Automate NGFW onboarding to Strata Cloud Manager with a device onboarding rule, whether you're manually onboarding NGFW or onboarding using Zero Touch Provisioning (ZTP). You can associate the NGFW with a folder and apply predefined configuration when the NGFW first connects to Strata Cloud Manager. Strata Cloud Manager supports multiple device onboarding rules to define different match criteria that apply to different NGFW. Device onboarding rules are designed to simplify and greatly reduce the time spent onboarding new NGFW at scale and ensure the correct configuration is applied to newly onboarded NGFW.

Define which NGFW a rule applies to by using Match Criteria. This includes information such as the firewall Model and any Labels applied to the firewall during the onboarding process. You can define the rule Action to specify a Target Folder one or more NGFW are added to and the Snippet Association define any firewall-specific snippet configurations that need to be applied. Additionally, if you use SD-WAN or Cloud Identity Engine (CIE) you can also define and apply those necessary configurations in the device onboarding rule to ensure all required connectivity and user-based visibility and policy rule enforcement immediately after onboarding.

To consolidate management, you can now configure a web proxy on the firewalls you're managing with. This means that if you use an NGFW as a proxy device to secure your network, you can configure your proxy settings across your deployment from a single management interface.

This interface includes an in-app Proxy Auto-Configuration (PAC) file editor so that you can edit your proxy settings and modify your PAC file all in one place whenever network changes arise.

The web proxy supports two methods for routing traffic:

You can push web proxy configurations to the following platforms:

• PA-1400
• PA-3400
• VM-Series (with a minimum of four vCPUs)

Get clarity on the configuration elements that are applicable for a particular scope and whether they are inherited from a common configuration scope or generated by the system.

The color-coded configuration indicators help you understand where the configurations are inherited from, and also visually distinguish the object types for easy scanning.

Enable integration between Prisma Access deployments and on-premises NGFWs deployed as external gateways.

In the Prisma Access configuration, when setting up the hybrid Prisma Access deployment with security service edge (SSE) and on-premises NGFWs, you can now configure the NGFWs as external gateways by referencing the NGFWs' GlobalProtect gateway IP addresses. This eliminates manual configuration and minimizes the risk of misconfiguration.

Network security administrators often struggle with fragmented visibility across their security infrastructure, making it difficult to quickly assess overall network health, identify emerging threats, and understand the impact of security events on user experience. Traditional approaches require navigating between multiple dashboards and tools to piece together a comprehensive view of security posture.

The Strata Cloud Manager Command Center serves as your new NetSec homepage and provides your first stop to assess the health, security, and efficiency of your network. In a single view, the command center shows you all users and IoT devices accessing the internet, SaaS applications, and private apps, and demonstrates how Prisma® Access, your NGFWs, and your security services protect them.

Managing network visibility and operational efficiency across diverse deployments like Prisma Access and NGFW often requires juggling multiple dashboards, leading to fragmented analysis. Activity Insights solves this critical challenge by giving you an in-depth, consolidated view of your network activities across Prisma Access and NGFW deployments. Activity Insights brings together the visualization, monitoring, and reporting capabilities from dashboards like Application Usage, Network Usage, User Activity, and Threat Insights, providing all this data in a single, unified view.

Activity Insights pairs with the new Strata Cloud Manager Command Center homepage ; for anomalies, security gaps, degraded user experiences, impacts on security and health of your network that the homepage surfaces, you can drill down into Activity Insights and other dashboards to investigate and assess next steps.

Activity Insights provides a unified view of network data in relation to applications, users, threats, URLs, and network usage. You can also view the performance of Prisma SD-WAN applications with details on health score over a time range, transaction statistics, and bandwidth utilization metrics. The advanced reporting functionality enables you to download, share, and schedule reports that cover the data in the Overview tab. The report presents data separately for each filter applied in Activity Insights.

Furthermore, Activity Insights now displays direct users who connect to your network infrastructure while disconnected from GlobalProtect®. Previously, ADEM collected event information for these users, but Activity Insights did not show them. Now, you can gain complete visibility into network activity regardless of connection status, significantly improving analysis and reporting capabilities.

In Identity and Access Management, the View Only Administrator role is extended to include support for the Strata Logging Service application.

You can use the Trusted IP List to restrict access to Strata Cloud Manager by specifying IP addresses that are allowed on a per tenant basis. This feature is available in Strata Cloud ManagerSettingsTrusted IP List.