0% found this document useful (0 votes)

119 views594 pages

Strata Cloud Manager Getting Started

Uploaded by

Sergi Eduardo

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

119 views594 pages

Strata Cloud Manager Getting Started

Uploaded by

Sergi Eduardo

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 594

Strata Cloud Manager Getting Started

docs.paloaltonetworks.com
Contact Information
Corporate Headquarters:
Palo Alto Networks
3000 Tannery Way
Santa Clara, CA 95054
www.paloaltonetworks.com/company/contact-support

About the Documentation

• For the most recent version of this guide or for access to related documentation, visit the Technical
Documentation portal docs.paloaltonetworks.com.
• To search for a specific topic, go to our search page docs.paloaltonetworks.com/search.html.
• Have feedback or questions for us? Leave a comment on any page in the portal, or write to us at
[email protected].

© 2023-2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo
Alto Networks. A list of our trademarks can be found at www.paloaltonetworks.com/company/
trademarks.html. All other marks mentioned herein may be trademarks of their respective companies.

Last Revised
March 17, 2025

Strata Cloud Manager Getting Started 2 ©2025 Palo Alto Networks, Inc.
Table of Contents
Introducing Strata Cloud Manager.............................................................. 13
How Strata Cloud Manager Strengthens Security............................................................ 15
How Strata Cloud Manager Predicts and Prevents Network Disruptions...................16
How Strata Cloud Manager Works Everywhere Consistently....................................... 17
Strata Cloud Manager Support...............................................................................................18
License Support..............................................................................................................18
Language Support.......................................................................................................... 21
First Look at Strata Cloud Manager......................................................................................23
Launch Strata Cloud Manager................................................................................................ 32
Launch Strata Cloud Manager for the First Time...................................................32
Moving to Strata Cloud Manager from a Dedicated Product App.....................33
Get Started with Strata Cloud Manager.............................................................................. 36
Shared Management for Prisma Access and NGFWs...........................................39
Built-In Best Practices in Strata Cloud Manager............................................................... 42

Strata Copilot.................................................................................................... 49
Strata Copilot Availability........................................................................................................50
Regional Access..............................................................................................................50
Availability by Product................................................................................................. 51
Data and Content Sources.......................................................................................... 52
Get Started with Strata Copilot.............................................................................................54
Launch Strata Copilot................................................................................................... 54
First Look......................................................................................................................... 55
Response Types............................................................................................................. 56
Strata Copilot Prompts............................................................................................................ 68
Tips for Improving Prompts........................................................................................ 68
Prompt Examples........................................................................................................... 69
Get Help with Strata Copilot................................................................................................. 77
Share Feedback About a Response...........................................................................77
Get Remediation Guidance or Open a Support Case........................................... 77

AI Canvas........................................................................................................... 81
Core Components..................................................................................................................... 82
Data Sources.............................................................................................................................. 83
Create an AI Canvas.................................................................................................................84
Manage Widgets........................................................................................................................87
Create a Widget from a Query.................................................................................. 87
View, Edit, and Export Widgets................................................................................. 89
Delete an Unused Widget...........................................................................................92

Strata Cloud Manager Getting Started 3 ©2025 Palo Alto Networks, Inc.
Table of Contents

AI Canvas Best Practices.........................................................................................................93

Best Practices for Prompting......................................................................................93
Prompt Samples............................................................................................................. 94
Data Exploration Tasks.................................................................................................95
Manage an Existing Canvas.................................................................................................... 96
Export a Canvas............................................................................................................. 96
Share a Canvas............................................................................................................... 96
Delete a Canvas............................................................................................................. 96
Get Help with AI Canvas........................................................................................................ 97
Troubleshoot AI Canvas...............................................................................................97
Support and Feedback..................................................................................................97

Command Center: Strata Cloud Manager..................................................99

How to Interact with the Strata Cloud Manager Command Center...........................101
Strata Cloud Manager Command Center Views............................................................. 105
Central Summary View.............................................................................................. 106
Total Threats Count....................................................................................................107
Open Incidents and User Experience.....................................................................107
Top Data Profiles by Action..................................................................................... 107
Top GenAI Use Cases by Users and GenAI Apps............................................... 108
Central Threats View..................................................................................................109
Security Subscriptions................................................................................................ 109
Total Threats Count....................................................................................................110
Blocked and Alerted Threats....................................................................................111
Central Operational Health View............................................................................ 112
Total Open Incidents and Incidents by Severity..................................................112
Top Subcategories for Open Health Incidents.....................................................113
Monitored Users and User Experience..................................................................113
Central Data Security View...................................................................................... 116
Security Subscriptions................................................................................................ 116
Top Data Profiles........................................................................................................ 118
Data Trend.................................................................................................................... 118

Insights: Activity Insights............................................................................ 119

Activity Insights: Overview.................................................................................................. 121
Filters.............................................................................................................................. 122
Reports........................................................................................................................... 124
Activity Insights: Applications..............................................................................................125
App Acceleration......................................................................................................... 129
Activity Insights: SD-WAN Applications........................................................................... 131
Activity Insights: Threats...................................................................................................... 133

Strata Cloud Manager Getting Started 4 ©2025 Palo Alto Networks, Inc.
Table of Contents

Activity Insights: Users.......................................................................................................... 135

Users............................................................................................................................... 136
Agentless Proxy Users............................................................................................... 146
Enterprise Browser Users......................................................................................... 147
Office Users..................................................................................................................148
Other Hosts.................................................................................................................. 150
IPv6 for Mobile Users................................................................................................ 151
Activity Insights: Domains.................................................................................................... 152
Activity Insights: Rules.......................................................................................................... 154
Activity Insights: Regions......................................................................................................155
Activity Insights: Projects..................................................................................................... 156
Insights: AI Access.................................................................................................................. 157
Insights: Prisma AIRS Runtime............................................................................................ 158

Dashboards: Strata Cloud Manager..........................................................159

Integrate with Cloud Identity Engine.................................................................................161
Support for Dashboards........................................................................................................162
Dashboard: Build a Custom Dashboard............................................................................ 168
Create a Dashboard....................................................................................................168
Dashboard: Device Health....................................................................................................171
What does this dashboard show you?...................................................................171
How can you use the data from the dashboard?................................................ 171
Device Health Dashboard: Device Health Scores...............................................172
Device Health Dashboard: Device Statistics........................................................ 172
Device Health Dashboard: Score Trend................................................................ 173
Dashboard: Executive Summary......................................................................................... 175
What does this dashboard show you?...................................................................175
How can you use the data from dashboard?....................................................... 176
Dashboard: WildFire.............................................................................................................. 180
What does this dashboard show you?...................................................................181
How can you use the data from the dashboard?................................................ 181
WildFire Dashboard: Filters......................................................................................181
WildFire Dashboard: Submissions and Verdicts.................................................. 182
WildFire Dashboard: Analysis Insights...................................................................183
WildFire Dashboard: Verdict Trends......................................................................184
WildFire Dashboard: Verdict Distribution.............................................................185
WildFire Dashboard: Recent Submissions............................................................ 186
WildFire Dashboard: Submissions Per Source Application............................... 187
WildFire Dashboard: Submission Per Destination User.....................................188
WildFire Dashboard: Malware Regions................................................................. 189
WildFire Dashboard: Firewalls................................................................................. 190

