Strata Cloud Manager lets you validate your configuration against predefined Best Practices and custom checks you create based on the needs of your organization. As you make changes to your service routes, connection settings, allowed services, and administrative access settings for the management and auxiliary interfaces for your firewalls, Strata Cloud Manager gives you assessment results inline so you can take immediate corrective action when necessary. This eliminates problems that misalignments with best practices can introduce, such as conflicts and security gaps.

Inline checks let you:

The Internet Access rule is a new policy type within the security rulebase in Strata Cloud Manager, which simplifies the security management, reduces rulebase complexity, and ensures consistent security control across web traffic, particularly in cloud-centric, and SaaS-driven environments.

The Internet Access rule replaces the existing Web Access policy rules with improved capabilities. Internet Access rule migration transfers your existing web Security policy rules. The system integrates Web Security policy rules and custom Web Access policy rules into the new framework during your tenant upgrades.

You can efficiently manage user access to web applications, applying functional controls, application tenant handling, and data security inspections globally or for specific applications and URLs. This rule integrates with SaaS Security Inline, providing native capabilities without requiring policy recommendation workflows. You can use it alongside existing firewall access policy rules, maintaining full control over rule ordering.

Default settings allow outbound access to SaaS applications and URLs with security inspection and logging enabled. You can adjust built-in decryption rules per scope for precise control over encrypted traffic. New Strata Cloud Manager[oneapp] tenants receive an optimized out-of-the-box security configuration, while existing tenants can adopt the Internet Access rule without disrupting current setups.

The snippet sharing enhancement improves control and visibility over shared configurations across multiple tenants. The new features include a customizable Action when disassociated property for Subscriber Tenants, which allows you to convert snippets to local or delete them when disassociated.

You can now choose between reverting snippet-related changes or keeping current versions when loading previous configurations with the Config Version Load functionality.

To reduce misconfiguration during publishing, you'll benefit from the validate-before-update function, while asynchronous loading of updates for subscribers enhances performance.

The UI improvements introduce Paused Updates status indicators and refresh capabilities for Subscribed and Published Tenants, making it easier for you to track and manage snippet statuses. Error messaging now displays snippet names instead of UUIDs, simplifying your troubleshooting process.

A new configuration indicator helps you track snippet sharing statuses efficiently. These enhancements optimize your disassociated snippet management, provide you with version control and configuration reload options, and improve error handling and status visibility.

Strata Cloud Manager now converts local firewall configurations into shared configuration snippets. You can select specific configuration elements from a firewall to create reusable snippets for multiple devices. When creating snippets, you control which configuration items to include, sharing only the necessary settings across different network segments.

Converting local configurations to snippets standardizes configurations across your network and deploys consistent settings to multiple NGFWs. This replicates successful local configurations to other devices, reduces duplication, and maintains consistency between local and shared settings.

This functionality improves network configuration management and scaling. It ensures quick propagation of best practices and optimized settings throughout your infrastructure. The functionality connects local device management with centralized configuration control for flexible network administration.

The Simplified Security Policy Recommendations for SaaS Security Inline enhances your ability to manage and enforce SaaS app Security policy rules efficiently for NGFW and Prisma Access managed by Strata Cloud Manager. You can now create, manage, and enforce SaaS Security Inline policy rules using the predefined SAAS-Inline-Pol-Recommendations snippet to enforce consistent SaaS app security.

Alternatively, you can now create an Internet Access rule instead of going through the typical SaaS Security Inline policy rule recommendation workflow. As a SaaS Security administrator, creating an Internet Access rule allows you to gain full control over policy rule enforcement and rule ordering. The unified policy framework simplifies your policy rule creation experience, allowing you to enforce consistent SaaS app security regardless of the enforcement point, eliminate policy implementation delay, and reduce the risk of misconfigurations. This streamlined workflow enables you to fully utilize the SaaS Security Inline capabilities, achieving a stronger security posture for your SaaS environment. Simplified Security Policy Recommendations for SaaS Security Inline allows you to more effectively secure your SaaS apps, reduce administrative overhead, and gain clearer visibility into your SaaS Security posture. The Simplified Security Policy Recommendations for SaaS Security Inline is valuable if you manage complex SaaS environments, require granular control over Security policy rules , or need to rapidly respond to evolving security requirements in your cloud infrastructure.

Strata Cloud Manager for Configuration Management is a solution that is defined and controlled based on the region where it is deployed. You can deploy Strata Cloud Manager in the locations of your choosing, based on data location preferences and where you have the most users. For this reason, we are rolling out region-specific support for Strata Cloud Manager as soon as we are able to do so for each region.

Prisma Access provides enhanced visibility into your configuration pushes in Prisma Access (Managed by Strata Cloud Manager) deployments, allowing you to better monitor and troubleshoot configuration pushes across your network. The status of In Progress jobs is improved, providing you with real-time insights into the progress of configuration pushes across different regions and service types. You can view detailed information about each push, including specific error messages or warnings, enabling quick identification and resolution of issues. This granular visibility is useful when managing large-scale deployments or troubleshooting complex configuration changes.

By using the configuration status messages, you can ensure smoother configuration rollouts, reduce downtime, and maintain better control over your Prisma Access environment. The feature's intuitive interface provides a familiar and user-friendly experience, making it easier for you to manage your Prisma Access configurations effectively.

You can clone existing GlobalProtect tunnel settings and app settings. This enhancement facilitates the creation of additional tunnel and app settings if you need to support split tunneling or multiple connection settings.

Strata Copilot introduces an enhanced workflow for troubleshooting application access in the Log Viewer. This new feature streamlines how you explore Strata Logging Service logs related to access issues. When querying about a user or an application name, Strata Copilot now generates dynamic, context-aware recommendations based on your current view. These suggestions include workflows to investigate policy denials for specific users and applications within defined time frames, as well as options to grant access when necessary. This AI-driven enhancement adapts to your unique needs, making log exploration for access-related issues more intuitive and efficient, ultimately simplifying the investigation and resolution of application access challenges.

The Return Merchandise Authorization (RMA) workflow in Device Management streamlines the process of replacing failed NGFWs in your network environment. This feature automates and simplifies the traditionally manual, error-prone, and time-consuming task of replacing devices. With the new RMA workflow, you can restore configurations and maintain logging, monitoring, and reporting after asset transfer. The workflow enables you to replace a failed device with a new one while automatically associating it with the same configurations and HA pairs as the old device.

RMA offers a user-friendly interface that clearly displays the status of each step in the replacement process. You can easily restore both local and shared configurations from the old device to the new one. The feature supports the replacement of devices in high availability (HA) pairs without affecting the peer device. In the case of errors or failures during the workflow, you receive instructions for recovery without requiring intervention from Palo Alto Networks.

Health alerts actively monitor the health and performance of your platform in real time. This approach helps in identifying issues, predicting potential problems, and implementing remediation actions to ensure your devices function optimally. Here are some key aspects: