Strata Cloud Manager
New Features in February 2025
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
New Features in February 2025
Here are the new features available in Strata Cloud Manager in February
2025.
Features listed here include some feature highlights for the products supported with
Strata Cloud Manager.
Case Creation Enhancements in Strata Copilot
February 21, 2025
Supported on Strata Cloud Manager
|
The case creation workflow in Strata Copilot is now restructured for improved
efficiency, now following a more logical progression.

When opening a case, Strata Copilot first
collects core information such as product, hostname, issue description, and
severity. Depending on the nature of the issue, Strata Copilot can prompt for
additional details. Once Strata Copilot gathers the necessary information, it
runs an automated analysis using category-specific playbooks, including a
dedicated one for commit issues. Based on this analysis, Strata Copilot suggests
remediation actions if a relevant playbook is identified. As you progress, you
will see real-time updates during playbook execution. If these suggestions don't
resolve your issue, you can then proceed to open your support case.
The system preserves your case creation state for one hour, allowing you to
resume without losing progress if you encounter interruptions. This streamlined
process ensures all required information is collected upfront, enabling more
accurate analysis and potentially faster resolution of your issue.
Strata Cloud Manager: New Best Practice Assessment Checks and Custom Checks
February 14, 2025
Supported on Strata Cloud Manager for:
Strata Cloud Manager introduces the following new
checks and features:
|
Strata Cloud Manager lets you validate your configuration against
predefined Best Practices and custom checks
you create based on the needs of your organization. As you make changes to your
service routes, connection settings, allowed services, and administrative access
settings for the management and auxiliary interfaces for your firewalls, Strata
Cloud Manager gives you assessment results inline so you can take immediate
corrective action when necessary. This eliminates problems that misalignments with
best practices can introduce, such as conflicts and security gaps.
Inline checks let you:
- Gauge the effectiveness of, assess the impact of, and validate changes you make to your configuration using inline assessment results.
- Prioritize and perform remediations based on the recommendations from the inline assessment.
Strata Cloud Manager: Web Access Policy Rule Replacement: Migrate to the New Internet Access Rule
February 14, 2025
Supported on Strata Cloud Manager for:
|
The Internet Access rule is a new policy type
within the security rulebase in Strata Cloud Manager, which simplifies the security
management, reduces rulebase complexity, and ensures consistent security control
across web traffic, particularly in cloud-centric, and SaaS-driven environments.
The Internet Access rule replaces the existing Web Access policy rules with improved
capabilities. Internet Access rule migration transfers your existing web
Security policy rules. The system integrates Web Security policy rules and custom
Web Access policy rules into the new framework during your tenant upgrades.
You can efficiently manage user access to web applications, applying functional
controls, application tenant handling, and data security inspections globally or for
specific applications and URLs. This rule integrates with SaaS Security Inline, providing native capabilities without requiring policy recommendation workflows.
You can use it alongside existing firewall access policy rules, maintaining full
control over rule ordering.
Default settings allow outbound access to
SaaS applications and URLs with security inspection and logging enabled. You can
adjust built-in decryption rules per scope for precise control over encrypted
traffic. New Strata Cloud Manager[oneapp] tenants receive an optimized
out-of-the-box security configuration, while existing tenants can adopt the Internet
Access rule without disrupting current setups.
Strata Cloud Manager: Snippet Sharing - Advanced Controls and Visibility Enhancements
February 14, 2025
Supported on Strata Cloud Manager for:
|
The snippet sharing enhancement improves
control and visibility over shared configurations across multiple tenants. The new
features include a customizable Action when disassociated property for Subscriber
Tenants, which allows you to convert snippets to local or delete them when
disassociated.
You can now choose between reverting snippet-related changes or keeping current
versions when loading previous configurations with the Config Version
Load functionality.
To reduce misconfiguration during publishing, you'll benefit from the
validate-before-update function, while asynchronous loading of updates for
subscribers enhances performance.