Strata Cloud Manager Getting Started 5 ©2025 Palo Alto Networks, Inc.
Table of Contents

Dashboard: DNS Security..................................................................................................... 192

What does this dashboard show you?...................................................................192
How can you use the data from dashboard?....................................................... 195
Dashboard: AI Runtime Security.........................................................................................197
Discover Cloud Resources........................................................................................ 197
Dashboard: Advanced Threat Prevention.........................................................................200
What does this dashboard show you?...................................................................202
How can you use the data from dashboard?....................................................... 202
Advanced Threat Prevention Dashboard: Threat Overview.............................202
Advanced Threat Prevention Dashboard: Top Rules Allowing Threats..........203
Advanced Threat Prevention Dashboard: Hosts Generating Cloud Detected
C2 Traffic.......................................................................................................................204
Advanced Threat Prevention Dashboard: Hosts Targeted by Cloud-Detected
Exploits...........................................................................................................................205
Dashboard: IoT Security........................................................................................................207
What does this dashboard show you?...................................................................207
How can you use the data from this dashboard?................................................208
Dashboard: Prisma Access Usage.......................................................................................210
What does this dashboard show you?...................................................................211
How can you use the data from dashboard?....................................................... 211
Dashboard: Application Experience................................................................................... 212
What does this dashboard show you?...................................................................212
How can you use the data from dashboard?....................................................... 212
Application Experience Dashboard: Mobile User Experience Card.................212
Application Experience Dashboard: Remote Site Experience Card.................213
Application Experience Dashboard: Experience Score Trends.........................213
Application Experience Dashboard: Experience Score Across the
Network......................................................................................................................... 214
Application Experience Dashboard: Global Distribution of Application
Experience Scores....................................................................................................... 215
Application Experience Dashboard: Experience Score for Top Monitored
Sites.................................................................................................................................215
Application Experience Dashboard: Experience Score for Top Monitored
Apps................................................................................................................................ 216
Application Experience Dashboard: Application Performance Metrics..........216
Application Experience Dashboard: Network Performance Metrics.............. 217
Dashboard: Best Practices....................................................................................................219
What does this dashboard show you?...................................................................220
How can you use the data from the dashboard?................................................ 221
Dashboard: Compliance Summary......................................................................................222
Dashboard: Security Posture Insights................................................................................227
What does this dashboard show you?...................................................................227

Strata Cloud Manager Getting Started 6 ©2025 Palo Alto Networks, Inc.
Table of Contents

How can you use the data from the dashboard?................................................ 227
Security Posture Insights Dashboard: Device Security Posture.......................228
Security Posture Insights Dashboard: Security Posture Statistics................... 229
Security Posture Insights Dashboard: Score Trend.............................................230
Dashboard: NGFW SD-WAN.............................................................................................. 231
What does this dashboard show you?...................................................................232
How can you use the data from the dashboard?................................................ 232
NGFW SD-WAN Dashboard: Application Health............................................... 232
NGFW SD-WAN Dashboard: Top Impacted Applications................................ 233
NGFW SD-WAN Dashboard: Impacted Applications........................................ 238
NGFW SD-WAN Dashboard: Link Health............................................................ 238
NGFW SD-WAN Dashboard: Top Worst Links...................................................239
NGFW SD-WAN Dashboard: Poor Links..............................................................241
NGFW SD-WAN Dashboard: Health By Cluster and Sites...............................242
Dashboard: Prisma SD-WAN...............................................................................................243
What does this dashboard show you?...................................................................243
Prisma SD-WAN Dashboard: Device to Controller Connectivity....................243
Prisma SD-WAN Dashboard: Applications........................................................... 244
Prisma SD-WAN Dashboard: Top Alerts by Priority.......................................... 245
Prisma SD-WAN Dashboard: Overall Link Quality............................................. 246
Prisma SD-WAN Dashboard: Bandwidth Utilization.......................................... 247
Prisma SD-WAN Dashboard: Transaction Stats.................................................. 248
Prisma SD-WAN Dashboard: Predictive Analytics..............................................249
Dashboard: PAN-OS CVEs................................................................................................... 251
What does this dashboard show you?...................................................................251
How can you use the data from the dashboard?................................................ 252
Dashboard: CDSS Adoption................................................................................................. 253
What does this dashboard show you?...................................................................254
How can you use the data from the dashboard?................................................ 254
Override Recommended Security Service.............................................................258
Dashboard: Feature Adoption............................................................................................. 266
What does this dashboard show you?...................................................................266
How to use this dashboard...................................................................................... 267
Identify gaps in adoption...........................................................................................269
Dashboard: On Demand BPA..............................................................................................272
What does this dashboard show you?...................................................................272
How can you use the data from the dashboard?................................................ 272
Generate On-Demand BPA Report........................................................................ 273
Dashboard: SASE Health.......................................................................................................275
What does this dashboard show you?...................................................................275
How can you use the data from dashboard?....................................................... 275

Strata Cloud Manager Getting Started 7 ©2025 Palo Alto Networks, Inc.
Table of Contents

SASE Health Dashboard: Current Mobile Users - Map View........................... 275

SASE Health Dashboard: Current Sites - Map View.......................................... 276
SASE Health Dashboard: Monitored Applications.............................................. 279

Monitor: Strata Cloud Manager.................................................................281

Monitor: IOC Search.............................................................................................................. 282
IP Address..................................................................................................................... 283
Domain........................................................................................................................... 285
URL..................................................................................................................................288
File Hash........................................................................................................................291
Monitor: Branch Sites............................................................................................................ 295
Monitor: Data Centers.......................................................................................................... 308
Monitor: Network Services.................................................................................................. 325
Monitor: Subscription Usage............................................................................................... 329
Monitor: ION Devices........................................................................................................... 332
Monitor: Access Analyzer..................................................................................................... 333
Monitor: NGFW Devices...................................................................................................... 334
View Device Details................................................................................................... 335
Monitor: Capacity Analyzer..................................................................................................339
Monitor: Prisma Access Locations......................................................................................343
Top 5 Prisma Access Locations............................................................................... 343
Prisma Access Location Status................................................................................ 344
Strata Logging Service Connectivity.......................................................................344
Prisma Access Locations Status...............................................................................344
Monitor: Assets....................................................................................................................... 345
Monitor: Third-Party Device-IDs........................................................................................ 346
Devices Currently Connected.................................................................................. 346
Connected IoT Devices..............................................................................................346
IoT Devices................................................................................................................... 347

Incidents and Alerts: Strata Cloud Manager...........................................349

Incidents and Alerts: NGFW................................................................................................ 351
Incidents and Alerts: Prisma Access...................................................................................353
Get an Overview......................................................................................................... 353
See All Incidents.......................................................................................................... 353
View Priority Alerts.................................................................................................... 354
View Informational Alerts......................................................................................... 354
Notification Profiles.................................................................................................... 354
ServiceNow Audit Log............................................................................................... 354
Incident Settings.......................................................................................................... 354
Incidents and Alerts by Code...................................................................................354

Strata Cloud Manager Getting Started 8 ©2025 Palo Alto Networks, Inc.
Table of Contents

Incidents and Alerts: Prisma SD-WAN..............................................................................355

