New Features in August 2025
Focus
Focus
Strata Cloud Manager

New Features in August 2025

Table of Contents

New Features in August 2025

Here are the new features we've added to Strata Cloud Manager in August 2025.

New Strata Cloud Manager Management Features (August 2025)

See the new configuration management features we've added to Strata Cloud Manager in August 2025.
Here's the new configuration management features we've added to Strata Cloud Manager in August 2025; we use a scheduled upgrade to deliver these features to you and they are supported with the Cloud Manager 2025.R4.0 release version. Check your Strata Cloud Manager in-product notifications for updates on the release upgrade schedule. You can verify which Strata Cloud Manager release version you're running by navigating to your configuration overview, and checking the Cloud Management Version.

Strata Cloud Manager: Best Practice Check for GlobalProtect Portal Traffic

August 15, 2025
The Strata Cloud Manager Best Practice Check now evaluates your configuration for the presence of a Vulnerability Protection profile that corresponds to Palo Alto Networks Best Practices for traffic destined to a GlobalProtect portal or gateway services when configured to allow. This is intended to prevent accidental deployment of security profiles that might inadvertently place the GlobalProtect interface at risk of attack using published product security vulnerabilities.

Strata Cloud Manager: Configuration Management Support by Region

August 15, 2025
Supported on:
  • NGFW (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Strata Cloud Manager)
Strata Cloud Manager now supports the following additional regions:
  • Korea
  • Poland
  • France
  • Spain
  • South Africa
Strata Cloud Manager now supports the following additional regions:
  • Korea
  • Poland
  • France
  • Spain
  • South Africa
Strata Cloud Manager for Configuration Management is a solution that is defined and controlled based on the region where it is deployed. You can deploy Strata Cloud Manager in the locations of your choosing, based on data location preferences and where you have the most users. For this reason, we are rolling out region-specific support for Strata Cloud Manager as soon as we are able to do so for each region.

Strata Cloud Manager: UI Enhancements

August 15, 2025
Supported on:
  • NGFW (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Strata Cloud Manager)
Strata Cloud Manager now includes several web interface enhancements to improve your configuration management experience. These updates optimize workflows and provide greater visibility into your network security settings.
Changes include:
    • Timestamps for configuration entities: You can now see when rules were last modified with timestamps available for all configuration entities.
    • Edit objects such as addresses directly on the Security Policy page if they're in the same scope.
    • When adding or editing rules, you can choose a higher-level location for object placement, or create new objects such as applications directly in your current scope or the application’s location.
    • Click on an application to edit it, or create a new application in a different location.
    • Visual identification has been improved with new icons for Web Security Rules, Security Rules, and Addresses.
    • A new Rule Type column shows the rule type for each policy in the Security Policy Rule page. The default is Universal. You can also select Intrazone or Interzone.
    • On the ConfigurationNGFW and Prisma AccessOverviewConfiguration SnippetsAssociate Snippets page, you can now reorder overriding rules with drag and drop.
    • Move the global default rule, or move snippets within a rulebase using the Move option.
    • A confirmation prompt now appears before deleting a snippet, reducing the risk of accidental removals.
    ObjectsApplications page
    • The ObjectsApplications page now includes filters to view applications by Custom or Tagged applications.

New NetSec Platform Features on Strata Cloud Manager (August 2025)

See all the new features made available for Strata Cloud Manager in August 2025.
These new features follow the Strata Cloud Manager release model of continuous feature deployment; as they're ready, we make them available to ensure the latest support for all products and subscriptions across the NetSec platform. There's no Strata Cloud Manager upgrade or management version requirement associated with these features; however, check if they have version or license dependencies associated with other parts of the NetSec platform (like a cloud-delivered security service subscription, or a Prisma Access version, for example).

Strata Cloud Manager: NGFW Alerts in August

August 29, 2025
Here are the NGFW alerts introduced in August 2025:
  • Firewall Logs Getting Discarded
  • Firewall Losing Logs
Health alerts actively monitor the health and performance of your platform in real time. This approach helps in identifying issues, predicting potential problems, and implementing remediation actions to ensure your devices function optimally. Here are some key aspects:
  • Monitoring Metrics: Continuously monitor various metrics from the NGFWs, including CPU utilization, memory usage, disk space, network throughput, and other relevant performance indicators.
  • Anomaly Detection: Generate alerts that dynamically adjust based on the metric's historical value and your usage trends.
  • Predictive Analysis: Leverage historical data and patterns to predict when thresholds might be exceeded or specific events may occur. This helps forecast potential issues before they escalate.

