New Features in February 2025
Focus
Focus
Strata Cloud Manager

New Features in February 2025

Table of Contents

New Features in February 2025

Here are the new features available in Strata Cloud Manager in February 2025.
Features listed here include some feature highlights for the products supported with Strata Cloud Manager.

Case Creation Enhancements in Strata Copilot

February 21, 2025
Supported on Strata Cloud Manager
The case creation workflow in Strata Copilot is now restructured for improved efficiency, now following a more logical progression.
When opening a case, Strata Copilot first collects core information such as product, hostname, issue description, and severity. Depending on the nature of the issue, Strata Copilot can prompt for additional details. Once Strata Copilot gathers the necessary information, it runs an automated analysis using category-specific playbooks, including a dedicated one for commit issues. Based on this analysis, Strata Copilot suggests remediation actions if a relevant playbook is identified. As you progress, you will see real-time updates during playbook execution. If these suggestions don't resolve your issue, you can then proceed to open your support case.
The system preserves your case creation state for one hour, allowing you to resume without losing progress if you encounter interruptions. This streamlined process ensures all required information is collected upfront, enabling more accurate analysis and potentially faster resolution of your issue.

Strata Cloud Manager: New Best Practice Assessment Checks and Custom Checks

February 14, 2025
Supported on Strata Cloud Manager for:
Strata Cloud Manager introduces the following new checks and features:
  • Custom checks support a wide range of configuration objects, including authentication profiles, device setup, security profiles, GlobalProtect configurations, network objects, and policy rules.
  • Inline configuration analysis supports new configuration objects, including addresses, application groups, dynamic user groups, HIP profiles, tags, and variables.
  • Custom checks support multi-objects and the len operator for greater flexibility.
  • Custom checks validate security policies for applications within application filters, enhancing policy coverage and security.
  • Supports cloning of predefined checks.
  • Both Best Practices Assessment (BPA) and custom checks support web security policies.
Strata Cloud Manager lets you validate your configuration against predefined Best Practices and custom checks you create based on the needs of your organization. As you make changes to your service routes, connection settings, allowed services, and administrative access settings for the management and auxiliary interfaces for your firewalls, Strata Cloud Manager gives you assessment results inline so you can take immediate corrective action when necessary. This eliminates problems that misalignments with best practices can introduce, such as conflicts and security gaps.
Inline checks let you:
  • Gauge the effectiveness of, assess the impact of, and validate changes you make to your configuration using inline assessment results.
  • Prioritize and perform remediations based on the recommendations from the inline assessment.

Strata Cloud Manager: Web Access Policy Rule Replacement: Migrate to the New Internet Access Rule

February 14, 2025
Supported on Strata Cloud Manager for:
  • Prisma Access (Managed by Strata Cloud Manager)
  • NGFW (Managed by Strata Cloud Manager)
The Internet Access rule is a new policy type within the security rulebase in Strata Cloud Manager, which simplifies the security management, reduces rulebase complexity, and ensures consistent security control across web traffic, particularly in cloud-centric, and SaaS-driven environments.
The Internet Access rule replaces the existing Web Access policy rules with improved capabilities. Internet Access rule migration transfers your existing web Security policy rules. The system integrates Web Security policy rules and custom Web Access policy rules into the new framework during your tenant upgrades.
You can efficiently manage user access to web applications, applying functional controls, application tenant handling, and data security inspections globally or for specific applications and URLs. This rule integrates with SaaS Security Inline, providing native capabilities without requiring policy recommendation workflows. You can use it alongside existing firewall access policy rules, maintaining full control over rule ordering.
Default settings allow outbound access to SaaS applications and URLs with security inspection and logging enabled. You can adjust built-in decryption rules per scope for precise control over encrypted traffic. New Strata Cloud Manager[oneapp] tenants receive an optimized out-of-the-box security configuration, while existing tenants can adopt the Internet Access rule without disrupting current setups.