Incidents and Alerts: Log Viewer........................................................................................357
Incidents and Alert Settings................................................................................................. 358

Manage: NGFW and Prisma Access......................................................... 359

Manage: Configuration Scope............................................................................................. 361
Manage: Snippets........................................................................................................ 363
Manage: Variables....................................................................................................... 378
Manage: Overview..................................................................................................................387
..........................................................................................................................................387
Manage: Security Services....................................................................................................397
Manage: Security Policy............................................................................................ 398
Manage: Decryption................................................................................................... 399
Manage: Network Policies....................................................................................................403
Manage: QoS................................................................................................................ 403
Manage: Application Override................................................................................. 404
Manage: Policy Based Forwarding..........................................................................406
Manage: NAT............................................................................................................... 407
Manage: SD-WAN.......................................................................................................408
Manage: Identity Services.....................................................................................................410
Manage: Authentication............................................................................................ 410
Manage: Cloud Identity Engine............................................................................... 424
Manage: Identity Redistribution.............................................................................. 425
Manage: Local Users and Groups........................................................................... 433
Manage: Device Settings...................................................................................................... 435
Manage: Objects..................................................................................................................... 437
Manage: Certificate Management...........................................................................439
Manage: SaaS Application Management............................................................... 441
Manage: Global Settings....................................................................................................... 453
User Coaching Notification Template.................................................................... 453
Manage: Operations...............................................................................................................459

Manage: IoT Policy Recommendation..................................................... 461

Get Started............................................................................................................................... 462

Manage: Enterprise DLP..............................................................................465

Feature Highlights...................................................................................................................467
Get Started............................................................................................................................... 469

Workflows: SaaS Security........................................................................... 471

Get Started............................................................................................................................... 472
SaaS Policy Recommendations............................................................................................473

Strata Cloud Manager Getting Started 9 ©2025 Palo Alto Networks, Inc.
Table of Contents

Manage: Prisma SD-WAN...........................................................................475

Manage: Policies for Prisma SD-WAN.............................................................................. 476
Manage: Resource Types for Prisma SD-WAN...............................................................478
Manage: CloudBlades for Prisma SD-WAN..................................................................... 480
Manage: System Resources for Prisma SD-WAN...........................................................481

Manage: Prisma Access Browser.............................................................. 483

Home..........................................................................................................................................486
Analytics.................................................................................................................................... 487
Directory................................................................................................................................... 488
Policy.......................................................................................................................................... 489
Administration..........................................................................................................................490

Manage: Operations..................................................................................... 491

Manage: Push Config.............................................................................................................492
View Prisma Access Jobs.......................................................................................... 495
Manage: Push Status............................................................................................................. 497
Manage: Config Version Snapshots................................................................................... 498
Config Snapshot Overview....................................................................................... 498
Save a Named Snapshot............................................................................................500
Restore a Snapshot.....................................................................................................501
Load a Snapshot.......................................................................................................... 502

Manage:Security Posture............................................................................ 503

Manage: Policy Analyzer.......................................................................................................504
Manage: Policy Optimizer.....................................................................................................505
Guidelines and Limitations for Policy Optimizer................................................. 506
Optimize a Rule........................................................................................................... 507
User to Application Optimization............................................................................511
Manually Select a Rule for Optimization...............................................................514
Remove a Rule from Optimization..........................................................................514
Track Optimization Results.......................................................................................515
Manage: Config Cleanup.......................................................................................................516
Manage: Security Posture Settings.................................................................................... 522
Create a Custom Check.............................................................................................525
Manage Your Checks................................................................................................. 527
Create an Exception for a Check............................................................................ 528
Your Checks at Work................................................................................................ 528

Manage: Access Control.............................................................................. 531

Administrator Roles................................................................................................................ 532

Strata Cloud Manager Getting Started 10 ©2025 Palo Alto Networks, Inc.
Table of Contents

Custom Role-Based Access Control — Setup.................................................................. 533

Manage: Scope Management.............................................................................................. 534

Workflows: Strata Cloud Manager........................................................... 537

Workflows: Discovery........................................................................................................... 538
Workflows: NGFW Setup.....................................................................................................543
Workflows: Device Management............................................................................544
Workflows: Folder Management.............................................................................547
Workflows: Prisma SD-WAN Setup...................................................................................553
Workflows: Prisma Access Setup....................................................................................... 554
Workflows: Prisma Access........................................................................................554
Workflows: Mobile Users..........................................................................................555
Workflows: Remote Networks................................................................................ 556
Workflows: Service Connections............................................................................ 557
Workflows: Remote Browser Isolation.................................................................. 557
Workflows: Software Upgrades.......................................................................................... 559
Workflows: Prisma Access Browser.................................................................................. 563

Reports: Strata Cloud Manager................................................................. 565

Favorites: Strata Cloud Manager...............................................................573
Add Favorites...........................................................................................................................574
View Favorites......................................................................................................................... 575
Edit Favorites........................................................................................................................... 576
Delete Favorites...................................................................................................................... 577

Settings: Strata Cloud Manager.................................................................579

Settings: Audit Logs............................................................................................................... 581
Settings: Trusted IP List........................................................................................................ 582
Add Trusted IPs........................................................................................................... 583
Delete Trusted IPs...................................................................................................... 585
Unlock Access.............................................................................................................. 586
Settings: User Preferences................................................................................................... 588
Settings: Strata Logging Service..........................................................................................589
Application Experience.......................................................................................................... 591
Access Experience Agent Management................................................................ 591
Remote Site Experience Management...................................................................592
Health Score Profiles..................................................................................................593
Audit Logs..................................................................................................................... 594

Strata Cloud Manager Getting Started 11 ©2025 Palo Alto Networks, Inc.
Table of Contents

Strata Cloud Manager Getting Started 12 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager
Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Palo Alto Networks Strata Cloud Manager empowers you with AI-powered, unified management
and operations for your entire network security deployment. With Strata Cloud Manager you can
easily manage your entire Palo Alto Networks Network Security infrastructure – your NGFWs and
SASE environment – from a single, streamlined user interface. Gain comprehensive visibility into
users, branch sites, applications, and threats across all network security enforcement points; this
gives you actionable insights, better security, and easy troubleshooting and problem resolution.
Predict and Prevent Network Disruptions
Strata Cloud Manager predicts and prevents network disruptions and quickly remediates
issues, so that you and your users can continue day-to-day business and stay productive.
Strengthen Security with Real-Time Best Practices
Strata Cloud Manager identifies vital and underused security capabilities, and guides you to
enable them based on the best practices that align with your needs. Strengthen your security
posture with built-in best practices, and inline remediation features powered by AIOps.
Simple and Consistent Network Security Management and Operations
Strata Cloud Manager consolidates your security tools for improved operation and insights, so
that you can adopt a simple and consistent management experience for your entire network
security stack.