Accelerate Insights and Enhance Security with Telemetry Autoenablement

August 28, 2025
Supported for:
  • Strata Cloud Manager
  • Introduced in PAN-OS 11.2.8 and 12.1.2
Telemetry autoenablement for Palo Alto Networks devices streamlines the activation and configuration of telemetry, eliminating complex workflows and manual setup. This feature ensures that upon device onboarding, telemetry is automatically enabled and configured to stream data to the correct data residency region, determined by your location or existing configurations.
Strata Cloud Manager or hub now manages telemetry settings, rather than individual Panorama or firewall devices. These services store information for all devices within a tenant service group (TSG), simplifying and automating telemetry configuration. This approach removes operational hurdles, enabling full utilization of telemetry's benefits while maintaining control over data sharing preferences.
Consistent telemetry data streaming provides enhanced security, faster security responses, and access to advanced features through critical threat insights. Telemetry autoenablement ensures your devices send valuable diagnostic and usage information, significantly improving support case resolution times and offering real-time insights into performance, usage, and potential issues.
You have the ability to manage your telemetry settings at the TSG level, including the option to change the telemetry tier from Full to Diagnostic through the hub interface or Strata Cloud Manager. This tiered approach ensures you can choose the level of information shared while adhering to data privacy requirements. Additionally, all telemetry configuration changes are logged for audit purposes, assisting with compliance and security policy adherence.

Admin Role Profile Configuration

August 15, 2025
Strata Cloud Manager™ now makes it easy to create and deploy custom admin roles for managed NGFWs, allowing you to control what each administrator is allowed to do.
By setting up roles with specific permissions and assigning them to administrators you can enforce the principle of least privilege, ensuring administrators have only the access necessary for their specific job functions.
This feature gives you fine-grained control across the web interface, CLI, REST API, and XML API. You can configure detailed access permissions over various functional areas, including device configuration, network settings, security policies, monitoring capabilities, and operational tasks. For example, you can create a network admin role that has permissions to manage interfaces and routing but is restricted from changing security profiles.
By configuring custom admin roles, you can enhance your security posture, simplify compliance, and create a more organized and efficient workflow for your administrators.

Strata Cloud Manager: Custom Defined Application Settings

August 15, 2025
Strata Cloud Manager (SCM) now provides users the ability to customize predefined local and cloud-based applications. For each given application, you can modify the TCP Timeout, TCP Half Closed, TCP Time Wait, and Risk values to more appropriately fit the needs of your organization's network security requirements.

Strata Cloud Manager: IPv6 Route Configuration

August 15, 2025
Supported on:
  • NGFW (Managed by Strata Cloud Manager)
You can configure a data port (a regular interface) to access external services, such as DNS servers, external authentication servers, Palo Alto Networks® services such as software, URL updates, licenses and AutoFocus. Strata Cloud Manager now supports configuring and deploying IPv6 service routes (in addition to IPv4 service routes) for all managed NGFW platforms.

Strata Cloud Manager: IPv6 Support

August 15, 2025
Strata Cloud Manager now provides IPv6 address support for many configurations. The following areas support both IPv4 and IPv6 addresses in the IP address fields.
  • Management
    • RADIUS
    • LDAP
    • Kerberos
    • TACACS+
    • SSH Management
    • Aux1 and Aux2
    • Web Interface
    • NTP
    • Device DNS
  • Security
    • Zone Protection Profile
    • Packet-Based Attack Protection
    • Reconnaissance Protection
  • Networking
    • IPv6 Static Routes
    • Policy-Based Forwarding (PBF)
    • Dual Stack Support for L3 Interfaces
    • Neighbor Discovery and Duplicate Address Detection
    • NAT64 (IP to IPv6 Protocol Translation)
    • Link Layer Discovery Protocol (LLDP)
    • Bidirectional Forwarding Detection (BFD)
  • User-ID
    • Captive Portal for IPv6
  • Host Dynamic Address Configuration
    • DHCP Relay
    • SLAAC (Router Advertisements)
    • SLAAC (Router Preferences)
    • SLAAC (RDNSS)
  • VPN
    • IKE Gateway
    • IPSec Tunnel
    • IKEv2
    • IPv6 over IPv4 IPSec Tunnel

Strata Cloud Manager: GRE Tunnel Termination

August 15, 2025
Supported for: Strata Cloud Manager
Strata Cloud Manager allows you to configure and deploy GRE (Generic Routing Encapsulation) tunnels on managed NGFW platforms to establish secure, point-to-point connectivity across untrusted networks. GRE tunnels enable you to encapsulate various network layer protocols inside virtual point-to-point links, allowing you to extend your network topology across geographically distributed locations.

Master Key Management for NGFWs

August 15, 2025
Now you can deploy a custom master key in Strata Cloud Manager™ to replace the default master key on your next-generation firewalls (NGFWs), adding an extra layer of protection for your sensitive data.
When you deploy a new master key, Strata Cloud Manager re-encrypts all key material to strengthen your security posture. You can define a custom lifetime for the master key (from 1 to 18, 250 days) and set reminder notifications (1 to 365 days before expiration). This allows you to rotate keys on schedule to help minimize disruption. Regular rotation is a best practice for cryptographic key management and helps you meet compliance requirements.
The Deploy Master Key feature supports both standalone and high-availability (HA) firewall configurations, with built-in validations to ensure secure key deployment.

