>
    Manage: Overview
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Manage: NGFW and Prisma Access
    4. Manage: Overview
    Download PDF
    Strata Cloud Manager

    Manage: Overview

    Table of Contents

    Manage: Overview

    Learn about the management options available to you in Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • NGFW, including those funded by Software NGFW Credits
    Each of these licenses include access to Strata Cloud Manager:
    → The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.
    Think of the Overview page as your launching point in to NGFW and Prisma Access both for first time setup, and for day-to-day configuration management (ManageConfigurationNGFW and Prisma AccessOverview).

    Global

    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    • Prisma Access license
    If you select the Global configuration scope, you can view the following details:
    • Global folders you create and their variables
    • Firewalls with config conflicts
    • Firewall sync status and Firewall connectivity status
    • General information
    • Configuration snippets
    • License
    • Trusted tenants for snippet sharing
    • Config version snapshots

    Configuration Overview (Prisma Access)

    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access license
    If you’re just getting started with Prisma Access:
    For details on your Prisma Access environment:
    For day-to-day configuration management:
    After completing basic setup, you can start testing your environment and building out your deployment.

    Basics

    Prisma Access configuration Basics guide you to get up and running with Prisma Access. Complete the tasks here to get started with a basic setup, that you then can use to test your environment and build out your deployment.
    Each task links you to the page where you can set up the associated configuration; when you’re done, tasks on this list show as complete. So, you can easily track you’re progress at a glance, which is especially helpful if you’re in the onboarding phase.

    Walkthroughs

    Some to-do’s also include walkthroughs that take you through the basic, required steps to get your environment up and running.
    Onboarding walkthroughs are available to you on the Overview dashboard. You can click into to the help to see if there are walkthroughs available for the page you’re on, and keep an eye out for walkthroughs you can launch directly on the page:
    Available Walkthroughs
    • Onboard Remote Networks
    • Onboard Your HQ or Data Center (Service Connections)
    • Onboard Mobile Users (GlobalProtect)
    • Onboard Mobile Users (Explicit Proxy)
    • Turn on decryption
    • Policy Optimizer
    • Create a Security Rule
    • Create a Security Profile
    • Set Up SAML Authentication

    Prisma Access Sync Status

    On the Overview page, you can quickly check status for your Prisma Access configurations. If you see something unexpected, drill down to identify the impacted configuration. Here are statuses you might see:
    • Configuration has not been pushed—So far, no configuration has been pushed to Prisma Access.
    • This configuration is empty—A user pushed a blank configuration to Prisma Access. In this case, a configuration was previously in place, so the push to Prisma Access might have been to remove the configuration. Go to Push ConfigJobs to review recent changes.
    • Out of sync—A user has pushed a configuration to Prisma Access but there is an error or warning related to the push. This might be a configuration issue or it might be an issue related to the push to Prisma Access.
    • In sync—The latest configuration push to Prisma Access was successful, and there are no errors.
    If you see something unexpected, click on the status to open a map view that shows the locations where you have either mobile users (GlobalProtect or explicit proxy connections), remote networks, or service connections. You can then pinpoint the configuration that requires review or where you might need to make an update.

    Global Find Using Config Search

    Config Search allows you to find specific configuration objects and settings for a particular string, such as IP addresses, object name, referenced objects, duplicate objects, policy names, policy rules, policies covered for specific CVEs, rule UUID, predefined snippets, or application name and get the list of all references where the object is used.
    1. To launch Config Search, click the
      icon beside Push Config on the upper right side of the web interface. Config Search is available from all pages under Manage.
    2. In the Config Search screen, you can search by using the Config String, Location, Object Type, Edited By, or Edited At fields.
      Search tips:
      • To find an exact phrase, enclose the phrase in quotes.
      • Spaces in search terms are handled as AND operations. For example, if you search on corp policy, the search results include instances where corp and policy exist in the configuration.
      • To rerun a previous search, click the Config Search icon, which displays the last 50 searches. Click any item in the list to rerun that search. The search history list is unique to each administrator account.
      • Config Search is available for each field that’s searchable. For example, you can search on the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile, Application, UUID, and Service.
      • Location is grouped by Folders and Snippets. You can select more than one location to search. If you do not select any location, All locations will be selected by default.
      • If the object type is not selected, All will be selected.
    3. The search results are categorized and provide links to the configuration location in the Strata Cloud Manager, allowing you to easily find all occurrences and references of the searched string.

    Configuration Overview (Strata Cloud Manager)

    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    If you’re just getting started with Cloud Management of NGFW:
    For day-to-day configuration management:
    • Get at-a-glance summary of the current folder name, number of firewalls added to the folder, number of variables created for the folder.
    • Gain visibility and control over local firewall configurations without the need for switching between the central management and individual firewalls for managing local configurations.
      • Firewalls with config conflicts shows the number of firewalls with conflicts. Click the number to view conflicts for firewalls along with their location. Click any firewall to see device-level conflicts.
      • Objects with config conflicts shows the number of conflicts per firewall. Click the number to view the conflicted objects and their types for a specific firewall. Clicking the object provides granular details on the conflict.
    • Standardize a common base configuration for a set of managed firewalls using configuration snippets.
    • Configure managed firewalls in a high availability (HA) configuration to provide redundancy and ensure business continuity.
    • Review the Connectivity Status of managed firewalls to Strata Cloud Manager.
    • Review the configuration Sync Status between Strata Cloud Manager and the current running configuration on your managed firewalls.
    For details on your managed firewalls:

    Global Find Using Config Search

    Config Search enables you to search configuration objects and settings for a particular string, such as IP addresses, object name, referenced objects, duplicate objects, policy names, policy rules, policies covered for specific CVEs, rule UUID, predefined snippets, or application name and get the list of all references where the object is used.
    1. To launch Config Search, click the
      icon beside Push Config on the upper right side of the web interface. Config Search is available from all pages under Manage.
    2. In the Config Search screen, you can search by using the Config String, Location, Object Type, Edited By, or Edited At fields.
      Search tips:
      • To find an exact phrase, enclose the phrase in quotes.
      • Spaces in search terms are handled as AND operations. For example, if you search on corp policy, the search results include instances where corp and policy exist in the configuration.
      • To rerun a previous search, click the Config Search icon, which displays the last 50 searches. Click any item in the list to rerun that search. The search history list is unique to each administrator account.
      • Config Search is available for each field that’s searchable. For example, you can search on the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile, Application, UUID, and Service.
      • Location is grouped by folders and snippets. You can select more than one location to search. If you do not select any location, All locations will be selected by default.
      • If the object type is not selected, All will be selected.
    3. The search results are categorized and provide links to the configuration location in the Strata Cloud Manager, allowing you to easily find all occurrences and references of the searched string.

    © 2024 Palo Alto Networks, Inc. All rights reserved.