13
Introducing Strata Cloud Manager

Strata Cloud Manager Getting Started 14 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

How Strata Cloud Manager Strengthens Security

Maximize Usage of Security Capabilities
See the security features you're using, and identify gaps in adoption of security features you
could be leveraging. → Feature Adoption
See adoption rates for your security services subscriptions. → CDSS Adoption
See how your security features adhere to best practices, or where you can make improvements
to strengthen your security posture.→ Built-In Best Practices
Strengthen and Optimize Existing Configuration
Clean up and streamline your security policy based on usage data and auto-generated
recommendations.
Clean up objects that aren't referenced in policy, and rules without any traffic hits; these
objects and rules can clog up performance and complicate policy management. → Config
Clean-Up
Rules that are too broad introduce security gaps because they allow applications that aren’t
in use in your network. Policy optimizer enables you to convert these overly permissive rules
to more specific, focused rules that only allow the applications you’re actually using. → Policy
Optimizer
Real time guidance for secure configuration
Best practice guard rails provide live validation that your security policy rules are compliant
with best practices. → Live, Inline Best Practice Configuration Checks

Strata Cloud Manager Getting Started 15 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

How Strata Cloud Manager Predicts and Prevents

Network Disruptions
Comprehensive Observability
Know how your network is being kept safe by security infrastructure. → Command Center
Know the health and performance of users, branch sites, applications, and IT infrastructure. →
SASE Health dashboard
Know the health and performance of devices from a single dashboard. → Device Health
dashboard
Forecast Health and Remediate Disruptions
Automatic forecasts prevent potential disruptions; when issues are detected, actionable insights
expedite resolutions.
Review machine assisted predictions of imminent outages, with recommendations for
remediation steps. → Forecasting and Anomaly Detection
Reduce time to resolution with probable cause analysis. → View Probable Causes
Plan for Evolving Security Needs
Improve stability by proactively identifying potential capacity. → Capacity Analyzer

Strata Cloud Manager Getting Started 16 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

How Strata Cloud Manager Works Everywhere

Consistently
Consistent Configuration
Apply consistent policies across all enforcement points with streamlined processes, and eliminate
the need to make individual changes for NGFWs and SASE deployments.
Set up and onboard NGFWs and Prisma Access mobile users and remote networks, and plan
software upgrades for NGFWs. → Configuration in Strata Cloud Manager
Configure a security policy that is shared across your NGFWs and Prisma Access. → Shared
management for NGFW and Prisma Access
Flexible Configuration Organization
Simplify configuration management at scale with easy folder and device management workflows.
Apply configuration settings and enforce policy globally across your entire environment, or
target settings and policy to certain parts of your organization. → Configuration Scope
Logically group your firewalls or deployment types (Prisma Access mobile users, remote
networks, or service connections) for simplified configuration management. → Folder
Management
Group configurations that you can quickly push to your firewalls or deployments. → Snippets
You have the flexibility to accommodate unique configuration values that are device or
deployment specific. → Variables
Achieve Unified Visibility into Threats
Get comprehensive visibility across your network traffic, subscriptions, users, applications,
networks, threats, and more. → Monitoring
Get an interactive view of the applications, ION devices, threats, users, and security
subscriptions at work in your network. The dashboards provide visibility into the health,
security posture, and activity happening in your deployment that helps you to prevent or
address performance and security gaps in your network. → Dashboards
Get reports on the network traffic patterns, bandwidth utilization, your security subscription
data and more. Reports provide actionable insight into your network that you can use for
planning and monitoring purposes. → Reports

Strata Cloud Manager Getting Started 17 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Support

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager provides AI-powered, unified management and operations for your NGFWs
and SASE network; the Strata Cloud Manager features available to you depend on your licenses.
Here's more on the licenses support Strata Cloud Manager, and also Strata Cloud Manager
language support.

License Support
These licenses enable Strata Cloud Manager to manage NGFWs, SASE, and security services,
and also unlock Strata Cloud Manager network security features. → Here's how to validate your
licenses

Strata Cloud Manager Strata Cloud Manager Essentials provides management and
Essentials security features, and these features are available to you free
with:
• Next-Generation Firewalls (NGFW)
• Prisma Access
Strata Logging Service is available as an optional add-on for
Strata Cloud Manager Essentials.

Strata Cloud Manager Essentials and

Strata Cloud Manager Pro are available to activate
in customer support portal (CSP) accounts that don't
have: Strata Logging Service with sized storage,
AIOps for NGFW Free or Premium, or Prisma
Access.

Strata Cloud Manager Getting Started 18 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Pro Strata Cloud Manager Pro is the paid tier that includes
all the features of Strata Cloud Manager Essentials, plus
advanced features to enhance operational health, prevent
network disruptions, strengthen real-time security posture,
and Autonomous Digital Experience Management (ADEM)
for monitoring user experience performance. Strata Cloud
Manager Pro includes Strata Logging Service with one year
of log retention and unlimited storage, enabling centralized
logging and seamless data retrieval across your deployment.
You can purchase Strata Cloud Manager Pro for the following
products:
• Next-Generation Firewalls (NGFW)
• VM Series funded by Software NGFW Credits
• Prisma Access
• Cloud NGFW for AWS and Azure (funded by PAYG or the
credit pricing model)

You can register your Cloud NGFW resources

with an existing Strata Cloud Manager, which
you had previously activated based on your
Prisma Access, NGFW, or Software NGFW
credits and licenses. If you don't have a Strata
Cloud Manager, you can activate a new Strata
Cloud Manager (steps 1-8) to use with Cloud
NGFW for Azure. In either case, the integration
automatically enables Strata Cloud Manager Pro
features for Cloud NGFW. When using Strata
Cloud Manager, the centralized management
add-on consumption is metered on each
Cloud NGFW resource for each hour you have
registered with a Strata Cloud Manager and for
the amount of traffic processed by that resource.

AIOps for NGFW Premium For NGFWs with an AIOps for NGFW Premium license,
Strata Cloud Manager gives you an overall view of the health
and security of your NGFWs, and can enforce proactive checks
to close security gaps.
• NGFW (Managed by PAN-OS or Panorama) → For PAN-OS
and Panorama Managed NGFWs with an AIOps for NGFW
Premium license, use Strata Cloud Manager to oversee your
deployment health and security posture.
• NGFW (Managed by Strata Cloud Manager) →
With an AIOps for NGFW license, you can also use
Strata Cloud Manager for cloud management for NGFWs.

Strata Cloud Manager Getting Started 19 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Contact your account team to enable Cloud

Management for NGFWs using Strata Cloud
Manager.
• Strata Cloud Manager provides unified
management and operations only for NGFWs
using the AIOps for NGFW Premium license.
Continue to use the AIOps for NGFW Free app
for NGFWs onboarded to AIOps for NGFW Free.

Software NGFW Credits For VM-Series funded with Software NGFW Credits, Strata
Cloud Manager supports AIOps for NGFW Premium features,
including cloud management for NGFWs.

