>
    Strata Copilot
    New Features in October 2025
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. New Features in Strata Cloud Manager
    4. New Features in October 2025
    Download PDF
    Strata Cloud Manager

    New Features in October 2025

    Table of Contents

    New Features in October 2025

    Here are the new features we've added to Strata Cloud Manager in October 2025.

    New Strata Cloud Manager Management Features (October 2025)

    See the new configuration management features we've added to Strata Cloud Manager in October 2025.
    Here's the new configuration management features we've added to Strata Cloud Manager in October 2025; we use a scheduled upgrade to deliver these features to you and they are supported with the Cloud Manager 2025.R5.0 release version. Check your Strata Cloud Manager in-product notifications for updates on the release upgrade schedule. You can verify which Strata Cloud Manager release version you're running by navigating to your configuration overview, and checking the Cloud Management Version.

    Configuration Management Support by Region

    October 27, 2025
    Supported on:
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    Strata Cloud Manager for Configuration Management is a solution that is defined and controlled based on the region where it is deployed. You can deploy Strata Cloud Manager in the locations of your choosing, based on data location preferences and where you have the most users. This selection of locations allows for optimized performance, adherence to data residency requirements, and tailored user experiences based on geographical proximity. For this reason, we are rolling out region-specific support for Strata Cloud Manager as soon as we are able to do so for each region.
    You can now deploy Strata Cloud Manager in the following additional regions for Configuration Management support in the Strata Cloud Manager 2025.R5.0 release: Brazil, Italy, Korea, Poland, and Spain.
    The Global Configuration search feature is now available across the following regions: United States, Europe, and Singapore.

    Migration Catalog in Strata Cloud Manager

    October 27, 2025
    Supported for Strata Cloud Manager.
    Migration Catalog addresses the lack of uniform workflows and discoverability across various migration efforts by providing a single, centralized location for all migration-related activities in Strata Cloud Manager. This catalog serves as a launching point for migration workflows, offering visibility into available migration options and their prerequisites, which helps administrators better understand Strata Cloud Manager’s migration capabilities.
    When you access the Migration Catalog, you can view and select the Panorama-managed NGFW migration. The catalog implements a consistent user experience across different migration workflows based on a common stepper flow, similar to the existing Panorama-based NGFW migration. This standardization makes it easier for you to understand and navigate through the migration process regardless of which specific migration you are performing.
    For migration options, the catalog explains the high-level workflow and prerequisites needed for successful configuration migration into Strata Cloud Manager. This transparency helps you prepare adequately before initiating any migration process, reducing the likelihood of encountering issues during migration and increasing the chances of a smooth transition to Strata Cloud Manager.

    Panorama to Strata Cloud Manager Migration for NGFWs

    October 27, 2025
    Supported for:
    • NGFW (Managed by Panorama)
    If you use Panorama to manage your organizations NGFWs, you can migrate your configurations to Strata Cloud Manager for the benefits of cloud management.
    Strata Cloud Manager enables you to migrate your organizations NGFW hierarchy and configurations:
    • Complete migration visibility and control — Accept and validate Panorama running configurations with pre-migration identification of unsupported elements.
    • Flexible migration options — Choose partial or complete configuration migration based on your requirements.
    • Conflict prevention — Automatic detection and display of previously migrated elements during subsequent migrations.
    • Automated validation — Minimize the risk of configuration errors that could impact network security.
    • Configuration continuity — Maintain your previous configurations throughout the migration process.
    For the benefits of moving to Strata Cloud Manager, click here.

    Shared Configuration Management

    October 27, 2025
    Supported for:
    • Strata Cloud Manager
    Shared configuration management eliminates the complexity of managing security policies across multiple Palo Alto Networks services by allowing other Palo Alto Networks services to subscribe to and receive configuration objects from Strata Cloud Manager. Shared configuration management allows you to independently implement features without introducing inconsistencies or delays by providing a unified way for subscribers like Prisma SD-WAN Controller or Branch Sites for Prisma SD-WAN Ion devices to access and use Strata Cloud Manager managed NGFW and Prisma Access configurations.
    Palo Alto Networks services can access Strata Cloud Manager configuration objects on a read-only basis while maintaining proper synchronization and usage tracking. Shared configurations enable you to share Security Profiles such as Threat Prevention, Anti-Spyware, Vulnerability Protection, URL Filtering, and DNS Security with Prisma SD-WAN Controller instances. You can track which shared objects are actively referenced by external services, and Strata Cloud Manager automatically blocks deletion of configuration objects that are currently in use by external subscribers to prevent configuration conflicts.
    When making pushes to other services, reverting those pushes should be avoided as it may cause issues with your configuration.