The UI improvements introduce Paused Updates status indicators
and refresh capabilities for Subscribed and Published Tenants, making it easier for
you to track and manage snippet statuses. Error messaging now displays snippet names
instead of UUIDs, simplifying your troubleshooting process.
A new configuration indicator helps you track snippet sharing statuses efficiently.
These enhancements optimize your disassociated snippet management, provide you with
version control and configuration reload options, and improve error handling and
status visibility.
Strata Cloud Manager: Convert Local Configuration into Shared Snippets
February 14, 2024
Supported on Strata Cloud Manager for: NGFW (Managed by Strata Cloud Manager)
|
Strata Cloud Manager now converts local firewall configurations into shared
configuration snippets. You can select specific configuration elements from a
firewall to create reusable snippets for multiple devices. When creating snippets,
you control which configuration items to include, sharing only the necessary
settings across different network segments.
Converting local configurations to snippets
standardizes configurations across your network and deploys consistent settings to
multiple NGFWs. This replicates successful local configurations to other devices,
reduces duplication, and maintains consistency between local and shared
settings.
This functionality improves network configuration management and scaling. It ensures
quick propagation of best practices and optimized settings throughout your
infrastructure. The functionality connects local device management with centralized
configuration control for flexible network administration.
Strata Cloud Manager: Unified Policy Management for SaaS Security and Internet Access Policy Rules
February 14, 2025
Supported on Strata Cloud Manager for:
|
The Simplified Security Policy Recommendations
for SaaS Security Inline enhances your ability to manage and enforce SaaS app
Security policy rules efficiently for NGFW and Prisma Access
managed by Strata Cloud Manager. You can now create, manage, and enforce SaaS Security Inline policy rules using the predefined
SAAS-Inline-Pol-Recommendations snippet to enforce
consistent SaaS app security.
Alternatively, you can now create an Internet Access rule instead of going through
the typical SaaS Security Inline policy rule recommendation workflow. As a SaaS Security administrator, creating an Internet Access rule allows you
to gain full control over policy rule enforcement and rule ordering. The unified
policy framework simplifies your policy rule creation experience, allowing you to
enforce consistent SaaS app security regardless of the enforcement point, eliminate
policy implementation delay, and reduce the risk of misconfigurations. This
streamlined workflow enables you to fully utilize the SaaS Security Inline
capabilities, achieving a stronger security posture for your SaaS environment.
Simplified Security Policy Recommendations for SaaS Security Inline allows you
to more effectively secure your SaaS apps, reduce administrative overhead, and gain
clearer visibility into your SaaS Security posture. The Simplified
Security Policy Recommendations for SaaS Security Inline is valuable if you
manage complex SaaS environments, require granular control over Security policy
rules , or need to rapidly respond to evolving security requirements in your cloud
infrastructure.
Prisma Access Cloud Management Region Support
February 14, 2025
You can now deploy Prisma Access Cloud Management in the
following regions:
Supported on:
|
Strata Cloud Manager now supports the following additional
regions:
|
Strata Cloud Manager for Configuration Management is a solution that is defined and
controlled based on the region where it is deployed. You can deploy Strata Cloud
Manager in the locations of your choosing, based on data location preferences and
where you have the most users. For this reason, we are rolling out region-specific
support for Strata Cloud Manager as soon as we are able to do so for each region.
Visibility Into Prisma Access Configuration Push Status
February 14, 2025
Supported on Prisma Access (Managed by Strata Cloud Manager)
Prisma Access provides enhanced visibility into your configuration pushes in Prisma Access (Managed by Strata Cloud Manager) deployments, allowing you to better monitor and troubleshoot
configuration pushes across your network. The status of In Progress jobs is
improved, providing you with real-time insights into the progress of configuration
pushes across different regions and service types. You can view detailed information
about each push, including specific error messages or warnings, enabling quick
identification and resolution of issues. This granular visibility is useful when
managing large-scale deployments or troubleshooting complex configuration changes.
