Strata Cloud Manager lets you validate your configuration against predefined Best Practices and custom checks you create based on the needs of your organization. As you make changes to your service routes, connection settings, allowed services, and administrative access settings for the management and auxiliary interfaces for your firewalls, Strata Cloud Manager gives you assessment results inline so you can take immediate corrective action when necessary. This eliminates problems that misalignments with best practices can introduce, such as conflicts and security gaps.

Inline checks let you:

Strata Cloud Manager lets you validate your configuration against predefined Best Practices and custom checks you create based on the needs of your organization. As you make changes to your service routes, connection settings, allowed services, and administrative access settings for the management and auxiliary interfaces for your firewalls, Strata Cloud Manager gives you assessment results inline so you can take immediate corrective action when necessary. This eliminates problems that misalignments with best practices can introduce, such as conflicts and security gaps.

Inline checks let you:

(HA deployments only) In an Auto VPN with SD-WAN configuration, the Auto VPN can now generate the appropriate configuration automatically for the active and passive HA peers (both branch and hub HA pairs). It enables the HA failovers to be seamless between the HA pairs.

If your Prisma® Access deployment uses a large number of sessions, and you would like to delete those sessions quickly, you can enable fast session delete, which allows Prisma Access to reuse TCP port numbers before the TCP TIME_WAIT period expires. This reuse of the TCP port numbers can be useful if your deployment has a large number of SSL decrypted sessions that may be short-lived. You can choose to enable this functionality for Prisma Access Remote Networks, Service Connections, and Mobile Users—GlobalProtect®; for Mobile Users—Explicit Proxy deployments, this functionality is enabled by default and you cannot disable it.

When you onboard a Service Connection or Remote Network connection, a public IP address is assigned for the other side of the IPSec tunnel (the Service IP Address). You use these public IP addresses for your CPE in your branch site or headquarters or data center location. Keeping records of all the IP addresses you need to configure on your CPE can be time consuming.

Instead of IP addresses, Prisma® Access provides you FQDNs or Service Endpoint Addresses to use for the other end of the IPSec tunnel for Service Connections and Remote Network Connections, thus facilitating the IPSec tunnel setup on your CPE at your branch sites or headquarters or data center locations.

Organizations are increasingly adopting IPv6 endpoints and require seamless, end-to-end IPv6 access across their entire Secure Access Service Edge (SASE) environment. Previously, IPv6 support in Prisma® Access was limited to private applications. This feature now encompasses comprehensive end-to-end IPv6 support for Mobile Users, Remote Networks, and Service Connections. One key benefit of native IPv6 support is the ability for Mobile Users utilizing IPv6-only endpoints to establish connections with Prisma Access via IPv6 connections using GlobalProtect®. Additionally, this support enables secure access to public SaaS applications over the internet, even when those destinations necessitate IPv6 connections. This enhancement, leveraging the significantly larger IPv6 address space, ensures compatibility with both IPv6 and dual-stack connections, accelerating your organization's migration to modern, cloud-based, and IPv6-enabled networks.

Prisma Access Explicit Proxy now supports service connections to enable you to access resources in your data center. With this change, you will still be able to benefit from a proxy connection while accessing external dynamic lists, partner apps, or private apps hosted in your data center.

Manually synchronizing configurations across multiple tenants is error-prone and inefficient. Snippet sharing eliminates the need for manual synchronization, transforming multitenant configuration management in Strata Cloud Manager. This feature simplifies the sharing of common configurations across tenants, significantly reducing the time and effort required for complex setups.

You can now save and organize configuration combinations as reusable snippets. You can easily share these reusable snippets across tenants within your account. This capability provides flexibility, control, and efficiency in managing shared configurations. Use snippet sharing to move configurations from lab to production environments, migrate settings between tenants, manage common configurations across multiple tenants from a single location, and easily handle global configurations across business units.

Config Search in Strata Cloud Manager enables you to search configuration objects and settings for a particular string, such as IP addresses, object name, referenced objects, duplicate objects, policy names, policy rules, policies covered for specific CVEs, rule UUID, predefined snippets, or application name.

The search results are categorized and provide links to the configuration location in the Strata Cloud Manager, allowing you to easily find all occurrences and references of the searched string.

Eliminate the need for context switching from central management to individual firewalls for managing local configurations.

This feature enhances readability, simplifies troubleshooting, and reduces manual effort by providing visibility and control over local firewall configurations through Strata Cloud Manager. Additionally, it identifies any conflicting or overridden objects between local and pushed configurations, making it easier to troubleshoot.

You can now manage your Strata Logging Service instance with Strata Cloud Manager. The Strata Logging Service integration in Strata Cloud Manager provides a single, unified interface to manage your log data, enhances operational efficiency and compliance across your entire environment. This centralized management capability allows you to:

This integration ensures that you can efficiently monitor your log status and manage data forwarding without switching between applications.

To minimize data loss incidents and educate your workforce, Enterprise Data Loss Prevention (E-DLP) now enables real-time coaching when user actions violate your organization's data security policy. End User Coaching automatically notifies and educates users when their actions involve sensitive data that cannot leave your corporate network.

Your data security administrator can use End User Coaching to immediately notify end users through the Access Experience User Interface (UI) when they upload, download, or post content that is blocked by Enterprise DLP. Data security administrators can customize these notifications to provide detailed incident information, helping the user understand the violation and modify their content appropriately. After a user generates a DLP incident, they can view the Data Security notification history to review current and past policy violation alerts.