Prisma Access There's two ways you can manage Prisma Access: you can use
Strata Cloud Manager or Panorama. Strata Cloud Manager
provides Prisma Access visibility features, and these are
supported regardless of the management interface you're
using. This means that if you're using Panorama to manage
Prisma Access, you can still use Strata Cloud Manager for
comprehensive monitoring of Prisma Access environment.
Prisma Access (Managed by Strata Cloud Manager)

Use Strata Cloud Manager for complete onboarding,

management, and monitoring of your Prisma Access
environment.
This includes using Strata Cloud Manager to manage and
monitor the cloud-delivered security services that are included
with Prisma Access.
Strata Cloud Manager gives you comprehensive monitoring,
alerting, and visibility into your Prisma Access environment:
• AI-Powered Autonomous DEM
• Monitor Prisma Access in Strata Cloud Manager
• Strata Cloud Manager Dashboards
• Monitor: Strata Cloud Manager
• Strata Cloud Manager Reports
Prisma Access (Managed by Panorama)
If you're using Panorama to manage Prisma Access,
you must continue to use Panorama to manage your
environment. However, you can use Strata Cloud Manager
for comprehensive monitoring, alerting, and visibility into your
Prisma Access environment:
• AI-Powered Autonomous DEM
• Monitor Prisma Access in Strata Cloud Manager

Strata Cloud Manager Getting Started 20 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Strata Cloud Manager Dashboards

• Monitor: Strata Cloud Manager
• Strata Cloud Manager Reports

AI-Powered ADEM AI-Powered ADEM is a Prisma Access add-on license that

automates complex IT operations, to increase productivity and
reduce time to resolution for issues. Strata Cloud Manager
supports AI-Powered ADEM for all Prisma Access users (both
Panorama - Managed Prisma Access and Prisma Access Cloud
Management).

If you're using Panorama to manage Prisma Access,

you must continue to use Panorama to manage your
environment, and can use Strata Cloud Manager for
ADEM monitoring.

Prisma SD-WAN Use Strata Cloud Manager for Prisma SD-WAN. Prisma SD-
WAN is a cloud-delivered service that implements app-defined,
autonomous SD-WAN to help you secure and connect your
branch offices, data centers and large campus sites without
increasing cost and complexity. The AppFabric connects your
sites securely with application awareness and gives you the
freedom to use any WAN, any cloud for a thin branch (security
from the cloud) solution.

Cloud-Delivered Security If you have either a Prisma Access or AIOps for NGFW
Services (CDSS): Premium license, you can use Strata Cloud Manager to manage
and monitor your security subscriptions. Strata Cloud Manager
• Advanced Threat
delivers the protections your security subscriptions provide
Prevention
consistently across your enterprise traffic.
• Advanced URL Filtering
The Strata Cloud Manager features available to you for security
• Advanced WildFire subscriptions do depend on your license, and can include:
• DNS Security • Strata Cloud Manager dashboards and reports for security
• Enterprise DLP subscriptions
• IoT Security • Strata Cloud Manager unified management for security
• SaaS Security subscriptions. If you're using Strata Cloud Manager to
enforce a shared security policy across NGFWs and/
or Prisma Access, you can use a single, centralized
configuration for your security subscriptions.

Language Support
The Strata Cloud Manager web interface supports localization. In addition to English, these are
the languages that Strata Cloud Manager supports:
• Chinese Simplified (zh-cn)
• Chinese Traditional (zh-tw)

Strata Cloud Manager Getting Started 21 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Spanish (es-es)
• Japanese (ja-jp)
• French (fr-fr)
• German (de-de)

Strata Cloud Manager Getting Started 22 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

First Look at Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Here's a first look at Strata Cloud Manager. The Strata Cloud Manager user interface provides a
comprehensive view of your network, and gives you with a unified workflow to manage NGFWs
and SASE. Move through the new simplified and consistent navigation to interact with all your
network data, get actionable insights that are surfaced for you automatically, and collectively
manage and monitor Prisma Access, your NGFWs, and your cloud-delivered security services.
Explore each menu on the left navigation bar – these paths are standard across any Palo Alto
Networks products or subscriptions you're using with Strata Cloud Manager. This makes it easy
to:
• adopt new features and subscriptions
• onboard new users, devices, sites, or locations
as they will slot right into your existing management setup.

Important
The features available to you in Strata Cloud Manager depend on your subscriptions.
You can review the Strata Cloud Manager docs to see any license requirements for
Strata Cloud Manager features.

Strata Cloud Manager Getting Started 23 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Command Your First Stop to Assess the Health,

Center Security, and Efficiency of Your
Network
The Command Center is a visualized
overview of your network and security
infrastructure. It provides you with
four different views, each with its own
tracked data, metrics, and actionable
insights to examine and interact with.
• Command Center: Strata Cloud
Manager

Activity Unified Network Data, All in One Place

Insights
Activity Insights gives you an in-depth
view of your network activities across
Prisma Access and NGFW deployments.
Activity Insights unifies your network
data such as network traffic, application
usage, threats, and user activities in one
place.
• Insights: Activity Insights

Dashboards See What Matters, Right Away

Dashboards surface what’s most
important for you to know, right when
you log in. Each dashboard is designed
to highlight areas where you can take
action to improve your security posture
or network health.
Explore all the predefined, interactive
dashboards provided, and you can pin
your favorites.
• Dashboards: Strata Cloud Manager

Incidents Actionable Data-Driven Insights

and Alerts
Strata Cloud Manager provides a unified
incidents and alerts framework. In one
place, view, investigate, and address the
alerts and incidents on your network,
and jump to your logs to examine the
associated activity.
• Incidents and Alerts: Strata Cloud
Manager

Strata Cloud Manager Getting Started 24 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Manage Centralized Configuration

Manage a shared policy across your
network security products and
subscriptions; on day one, you can start
off with a secure configuration based
on predefined best practice policies and
settings, and inline best practice checks.
• Manage: NGFW and Prisma Access
• Manage: IoT Policy Recommendation
• Manage: Enterprise DLP
• Workflows: SaaS Security

Strata Cloud Manager Getting Started 25 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Workflows Strengthen Security Outcomes

When you first navigate to your
workflows, the Discovery dashboard
surfaces critical and recommended
actions you can take to improve security
posture or optimize your configuration
management, as soon as they're available
to you. Continue on here to set up and
onboard NGFWs and Prisma Access
mobile users and remote networks, and
plan software upgrades for NGFWs.
• Set Up Prisma Access
• Set Up NGFWs
• Software Upgrade Planner (AIOps for
NGFW)

Reports Comprehensive Visibility

Generate, share, and schedule data-
driven insights shared through reports
with visual charting, interactive query,
and recommendations to eliminate risk.
• Reports: Strata Cloud Manager

Settings Onboarding and Activation Settings

These are the settings you'll find yourself
coming back to when you are adding
new users, licenses, or admins, or even
as you yourself are getting started with
Strata Cloud Manager:
• Subscriptions
• Tenants
• Device Associations
• Identity and Access
• Audit Logs

Strata Cloud Manager Getting Started 26 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Search Bar The search bar allows you to quickly

locate features within Insights,
Configuration, and System Settings.

Command Your First Stop to Assess the Health,

Strata Cloud Manager Getting Started 27 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Reports Comprehensive Visibility

Generate, share, and schedule data-
driven insights shared through reports
with visual charting, interactive query,
and recommendations to eliminate risk.
• Reports

Strata Cloud Manager Getting Started 28 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Incidents Actionable Data-Driven Insights

Strata Cloud Manager provides a unified
incidents and alerts framework. In one
place, view, investigate, and address the
alerts and incidents on your network,
and jump to your logs to examine the
associated activity.
• Incidents

Log Viewer View and interact with your logs stored

in Strata Logging Service. Logs are
automatically-generated, time-stamped
that provides an audit trail for the
system, configuration, and network
traffic events.