By using the configuration status messages, you can ensure smoother configuration
rollouts, reduce downtime, and maintain better control over your Prisma Access
environment. The feature's intuitive interface provides a familiar and user-friendly
experience, making it easier for you to manage your Prisma Access configurations
effectively.
Ability to Clone GlobalProtect App Settings and Tunnel Settings
February 14, 2025
Supported on Prisma Access (Managed by Strata Cloud Manager)
You can clone existing GlobalProtect tunnel settings and app settings. This enhancement facilitates
the creation of additional tunnel and app settings if you need to support split
tunneling or multiple connection settings.
Prisma Access Browser Support in Strata Copilot
February 6, 2025
Supported on Strata Cloud Manager for Prisma Access
Browser
|
Prisma Access Browser enables comprehensive event querying and analysis
through Strata Copilot, providing visibility into user activity, bandwidth usage
patterns, and potential security risks. With Prisma Access Browser analytics, you
can:
- Query the top interacted websites to understand browsing behavior.
- Analyze active device distribution across your network.
- Identify peak usage hours for resource planning.
- List the most active users for monitoring and compliance.
- Track file transfers to detect unauthorized data movement.
- Monitor cloud storage service interactions for security oversight.
Prisma Access Browser supports customizable time ranges for both real-time
and historical data analysis. Additionally, predefined queries help streamline
common data analysis tasks, improving efficiency.
Additional data sets continue to be added.
New AI-Powered Workflow for Troubleshooting Application Access
February 6, 2025
Supported on Strata Cloud Manager
|
Strata Copilot introduces an enhanced workflow for troubleshooting
application access in the Log Viewer. This new feature streamlines how you
explore Strata Logging Service logs related to access issues. When querying
about a user or an application name, Strata Copilot now generates dynamic,
context-aware recommendations based on your current view. These suggestions
include workflows to investigate policy denials for specific users and
applications within defined time frames, as well as options to grant access when
necessary. This AI-driven enhancement adapts to your unique needs, making log
exploration for access-related issues more intuitive and efficient, ultimately
simplifying the investigation and resolution of application access
challenges.

Enhanced RMA Workflow for Strata Cloud Manager
February 6, 2025
Supported for: NGFW (Managed by Strata Cloud Manager),
excluding VM-Series NGFWs.
|
The Return Merchandise Authorization (RMA) workflow in Device Management streamlines the process
of replacing failed NGFWs in your network environment. This feature automates and
simplifies the traditionally manual, error-prone, and time-consuming task of
replacing devices. With the new RMA workflow, you can restore configurations and
maintain logging, monitoring, and reporting after asset transfer. The workflow
enables you to replace a failed device with a new one while automatically
associating it with the same configurations and HA pairs as the old device.
RMA offers a user-friendly interface that clearly displays the status of
each step in the replacement process. You can easily restore both local and shared
configurations from the old device to the new one. The feature supports the
replacement of devices in high availability (HA) pairs without affecting the peer
device. In the case of errors or failures during the workflow, you receive
instructions for recovery without requiring intervention from Palo Alto
Networks.
Strata Cloud Manager: NGFW Alerts in February
February 1, 2025
Here are the NGFW alerts introduced
in March 2025:
|
Health alerts actively monitor the health and
performance of your platform in real time. This approach helps in identifying
issues, predicting potential problems, and implementing remediation actions to
ensure your devices function optimally. Here are some key aspects:
- Monitoring Metrics: Continuously monitor various metrics from the NGFWs, including CPU utilization, memory usage, disk space, network throughput, and other relevant performance indicators.
- Anomaly Detection: Generate alerts that dynamically adjust based on the metric's historical value and your usage trends.
- Predictive Analysis: Leverage historical data and patterns to predict when thresholds might be exceeded or specific events may occur. This helps forecast potential issues before they escalate.