Strata Cloud Manager: Snippet Sharing - Advanced Controls and Visibility Enhancements

February 14, 2025
Supported on Strata Cloud Manager for:
  • Prisma Access (Managed by Strata Cloud Manager)
  • NGFW (Managed by Strata Cloud Manager)
The snippet sharing enhancement improves control and visibility over shared configurations across multiple tenants. The new features include a customizable Action when disassociated property for Subscriber Tenants, which allows you to convert snippets to local or delete them when disassociated.
You can now choose between reverting snippet-related changes or keeping current versions when loading previous configurations with the Config Version Load functionality.
To reduce misconfiguration during publishing, you'll benefit from the validate-before-update function, while asynchronous loading of updates for subscribers enhances performance.
The UI improvements introduce Paused Updates status indicators and refresh capabilities for Subscribed and Published Tenants, making it easier for you to track and manage snippet statuses. Error messaging now displays snippet names instead of UUIDs, simplifying your troubleshooting process.
A new configuration indicator helps you track snippet sharing statuses efficiently. These enhancements optimize your disassociated snippet management, provide you with version control and configuration reload options, and improve error handling and status visibility.

Strata Cloud Manager: Convert Local Configuration into Shared Snippets

February 14, 2024
Supported on Strata Cloud Manager for: NGFW (Managed by Strata Cloud Manager)
Strata Cloud Manager now converts local firewall configurations into shared configuration snippets. You can select specific configuration elements from a firewall to create reusable snippets for multiple devices. When creating snippets, you control which configuration items to include, sharing only the necessary settings across different network segments.
Converting local configurations to snippets standardizes configurations across your network and deploys consistent settings to multiple NGFWs. This replicates successful local configurations to other devices, reduces duplication, and maintains consistency between local and shared settings.
This functionality improves network configuration management and scaling. It ensures quick propagation of best practices and optimized settings throughout your infrastructure. The functionality connects local device management with centralized configuration control for flexible network administration.

Strata Cloud Manager: Unified Policy Management for SaaS Security and Internet Access Policy Rules

February 14, 2025
Supported on Strata Cloud Manager for:
  • Prisma Access (Managed by Strata Cloud Manager)
  • NGFW (Managed by Strata Cloud Manager)
The Simplified Security Policy Recommendations for SaaS Security Inline enhances your ability to manage and enforce SaaS app Security policy rules efficiently for NGFW and Prisma Access managed by Strata Cloud Manager. You can now create, manage, and enforce SaaS Security Inline policy rules using the predefined SAAS-Inline-Pol-Recommendations snippet to enforce consistent SaaS app security.
Alternatively, you can now create an Internet Access rule instead of going through the typical SaaS Security Inline policy rule recommendation workflow. As a SaaS Security administrator, creating an Internet Access rule allows you to gain full control over policy rule enforcement and rule ordering. The unified policy framework simplifies your policy rule creation experience, allowing you to enforce consistent SaaS app security regardless of the enforcement point, eliminate policy implementation delay, and reduce the risk of misconfigurations. This streamlined workflow enables you to fully utilize the SaaS Security Inline capabilities, achieving a stronger security posture for your SaaS environment. Simplified Security Policy Recommendations for SaaS Security Inline allows you to more effectively secure your SaaS apps, reduce administrative overhead, and gain clearer visibility into your SaaS Security posture. The Simplified Security Policy Recommendations for SaaS Security Inline is valuable if you manage complex SaaS environments, require granular control over Security policy rules , or need to rapidly respond to evolving security requirements in your cloud infrastructure.

Prisma Access Cloud Management Region Support

February 14, 2025
You can now deploy Prisma Access Cloud Management in the following regions:
  • Israel
  • Indonesia
Supported on:
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
Strata Cloud Manager now supports the following additional regions:
  • Saudi Arabia
  • Israel
  • Indonesia
Strata Cloud Manager for Configuration Management is a solution that is defined and controlled based on the region where it is deployed. You can deploy Strata Cloud Manager in the locations of your choosing, based on data location preferences and where you have the most users. For this reason, we are rolling out region-specific support for Strata Cloud Manager as soon as we are able to do so for each region.