Strata Cloud Manager Getting Started 29 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Configuration Centralized Configuration

Strata Cloud Manager Getting Started 30 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

System Onboarding and Activation Settings

Settings
These are the settings you'll find yourself
coming back to when you are adding
new users, licenses, or admins, or even
as you yourself are getting started with
Strata Cloud Manager:
• Identity & Access Management
• Audit Logs
• Tenants
• Trusted IPs
• Device Associations
• Device Management
• Folder Management
• Strata Logging Service
• Subscriptions

Strata Cloud Manager Getting Started 31 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Launch Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

The Strata Cloud Manager app is available on the Palo Alto Networks hub, and you can access it
directly at stratacloudmanager.paloaltonetworks.com.
A Prisma Access license, AIOps for NGFW Premium license, or a Prisma SD-WAN license is a
basic requirement for Strata Cloud Manager unified management and operations. If you have at
least one of these licenses, you can access Strata Cloud Manager to gain visibility into or manage
your products.
If you have more than one of these licenses, Strata Cloud Manager gives you a single interface
to interact with these products, along with additional licenses or add-on subscriptions (like your
Palo Alto Networks security subscriptions). → See the products and licenses that are supported
for Strata Cloud Manager unified management and operations
To launch or access Strata Cloud Manager:
• If you are new to Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN in October
2023 or later, here's how to Launch Strata Cloud Manager for the First Time
• If you were previously using separate, standalone apps on the hub to manage your products,
here's more on Moving to Strata Cloud Manager from a Dedicated Product App

Launch Strata Cloud Manager for the First Time

After you activate a Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN license, the
Strata Cloud Manager app will be available to you on the Palo Alto Networks hub or you can
access it directly at stratacloudmanager.paloaltonetworks.com.

Strata Cloud Manager Getting Started 32 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Launch the app and take a First Look at Strata Cloud Manager. Continue to onboard your product:
• Get started with AIOps for NGFW Premium, including Cloud Management for NGFWs
• Get started with Prisma Access
• Get started with Prisma SD-WAN

Moving to Strata Cloud Manager from a Dedicated Product App

Important
This only applies if you were previously using a standalone app to manage or interact with
your product: the Prisma Access app, the AIOps for NGFW Premium app, or the Prisma
SD-WAN app. These apps have been updated – or will be updated soon – to give you
Strata Cloud Manager unified management and operations.

What to expect when moving to Strata Cloud Manager from a dedicated product app:
Strata Cloud Manager provides unified management and operations based on license support –
here are the products that you can monitor or manage with Strata Cloud Manager.
In-product notifications will let you know in advance that an update is coming soon to give you
Strata Cloud Manager.
The update is seamless and does not impact your data, alerts, or assets.

Strata Cloud Manager Getting Started 33 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

After the update takes place, you will log into the Strata Cloud Manager app on the hub; you
will no longer use separate apps on the hub for Prisma Access, AIOps for NGFW Premium, or
Prisma SD-WAN.

Strata Cloud Manager Getting Started 34 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Your product app automatically redirects you to stratacloudmanager.paloaltonetworks.com.

This is the Strata Cloud Manager URL.

If you were previously using more than one product app that is updating for Strata
Cloud Manager, the updated product apps will all redirect to the same Strata Cloud
Manager instance.
Strata Cloud Manager provides a navigation that's common across your Network Security
products. Take a first look at Strata Cloud Manager and explore the new navigation experience
and features.
Find your product features in the new, unified management interface:
• AIOps for NGFW: Where are my features in Strata Cloud Manager?
• Prisma SD-WAN: Where are my features in Strata Cloud Manager?
• Prisma Access Insights: Where are my features in Strata Cloud Manager?
• Prisma Access: Where are my features in Strata Cloud manager?

Strata Cloud Manager Getting Started 35 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Get Started with Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager gives you AI-powered, unified management and operations for your
NGFWs and SASE network. Here's a cheatsheet on getting started with Strata Cloud Manager for
the first time.
If you're planning to use Strata Cloud Manager to onboard and manage Prisma Access, NGFWs
(requires AIOps for NGFW Premium), or both together, this includes what you need to know to
get started with Shared Management for Prisma Access and NGFWs
(In the hub) Activate Your Licenses
After purchasing a license, you'll receive an email with an activation link. The link launches
a guided workflow in the hub; follow the activation workflow for each license you'd like to
activate:
• AIOps for NGFW Premium license
• Activate a Prisma Access license
• Prisma SD-WAN
Activating any one of these licenses enables Strata Cloud Manager. After you have activated at
least one of these licenses, continue to activate any additional licenses or add-on subscriptions.
Launch Strata Cloud Manager
After you activate a Prisma Access, AIOps for NGFW Premium, or Prisma SD-WAN license, the
Strata Cloud Manager app will be available to you on the Palo Alto Networks hub, or you can
access it directly at stratacloudmanager.paloaltonetworks.com.

Strata Cloud Manager Getting Started 36 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Validate Your Licenses

• At the bottom of the navigation menu, select your tenant details and verify the name of the
tenant you're using, and your licensed products. Here's more on tenant and subscription
management.

• Go to Manage > Configuration > NGFW and Prisma Access to check your Prisma Access
license status and details, and see what other details might be available.

It might be that you do not see much data here just yet if you've not yet onboarded
NGFWs or if your Prisma Access environment is still provisioning. If that's the case,
check back after you've completed the rest of the steps here.

Strata Cloud Manager Getting Started 37 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Monitoring and Visibility with Strata Cloud Manager

• Explore a visualized representation of your network and security infrastructure with the
Command Center.
•
• Monitor your Prisma Access environment, Prisma SD-WAN, and your NGFWs.
• Review your incidents and alerts across Prisma Access, NGFWs, and Prisma SD-WAN.
Inline Best Practice Recommendations and Workflows
Learn more about the best practice guidance and automation that's built directly into
Strata Cloud Manager.

Strata Cloud Manager Getting Started 38 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Onboarding Settings

• Roles and permissions – Learn more about the roles available on Strata Cloud Manager and
associated permissions.
• Device associations – Associate supported cloud applications with your devices.
• Tenant management – Create and manage your hierarchy of business organizations and
units, represented by tenants.

Shared Management for Prisma Access and NGFWs

For Prisma Access and NGFWs, Strata Cloud Manager provides shared management;
onboard NGFWs and Prisma Access users, remote networks, and service connections to
Strata Cloud Manager and enforce a common security policy.
Onboarding NGFWs and Prisma Access to Strata Cloud Manager
• Set up Prisma Access and onboard mobile users, remote networks, and service connections:
• Set up the Prisma Access service infrastructure
• Set up Prisma Access mobile users, including GlobalProtect and Explicit Proxy
connections
• Set up Prisma Access remote networks
• Set up Prisma Access service connections
• Onboard and set up NGFWs:
• Onboarding and Setup for NGFW Cloud Management
Organizing Your Configuration
When working in Strata Cloud Manager configuration settings, the current Manage:
Configuration Scope is always visible to you, and you can toggle your view to manage a

Strata Cloud Manager Getting Started 39 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

broader or more granular configuration. The configuration scope enables you to apply policy
globally, or provide targeted enforcement to certain NGFWs or Prisma Access deployments.