    Zero Touch Provisioning NGFW Installer Web Application

    October 27, 2025
    Supported for:
    • NGFW (Managed by Strata Cloud Manager)
    You can now activate Palo Alto Networks NGFWs at branch locations using the ZTP NGFW Activation web app that extends the existing Zero Touch Provisioning (ZTP) capabilities to mobile devices. This solution enables field installers to complete NGFW onboarding and activation without requiring technical expertise or detailed knowledge of customer network configurations. The web app is browser-based and supports both iOS and Android devices, eliminating the need for separate native applications while maintaining full compatibility with existing ZTP workflows.
    The ZTP NGFW Activation web app allows for QR code scanning functionality on Gen 5 or newer hardware that automatically populates device-specific information including Serial Numbers and Claim Keys directly from labels affixed to the NGFW hardware. When you scan a QR code using your mobile device's camera, the QR code contains an embedded URL that redirects you to the ZTP Activation Page along with the Serial Number and Claim Key data. The application automatically populates these fields from the scanned QR code data, and you simply need to initiate the ZTP activation process for the device.
    You gain access to all existing ZTP activation features through the web app, including the ability to view activation history for devices processed within the last seven days and monitor the status of firewalls during the provisioning process. The application maintains the same security and authentication requirements as the desktop ZTP portal while optimizing the user interface for smartphones.
    This web app addresses deployment scenarios where installers work across multiple branch locations and may need to activate NGFWs for different customers without carrying laptops or requiring detailed technical documentation. The solution reduces the complexity of field deployments while maintaining the security and configuration management oversight that network security teams require for firewall provisioning workflows.

    New NetSec Platform Features on Strata Cloud Manager (October 2025)

    See all the new features made available for Strata Cloud Manager in October 2025.
    These new features follow the Strata Cloud Manager release model of continuous feature deployment; as they're ready, we make them available to ensure the latest support for all products and subscriptions across the NetSec platform. There's no Strata Cloud Manager upgrade or management version requirement associated with these features; however, check if they have version or license dependencies associated with other parts of the NetSec platform (like a cloud-delivered security service subscription, or a Prisma Access version, for example)

    Regional File Forwarding Configuration for MacOSX Dynamic Analysis

    October 20, 2025
    Supported for:
    • NGFW and Prisma Access (managed by Strata Cloud Manager)
    Organizations operate globally and frequently adhere to strict regional data compliance requirements when Advanced WildFire® is deployed into corporate networks for malware analysis. When using dynamic analysis for MacOSX files, meeting these geographic mandates can present a challenge. To address this control gap, the Advanced WildFire® service now provides the ability to choose the geographic location where MacOSX files are forwarded to for Advanced WildFire dynamic analysis. This ensures that customers maintain precise governance over where their samples are analyzed. This feature allows administrators to designate specific regional WildFire clouds—currently those located in the US, EU, Singapore, or Japan—to analyze and classify MacOSX files with WildFire verdicts using dynamic analysis, a high-fidelity sandboxing solution that tests the suspected file in a secure, virtualized environment to observe its behavior. The sample is temporarily sent to the region designated for MacOSX dynamic analysis, during which the file is analyzed and subsequently deleted. The sample analysis results are then sent to your configured WildFire public cloud region for access. The Advanced WildFire cloud uses the sample analysis results to generate and distribute signatures used by various Palo Alto Networks products to prevent further distribution of malicious threats contained in MacOSX files. By enforcing strict geographic boundaries for analysis, organizations can balance robust threat detection with regional data residency mandates. For maximum security, the forwarding functionality is disabled by default, ensuring configuration requires deliberate authorization. This capability strengthens compliance posture while leveraging the full detection power of Advanced WildFire.