Visibility Into Prisma Access Configuration Push Status

February 14, 2025
Supported on Prisma Access (Managed by Strata Cloud Manager)
Prisma Access provides enhanced visibility into your configuration pushes in Prisma Access (Managed by Strata Cloud Manager) deployments, allowing you to better monitor and troubleshoot configuration pushes across your network. The status of In Progress jobs is improved, providing you with real-time insights into the progress of configuration pushes across different regions and service types. You can view detailed information about each push, including specific error messages or warnings, enabling quick identification and resolution of issues. This granular visibility is useful when managing large-scale deployments or troubleshooting complex configuration changes.
By using the configuration status messages, you can ensure smoother configuration rollouts, reduce downtime, and maintain better control over your Prisma Access environment. The feature's intuitive interface provides a familiar and user-friendly experience, making it easier for you to manage your Prisma Access configurations effectively.

Ability to Clone GlobalProtect App Settings and Tunnel Settings

February 14, 2025
Supported on Prisma Access (Managed by Strata Cloud Manager)
You can clone existing GlobalProtect tunnel settings and app settings. This enhancement facilitates the creation of additional tunnel and app settings if you need to support split tunneling or multiple connection settings.

Prisma Access Browser Support in Strata Copilot

February 6, 2025
Supported on Strata Cloud Manager for Prisma Access Browser
Prisma Access Browser enables comprehensive event querying and analysis through Strata Copilot, providing visibility into user activity, bandwidth usage patterns, and potential security risks. With Prisma Access Browser analytics, you can:
  • Query the top interacted websites to understand browsing behavior.
  • Analyze active device distribution across your network.
  • Identify peak usage hours for resource planning.
  • List the most active users for monitoring and compliance.
  • Track file transfers to detect unauthorized data movement.
  • Monitor cloud storage service interactions for security oversight.
Prisma Access Browser supports customizable time ranges for both real-time and historical data analysis. Additionally, predefined queries help streamline common data analysis tasks, improving efficiency.
Additional data sets continue to be added.

New AI-Powered Workflow for Troubleshooting Application Access

February 6, 2025
Supported on Strata Cloud Manager
Strata Copilot introduces an enhanced workflow for troubleshooting application access in the Log Viewer. This new feature streamlines how you explore Strata Logging Service logs related to access issues. When querying about a user or an application name, Strata Copilot now generates dynamic, context-aware recommendations based on your current view. These suggestions include workflows to investigate policy denials for specific users and applications within defined time frames, as well as options to grant access when necessary. This AI-driven enhancement adapts to your unique needs, making log exploration for access-related issues more intuitive and efficient, ultimately simplifying the investigation and resolution of application access challenges.

Enhanced RMA Workflow for Strata Cloud Manager

February 6, 2025
Supported for: NGFW (Managed by Strata Cloud Manager), excluding VM-Series NGFWs.
The Return Merchandise Authorization (RMA) workflow in Device Management streamlines the process of replacing failed NGFWs in your network environment. This feature automates and simplifies the traditionally manual, error-prone, and time-consuming task of replacing devices. With the new RMA workflow, you can restore configurations and maintain logging, monitoring, and reporting after asset transfer. The workflow enables you to replace a failed device with a new one while automatically associating it with the same configurations and HA pairs as the old device.
RMA offers a user-friendly interface that clearly displays the status of each step in the replacement process. You can easily restore both local and shared configurations from the old device to the new one. The feature supports the replacement of devices in high availability (HA) pairs without affecting the peer device. In the case of errors or failures during the workflow, you receive instructions for recovery without requiring intervention from Palo Alto Networks.

Strata Cloud Manager: NGFW Alerts in February

February 1, 2025
Here are the NGFW alerts introduced in March 2025:
  • Detect Hot Plug Events
  • Card Failure: Card start timeout - Max restarts attempted
  • Dataplane Process all_pktproc Crash - Invalid URL Cache Category Length
  • Mismatch of Server Group Mapping Users and Groups between LDAP and PAN-OS Device
Health alerts actively monitor the health and performance of your platform in real time. This approach helps in identifying issues, predicting potential problems, and implementing remediation actions to ensure your devices function optimally. Here are some key aspects:
  • Monitoring Metrics: Continuously monitor various metrics from the NGFWs, including CPU utilization, memory usage, disk space, network throughput, and other relevant performance indicators.
  • Anomaly Detection: Generate alerts that dynamically adjust based on the metric's historical value and your usage trends.
  • Predictive Analysis: Leverage historical data and patterns to predict when thresholds might be exceeded or specific events may occur. This helps forecast potential issues before they escalate.