Here's more on how to get started with organizing your Strata Cloud Manager configuration:
• Workflows: Folder ManagementSystem Settings: Folder Management
Use folders to logically group NGFWs for simplified configuration management. The Prisma
Access folders are predefined based on deployment type. You can also enable Web Security
(a simplified management experience for admins managing access to the internet and SaaS
applications) at the folder level.
• Manage: Snippets
Use snippets to group configurations that you can quickly push to your NGFWs or Prisma
Access deployments.
• Manage: Variables
Use variables your configurations to accommodate device or deployment-specific
configuration objects.
Shared Security Policy for NGFWs and Prisma Access
Strata Cloud Manager gives you unified management for Prisma Access and your NGFWs.
Your Strata Cloud Manager security policy is shared, and you can apply it globally across

Strata Cloud Manager Getting Started 40 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Prisma Access and NGFWs, or target specific settings to Prisma Access deployments or
specific groups of firewalls.
Go to Manage > Configuration > NGFW and Prisma Access to get started.

Pushing Configuration Changes to NGFWs and Prisma Access

When managing your Strata Cloud Manager configuration, select Push Config to push
configuration changes to your NGFWs and Prisma Access:

You'll be prompted to set the scope of the configuration push, based on your folders. Here's
more on how to:
• Push your configuration changes
• Review the status of a configuration push
• See how you can clean up your configuration

Strata Cloud Manager Getting Started 41 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Built-In Best Practices in Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software Each of these licenses include access to Strata
NGFW Credits Cloud Manager:
• Prisma Access
•

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Palo Alto Networks best practices are designed to help you get the most secure network possible
by streamlining the process of checking compliance on your network infrastructure. We’ve built
best practice checks directly in to Strata Cloud Manager, so that you can get a live evaluation of
your configuration. Tighten your security posture by aligning with best practices. You can leverage
Strata Cloud Manager to assess your Panorama, NGFW, and Panorama Managed Prisma Access
security configurations against best practices and remediate failed best practice checks.
Best practice guidance aims to help you bolster your security posture, but also to help you
manage your environment efficiently and to best enable user productivity. Continually assess
your configuration against these inline checks—and when you see an opportunity to improve your
security, take action then and there.

Visibility into Best Practice Adoption and Compliance

To get started, you can quickly assess your overall security posture by checking the following
Posture Dashboards.
See how you’re doing at a high-level and pinpoint areas where you might want to start taking
action.

Strata Cloud Manager Getting Started 42 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Monitor Dashboard: Feature Adoption and stay abreast of which security features you’re using
in your deployment and potential gaps in coverage.

• Monitor Dashboard: CDSS Adoption - View security services or feature subscriptions and their
license usage in your devices to identify security gaps and harden the security posture of your
enterprise.

Strata Cloud Manager Getting Started 43 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Get visibility into the security status and trend of your deployment based on the security
postures of the onboarded NGFW devices with Dashboard: Security Posture Insights and be
alerted when incidents occur or your security settings may need a closer look.

Strata Cloud Manager Getting Started 44 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Generate BPA reports for (non-telemetry) PAN-OS devices running versions 9.1 and above,
now including feature adoption metrics.

Best Practice Tools to Strengthen Security Posture

Find a collection of tools to help you improve your security posture.
• Customize security posture checks for your deployment to maximize relevant
recommendations in Manage: Security Posture Settings
• Use Config Cleanup to identify and remove unused configuration objects and policy rules.
• Configure Policy Optimizer Settings to hone and optimize overly permissive security rules so
that they only allow applications that are actually in use in your network.
• Create your own Compliance Checks – Customize existing best practice checks and create and
manage special exemptions to better align to your organization’s business requirements.

Strata Cloud Manager Getting Started 45 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Use Policy Analyzer to quickly ensure that updates you make to your Security policy rules meet
your requirements and don't introduce errors or misconfigurations (such as changes that result
in duplicate or conflicting rules).

Live, Inline Best Practice Configuration Checks

Best practice guidance aims to help you bolster your security posture, but also to help you
manage your environment efficiently and to best enable user productivity. Continually assess
your configuration against these inline checks—and when you see an opportunity to improve your
security, take action then and there.
• Best Practice Scores
Best practice scores are displayed on a feature dashboard (Security policy, decryption, or
URL Access Control, for example). These scores give you a quick view into your best practice
progress. At a glance, you can identify areas for further investigation or where you want to
take action to improve your security posture.
• Best Practice Field Checks
Field-level checks show you exactly where your configuration does not align with a best
practice. Best practice guidance is provided inline, so you can immediately take action.
• Best Practice Assessment
Here, you can get a comprehensive view into how your implementation of a feature aligns with
best practices. Examine failed checks to see where you can make improvements (you can also
review passed checks). Rulebase checks highlight configuration changes you can make outside
of individual rules, for example to a policy object that is used across several rules.
Best practice checks are available for the following objects:
• Your security policy rulebase
Rulebase checks look at how security policy is organized and managed, including configuration
settings that apply across many rules.
• Security rules
• Security profiles
• Anti-Spyware
• Vulnerability Protection
• WildFire and Antivirus
• URL Access Management
• DNS Security
• Authentication
• Application Tag
• Antivirus Profile
• Antivirus Wildfire Analysis Profile
• Anti Spyware Profile
• AI Access Security
• Application Override

Strata Cloud Manager Getting Started 46 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

• Decryption
• Decryption Profile
• DNS Security Profile
• DoS Protection Rule
• DoS Protection Profile
• Device Setup
• Device Setup General
• Device Setup Authentication
• Device Setup Logging Reporting
• Device Setup Management Interface
• Device Setup Minimum Password Complexity
• Authentication Profile
• File Blocking Profile
• GlobalProtect
• Global Protect Portal
• Global Protect Gateway
• Log Forwarding Profile
• Policy Based Forwarding Rule
• SSL/TLS Service Profile
• URL Filtering Profile
• Vulnerability Protection Profile
• Zone
• Zone Protection Profile

Looking for more on Palo Alto Networks best practices?

Here’s the best practices homepage, where you can find resources to help you transition
to and implement best practices.

Strata Cloud Manager Getting Started 47 ©2025 Palo Alto Networks, Inc.
Introducing Strata Cloud Manager

Strata Cloud Manager Getting Started 48 ©2025 Palo Alto Networks, Inc.
Strata Copilot
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

December 2024
Strata Copilot is now available for you to try in Strata Cloud Manager. Keep in mind
that Strata Copilot is learning and might sometimes make mistakes. Please share your
feedback with us as you go; we’ll use it to make copilot better. You’ll also notice that we
regularly release new features and updates to improve your copilot experience.

Chat with Strata Copilot—the ultimate AI-powered assistant—to get real-time, actionable insights
on the health and security of your network:
Find, understand, and resolve threats before they turn into problems
Identify the cause of degraded network and app experience
Open support cases when you want help to fix an issue quickly
Strata Copilot harnesses your network data and activity (from across NGFWs, Prisma Access,
and cloud security services) and combines this with Palo Alto Networks best practice guidance,
to give you clear, actionable answers. Strata Copilot is built inline to Strata Cloud Manager, and
its AI-driven, natural language interface simplifies how you interact with your network. With
increasing usage, Strata Copilot learns from your interactions and preferences to improve and
refine it’s responses to you. The data and insights that Strata Copilot shares with you depends on
the products you’re using with Strata Cloud Manager, your licenses, and your role permissions. If
you aren’t able to view certain data, Strata Copilot will notify you about any required licenses or
access permissions.

