→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
Think of the Overview page as your launching point in to NGFW and Prisma Access both for
first time setup, and for day-to-day configuration management (ManageConfigurationNGFW and Prisma AccessOverview).
AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Prisma Access license
If you select the Global configuration scope, you can view the
following details:
Global folders you create and their variables
Firewalls with config conflicts
Firewall sync status and Firewall connectivity status
General information
Configuration snippets
License
Trusted tenants for snippet sharing
Config version snapshots
Configuration Overview (Prisma Access)
Where Can I Use
This?
What Do I Need?
Prisma Access (Managed by Strata Cloud Manager)
Prisma Access license
If you’re just getting started with Prisma Access:
The Basics checklist shows you on how to get up and
running with Prisma Access; complete the tasks and walkthroughs here to get
started with a basic setup; then, test your environment and build out your
deployment.
The About panel displays the software and tenant information for
your Prisma Access environment.
For day-to-day configuration management:
Get at-a-glance configuration status
Standardize a common base configuration for a set of Prisma Access deployments
using the configuration snippets
Find configuration
snapshots—compare configuration versions and restore (or load) an earlier
version to recover from a configuration push with unintended impact to traffic
flow or security
Optimize
your configuration by cleaning up unused objects and rules, and
tightening rules that are introducing security gaps by allowing applications
you’re not using
After completing basic setup, you can start testing your environment and building out
your deployment.
Basics
Prisma Access configuration Basics guide you to get up and
running with Prisma Access. Complete the tasks here to get started with a basic
setup, that you then can use to test your environment and build out your
deployment.
Each task links you to the page where you can set up the associated configuration;
when you’re done, tasks on this list show as complete. So, you can easily track
you’re progress at a glance, which is especially helpful if you’re in the onboarding
phase.
Walkthroughs
Some to-do’s also include walkthroughs that take you through the basic, required
steps to get your environment up and running.
Onboarding walkthroughs are available to you on the Overview
dashboard. You can click into to the help to see if there are walkthroughs available
for the page you’re on, and keep an eye out for walkthroughs you can launch directly
on the page:
Available Walkthroughs
Onboard Remote Networks
Onboard Your HQ or Data Center (Service Connections)
Onboard Mobile Users (GlobalProtect)
Onboard Mobile Users (Explicit Proxy)
Turn on decryption
Policy Optimizer
Create a Security Rule
Create a Security Profile
Set Up SAML Authentication
Prisma Access Sync Status
On the Overview page, you can quickly check status for your
Prisma Access configurations. If you see something unexpected, drill down to
identify the impacted configuration. Here are statuses you might see:
Configuration has not been pushed—So far, no configuration has been
pushed to Prisma Access.
This configuration is empty—A user pushed a blank configuration to
Prisma Access. In this case, a configuration was previously in place, so the
push to Prisma Access might have been to remove the configuration. Go to Push ConfigJobs to review recent changes.
Out of sync—A user has pushed a configuration to Prisma Access but
there is an error or warning related to the push. This might be a
configuration issue or it might be an issue related to the push to Prisma
Access.
In sync—The latest configuration push to Prisma Access was successful,
and there are no errors.
If you see something unexpected, click on the status to open a map view that shows
the locations where you have either mobile users (GlobalProtect or explicit proxy
connections), remote networks, or service connections. You can then pinpoint the
configuration that requires review or where you might need to make an update.
Global Find Using Config Search
Config Search allows you to find specific configuration objects and settings for a
particular string, such as IP addresses, object name, referenced objects, duplicate
objects, policy names, policy rules, policies covered for specific CVEs, rule UUID,
predefined snippets, or application name and get the list of all references where
the object is used.
To launch Config Search, click the
icon beside Push Config
on the upper right side of the web interface. Config
Search is available from all pages under
Manage.
In the Config Search screen, you can search by using
the Config String, Location,
Object Type, Edited By, or
Edited At fields.
Search tips:
To find an exact phrase, enclose the phrase in quotes.
Spaces in search terms are handled as AND operations. For
example, if you search on corp policy, the search results
include instances where corp and policy exist in the
configuration.
To rerun a previous search, click the Config
Search icon, which displays the last 50
searches. Click any item in the list to rerun that search. The
search history list is unique to each administrator
account.
Config Search is available for each field that’s searchable. For
example, you can search on the following object types for a
Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
Location is grouped by Folders and Snippets. You can select more
than one location to search. If you do not select any location,
All locations will be selected by
default.
If the object type is not selected, All
will be selected.
The search results are categorized and provide links to the configuration
location in the Strata Cloud Manager, allowing you to easily find all
occurrences and references of the searched string.
Configuration Overview (Strata Cloud Manager)
Where Can I Use
This?
What Do I Need?
NGFW (Managed by Strata Cloud Manager)
NGFW (Managed by PAN-OS or Panorama)
VM-Series, funded with Software NGFW Credits
AIOps for NGFW Premium license (use the Strata Cloud Manager app)
If you’re just getting started with Cloud Management of NGFW:
Gain visibility and control over local firewall configurations without
the need for switching between the central management and individual firewalls
for managing local configurations.
Firewalls with config conflicts shows the number
of firewalls with conflicts. View Conflicts to see conflicts for
all firewalls and their respective locations. Click the individual
firewall to further investigate device-level conflicts.
Objects with config conflicts shows the number of
conflicts per firewall. Click the number to view the conflicted objects
and their corresponding types specific to that firewall. Click the
object to get the granular details on the conflict.
Standardize a common base configuration for a set of managed firewalls using
configuration snippets.
Configure managed firewalls in a high availability (HA)
configuration to provide redundancy and ensure business continuity.
Review the Connectivity Status of managed firewalls to
Strata Cloud Manager.
Review the configuration Sync Status between Strata Cloud Manager and the current running configuration on your managed
firewalls.
Review License details to see which licenses are activate
on your managed firewalls.
Global Find Using Config Search
Config Search enables you to search configuration objects and settings for a
particular string, such as IP addresses, object name, referenced objects, duplicate
objects, policy names, policy rules, policies covered for specific CVEs, rule UUID,
predefined snippets, or application name and get the list of all references where
the object is used.
To launch Config Search, click the
icon beside Push Config
on the upper right side of the web interface. Config
Search is available from all pages under
Manage.
In the Config Search screen, you can search by using
the Config String, Location,
Object Type, Edited By, or
Edited At fields.
Search tips:
To find an exact phrase, enclose the phrase in quotes.
Spaces in search terms are handled as AND operations. For
example, if you search on corp policy, the search results
include instances where corp and policy exist in the
configuration.
To rerun a previous search, click the Config Search icon, which
displays the last 50 searches. Click any item in the list to
rerun that search. The search history list is unique to each
administrator account.
Config Search is available for each field that’s searchable. For
example, you can search on the following object types for a
Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
Location is grouped by folders and snippets. You can select more
than one location to search. If you do not select any location,
All locations will be selected by
default.
If the object type is not selected, All
will be selected.
The search results are categorized and provide links to the configuration
location in the Strata Cloud Manager, allowing you to easily find all
occurrences and references of the searched string.