Strata Cloud Manager: Log Forwarding Card (LFC) Support

August 15, 2025
You can now configure a PA-7000 Series Firewall Log Forwarding Card (LFC) using Strata Cloud Manager. The LFC is a physical, high-performance slot card that forwards all dataplane logs from the firewall to an external logging system. Once installed, you can choose to configure either interface LFC 1/1 or interface LFC 1/9, as well as IPv4 or IPv6 settings, depending on your deployment needs.

Netflow Monitoring

August 15, 2025
Strata Cloud Manager™ now provides the ability to configure and deploy NetFlow on managed next-generation firewall (NGFW) platforms. This new capability allows you to export detailed IP traffic statistics to a NetFlow collector, providing valuable data for security analysis, troubleshooting, and performance optimization. You can create server profiles to define collector destinations and export parameters, with support for Layer 3, Layer 2, virtual wire, tap, VLAN, loopback, and tunnel interfaces. This feature supports NetFlow Version 9 and both standard and enterprise templates.

Response Page Customization

August 15, 2025
Strata Cloud Manager™ now offers expanded response page customization, allowing you to tailor additional page types for a more consistent and user-friendly experience. These pages appear during authentication challenges, security restrictions, or informational notices, helping users understand what is happening while maintaining your organization’s branding.
Newly supported customizable pages include:
  • GlobalProtect: Customize portal login pages, welcome screens, and help pages that guide users through the connection process.
  • Authentication Services: Modify Multi-Factor Authentication (MFA) login pages and SAML authentication error pages to provide clear guidance during authentication challenges.
  • SSL Decryption: Customize notification pages to inform users about traffic inspection policies and certificate errors.

Strata Cloud Manager: Hardware Security Module (HSM) Integration

August 15, 2025
You can now set up a Hardware Security Module (HSM) to generate, store, and manage digital keys through Strata Cloud Manager. An HSM is a physical appliance that, once connected, provides both physical and logical protection of these cryptographic keys. By utilizing the management options in Strata Cloud Manager, you can specify HSM servers that use one or more of the following providers: SafeNet Network, nCipher nCshield Connect, or Thales CipherTrust Manager.

Strata Cloud Manager: Management Service Route

August 28, 2025
Supported for: Strata Cloud Manager
The firewall uses the management (MGT) interface by default to access external services, such as DNS servers, external authentication servers, Palo Alto Networks® services such as software, URL updates, licenses and AutoFocus. An alternative to using the MGT interface is to configure a data port (a regular interface) to access these services. A service route is the path from the interface to the service on a server. Strata Cloud Manager allows you to customize service routes for various services or Use Management Interface for all services.

Strata Cloud Manager: Policy Application Dependency Management

August 15, 2025
Strata Cloud Manager (SCM) now provides users the ability to view all dependent applications associated with a selected application while creating Security Policy Rules. This makes it easier to build security policies without unintentionally excluding required dependent applications. To view the dependent applications, access the relevant Security Policy Rule, and from the Application / Service menu, open the Application dropdown and select the Dependent Applications button. This opens the Dependent Applications pane, which displays all dependent apps contained within the selected application it relies on, as well as the rules they are used in. Additionally, you can also add these dependencies directly to your current rule or an existing rule.

Strata Cloud Manager Command Center: Fair Metric Classification for ADEM Operational Health View and Widgets

August 1, 2025
Supported for: Strata Cloud Manager
The Operational Health view and User Device Experience widgets in the Strata Cloud Manager Command Center now display Fair metrics alongside the existing Good and Poor performance indicators, providing you with more granular visibility into user session quality and network performance degradation levels. This enhanced categorization helps you better identify and address performance issues that fall between optimal and severely degraded states, enabling more precise troubleshooting and policy optimization decisions.

Strata Cloud Manager: Virtual Routers

August 15, 2025
Supported on:
  • NGFW (Managed by Strata Cloud Manager)
Virtual router support for cloud managed NGFWs addresses some configuration gaps in Strata Cloud Manager by implementing missing capabilities that are present in Panorama, enabling seamless migration for customers with existing virtual router deployments. You benefit from this enhancement when migrating from Panorama to Strata Cloud Manager because it eliminates configuration blockers that would otherwise prevent successful migration or require extensive reconfiguration of your routing protocols. The feature specifically targets configuration options identified in current Panorama deployments, ensuring that your existing BGP, OSPF, and static routing configurations can be preserved during the migration process.
You can configure enhanced BGP parameters including authentication profiles with secret keys, dampening profiles with configurable cutoff and decay settings, advanced peer connection options such as idle hold time and incoming connection management, and sophisticated route aggregation with suppress filters. The feature provides expanded OSPF capabilities including MD5 authentication profiles with key management, password-based authentication options, and enhanced area configuration parameters. You also gain access to improved static routing options including next virtual router capabilities and advanced route table configurations for both IPv4 and IPv6 implementations.