access Sync Status
On the
Overview
page, you can quickly check status for your
Prisma Access configurations. If you see something unexpected, drill down to
identify the impacted configuration. Here are statuses you might see:
Configuration has not been pushed
—So far, no configuration has been
pushed to Prisma Access.
This configuration is empty
—A user pushed a blank configuration to
Prisma Access. In this case, a configuration was previously in place, so the
push to Prisma Access might have been to remove the configuration. Go to
Push Config
Jobs
to review recent changes.
Out of sync
—A user has pushed a configuration to Prisma Access but
there is an error or warning related to the push. This might be a
configuration issue or it might be an issue related to the push to Prisma
Access.
In sync
—The latest configuration push to Prisma Access was successful,
and there are no errors.
If you see something unexpected, click on the status to open a map view that shows
the locations where you have either mobile users (GlobalProtect or explicit proxy
connections), remote networks, or service connections. You can then pinpoint the
configuration that requires review or where you might need to make an update.
Global Find Using Config Search
Config Search allows you to find specific configuration objects and settings for a
particular string, such as IP addresses, object name, referenced objects, duplicate
objects, policy names, policy rules, policies covered for specific CVEs, rule UUID,
predefined snippets, or application name and get the list of all references where
the object is used.
To launch
Config Search
, click the
icon beside
Push Config
on the upper right side of the web interface.
Config
Search
is available from all pages under
Manage
.
In the
Config Search
screen, you can search by using
the
Config String
,
Location
,
Object Type
,
Edited By
, or
Edited At
fields.
Search tips:
To find an exact phrase, enclose the phrase in quotes.
Spaces in search terms are handled as AND operations. For
example, if you search on corp policy, the search results
include instances where corp and policy exist in the
configuration.
To rerun a previous search, click the
Config
Search
icon, which displays the last 50
searches. Click any item in the list to rerun that search. The
search history list is unique to each administrator
account.
Config Search is available for each field that’s searchable. For
example, you can search on the following object types for a
Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
Location is grouped by Folders and Snippets. You can select more
than one location to search. If you do not select any location,
All
locations will be selected by
default.
If the object type is not selected,
All
will be selected.
The search results are categorized and provide links to the configuration
location in the Strata Cloud Manager, allowing you to easily find all
occurrences and references of the searched string.
Configuration Overview (Strata Cloud Manager)
Where Can I Use This?
What Do I Need?
NGFW (Managed by Strata Cloud Manager)
NGFW (Managed by PAN-OS or Panorama)
VM-Series, funded with Software NGFW Credits
AIOps for NGFW Premium license (use the Strata Cloud Manager app)
If you’re just getting started with Cloud Management of NGFW:
Gain visibility and control over local firewall configurations without the need
for switching between the central management and individual firewalls for
managing local configurations.
Firewalls with config conflicts
shows the number
of firewalls with conflicts. Click the number to view conflicts for
firewalls along with their location. Click any firewall to see
device-level conflicts.
Objects with config conflicts
shows the number of
conflicts per firewall. Click the number to view the conflicted objects
and their types for a specific firewall. Clicking the object provides
granular details on the conflict.
Standardize a common base configuration for a set of managed firewalls using
configuration snippets.
Configure managed firewalls in a high availability (HA)
configuration to provide redundancy and ensure business continuity.
Review the
Connectivity Status
of managed firewalls to
Strata Cloud Manager
.
Review the configuration
Sync Status
between
Strata Cloud Manager
and the current running configuration on your managed
firewalls.
details to see which licenses are activate
on your managed firewalls.
Global Find Using Config Search
Config Search enables you to search configuration objects and settings for a
particular string, such as IP addresses, object name, referenced objects, duplicate
objects, policy names, policy rules, policies covered for specific CVEs, rule UUID,
predefined snippets, or application name and get the list of all references where
the object is used.
To launch
Config Search
, click the
icon beside
Push Config
on the upper right side of the web interface.
Config
Search
is available from all pages under
Manage
.
In the
Config Search
screen, you can search by using
the
Config String
,
Location
,
Object Type
,
Edited By
, or
Edited At
fields.
Search tips:
To find an exact phrase, enclose the phrase in quotes.
Spaces in search terms are handled as AND operations. For
example, if you search on corp policy, the search results
include instances where corp and policy exist in the
configuration.
To rerun a previous search, click the Config Search icon, which
displays the last 50 searches. Click any item in the list to
rerun that search. The search history list is unique to each
administrator account.
Config Search is available for each field that’s searchable. For
example, you can search on the following object types for a
Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
Location is grouped by folders and snippets. You can select more
than one location to search. If you do not select any location,
All
locations will be selected by
default.
If the object type is not selected,
All
will be selected.
The search results are categorized and provide links to the configuration
location in the Strata Cloud Manager, allowing you to easily find all
occurrences and references of the searched string.