    Streamline Incident Management with Unified Incident Framework

    October 17, 2025
    Supported for:
    • NGFW and Prisma Access (managed by Strata Cloud Manager)
    The Strata Cloud Manager Unified Incident Framework offers a consistent and centralized approach to managing incidents across your various security products. This framework addresses the challenges you face in monitoring diverse network security deployments by consolidating all incidents into a single, unified interface. This gives you comprehensive visibility into your entire security infrastructure.
    The unified dashboard displays a summary of all incidents, including the total number of open incidents and breakdowns by product type, category, severity, and priority. You can readily access detailed information for each incident, encompassing the title, severity level, affected objects, recommended remediation steps, and relevant timestamps.
    The framework supports flexible notification mechanisms, including email, webhooks, and integrations with ITSM systems, ensuring that you remain informed of critical issues even outside the product interface. You can customize incident settings to focus on issues pertinent to your specific deployments by defining criteria for incident generation and configuring notification preferences.
    Strata Cloud Manager now organizes Security Posture Settings under the Unified Incident Framework to deliver a unified and contextual incident management experience. Previously, you could access the security posture check from Configuration > Posture > Settings. With the unified incident framework, these security posture settings have moved to Incidents > Settings. This update aligns all posture-related rules and custom checks with incident workflows, enabling easier correlation between configuration issues and the incidents they generate.
    Leveraging the Unified Incident Framework provides the following benefits:
    • Consistent Incident Management: Ensures a uniform approach to incident handling.
    • Faster troubleshooting: Centralized visibility and detailed information facilitate quicker identification and resolution of issues.
    • Informed Decision-Making: Comprehensive context enables a better understanding of the impact and root cause of incidents.
    • Improved Operational Efficiency: Streamlined processes and reduced incident fatigue enhance overall operational effectiveness.
    This comprehensive design helps you maintain optimal health and security across your infrastructure, reducing the overhead and inefficiencies associated with managing disparate alerting systems.

    Unifying SASE and NGFW Visibility with the NetSec Health Dashboard

    October 10, 2025
    Supported for:
    • Prisma Access and NGFW (managed by Strata Cloud Manager)
    The NetSec Health Dashboard provides a comprehensive view of your organization's network security health across all user devices, branch sites and AI-Powered ADEM monitored applications. Previously, NGFW users lacked a unified way to understand the end-to-end health of users and applications across their organization. This dashboard enhances the existing SASE health dashboard by integrating the health and experience scores from both your Next-Generation Firewall (NGFW) deployments and your Prisma Access (PA) environment into a single pane of glass. Currently, the dashboard shows unified digital experience insights from NGFW deployments for user devices only.
    The interactive view in the dashboard shows the experience scores to highlight the status of user devices, sites, and applications in your organization as Good, Fair, and Poor. You can further drill down to analyze user-specific details, users’ browsing experience, network segments causing degradation, and open device incidents. For sites, you can review Prisma SD-WAN and third-party connectivity data and any related open incidents. For monitored applications, the dashboard shows application availability and critical end-to-end performance metrics.

    GlobalProtect: Two Factor Authentication Using OTPs

    October 27, 2025
    Supported for:
    • NGFW (managed by Strata Cloud Manager)
    Secure your remote access environment against credential theft by implementing robust two-factor authentication (2FA) using One-Time Passwords (OTPs). This essential security feature requires users requesting access to enter a unique OTP token sent from the authentication service to their RSA device. Implement this 2FA mechanism across your GlobalProtect® portals and gateways to ensure comprehensive protection
    By default, the app reuses the same credentials used to log in to the portal and gateway. In the case of OTP authentication, this behavior causes the authentication to initially fail on the gateway. The resulting delay in prompting the user for a login often leads to the time-sensitive OTP expiring before it can be entered. To prevent this, you must configure the portals and gateways that prompt for the OTP instead of using the same credentials on a per-app configuration basis.

    © 2025 Palo Alto Networks, Inc. All rights reserved.