49
Strata Copilot

Strata Copilot Availability

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

Strata Copilot serves as your intelligent companion for security management tasks across the Palo
Alto Networks ecosystem. Available in multiple global regions and supporting various products,
it enhances your ability to monitor, analyze, and secure your network infrastructure. This topic
outlines where Strata Copilot is available geographically, which product features it supports, and
the data sources it leverages to provide valuable insights.

Regional Access
Strata Copilot is available with Strata Cloud Manager in the following regions:

Region Countries

North America • United States

• Canada

Europe • United Kingdom

• France
• Germany
• Netherlands

Africa • South Africa

Middle East • Israel

• Qatar
• Saudi Arabia

Asia • India
• Singapore

Strata Cloud Manager Getting Started 50 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Region Countries
• Japan
• China
• Taiwan
• Indonesia

Oceania • Australia

While Strata Copilot is generally available in these regions, regional restrictions may apply
on a per-feature basis.

Availability by Product
Strata Copilot support covers the following product and feature areas in Strata Cloud Manager.
Expansion of Strata Copilot support into additional product and feature areas is ongoing.

Feature Description

Strata Cloud Strata Copilot is supported with these license types and for the
Manager Essentials following features.
and Pro

Prisma Access Monitor global network performance, analyze user connectivity

patterns, view insights on cloud and data center application usage
as well as recommendations for scaling security measures across
distributed networks.

Prisma Access Query and analyze Prisma Access Browser (PAB) event data to
Browser monitor user activity, bandwidth usage, and security risks. Gain
insights into website interactions, device distribution, peak usage
times, active users, and unauthorized data movements. Copilot
supports customizable time ranges for both current and historical data
analysis and includes predefined queries to streamline common PAB
data analysis tasks.
Additional data sets continuing to be added.

Strata Logging Expedite investigations and analysis using AI-assisted search and
Service workflows in Log Viewer. The workflows enable you to quickly explore
logs stored in the Strata Logging Service to help you investigate traffic
encryption, overall network traffic patterns, user behavior and access
control, and connectivity issues.

Autonomous DEM, View comprehensive insights across various connection types in your
including Access SASE environment and troubleshoot access issues to identify and
Analyzer resolve authentication, network, and security-related problems.

Strata Cloud Manager Getting Started 51 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Feature Description

Data Security Analyze sanctioned SaaS applications, detect potential data

compromises, identify malware risks, provide visibility into data
classification and sharing permissions, monitor user and file activities,
and offer proactive remediation suggestions for policy violations and
compliance issues in cloud environments.
Additional data sets continuing to be added.

AI-Powered ADEM View end-to-end insights for all Prisma Access mobile user traffic.
ADEM is an add-on service that you can purchase for Prisma Access.
Additional data sets continuing to be added.

AIOps for NGFW Obtain real-time insights, analyze security gaps, optimize performance,
ensure compliance, predict issues, recommend configurations, guide
incident response, and identify trends, all based on device telemetry
and best practices analysis for next-generation firewall deployments.
Additional data sets continuing to be added.

IoT Security Manage your IoT devices, monitor their security alerts, assess device
vulnerabilities, and gain insights into your IoT network's overall health
and risk posture.

Prisma SD-WAN Efficiently monitor application performance, troubleshoot incidents,

analyze carrier health, track user behaviors, and assess branch site
status to streamline SD-WAN management and optimization tasks.
Additional data sets continuing to be added.

Data and Content Sources

Strata Copilot references these data and content sources, so that its responses to you are both
authoritative and specific to your deployment:
• Your specific network data and activity, across all the products you’re using with
Strata Cloud Manager (your NGFWs, Prisma Access deployment, and cloud security services).
Strata Copilot uses this data to accelerate insights into your own network health and security.
• Palo Alto Networks threat intelligence and CVE protection data, including comprehensive
vulnerability coverage information with threat IDs, descriptions, categories, compatible PAN-
OS versions, release dates, and current status. This enables quick verification of protection
against specific vulnerabilities.
• Palo Alto Networks authoritative technical resources: topics from across the knowledge
base, live community, and public technical documentation, including Palo Alto Networks best
practice guidance. Strata Copilot uses this data to provide quick and summarized answers from
across all Palo Alto Networks knowledge resources.

Strata Cloud Manager Getting Started 52 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Where Strata Copilot Processes Data:

The ephemeral data processing functionality of Strata Copilot is provided by a large
language model in the United States. Data is processed in memory by the large language
model vendor for no longer than necessary, in order to service the specific request in real-
time, and the data is not retained.
Please review the Strata Copilot Supplemental End User License Agreement.

Strata Cloud Manager Getting Started 53 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Get Started with Strata Copilot

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

Strata Copilot is an innovative AI-powered assistant that revolutionizes your experience with
Strata Cloud Manager. This powerful tool offers intuitive interactions, real-time data analysis,
and intelligent responses to help you navigate and optimize your cloud environment with
unprecedented efficiency.
Getting started with Strata Copilot is simple and intuitive. Access the assistant directly from the
Strata Cloud Manager interface and start querying your infrastructure using natural language.
Strata Copilot also supports a comprehensive prompt library with proven query patterns for
various scenarios, including resource utilization analysis and compliance verification.
Strata Copilot responds with various output formats including detailed text explanations, visual
representations of resource relationships, performance dashboards, and executable automation
scripts. From generating summary articles and visualizations to offering AI-assisted workflows,
Strata Copilot adapts to your needs, making cloud infrastructure management more accessible
and effective.
As you interact with Strata Copilot, the underlying machine learning models continuously refine
response accuracy based on your specific environment and usage patterns, making the assistant
increasingly valuable for both routine operations and complex infrastructure management tasks.

Launch Strata Copilot

Strata Cloud Manager Getting Started 54 ©2025 Palo Alto Networks, Inc.
Strata Copilot

The first time you launch Strata Copilot, you will be prompted to review and agree to the
Supplemental End User License Agreement.

To accept the Supplemental End User License Agreement, you must be assigned one of the
following roles:
• Superuser
• Network Administrator
• Security Administrator
• Multitenant Superuser

First Look
To interact with Strata Copilot, you can Search keywords or start a query. Learn how to best
prompt Strata Copilot to quickly get to the information you need.
You can also:
• Start a Conversation by choosing a suggested prompt. These prompts highlight commonly-
asked questions or topics based on your context and location in Strata Cloud Manager. Over
time, these curated prompts are responsive to your viewing history and preferences, too.
• Engage in a dialogue with Strata Copilot, allowing for multi-turn conversations where you can
iterate or ask follow-up questions to refine your results.
• Open a Technical Reference; these references are context-sensitive; Strata Copilot
surfaces the most relevant technical documentation topics based on where you're in
Strata Cloud Manager.

Strata Cloud Manager Getting Started 55 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Response Types
Strata Copilot responses can take different forms depending on your prompt and the information
you seek.
Remember to double-check that all Strata Copilot responses are complete and accurate; Strata
Copilot is learning, and can sometimes make mistakes. If the first response Strata Copilot gives
you isn't right, consider if you can provide more context or detail in your prompt. See if this helps
Strata Copilot to refine it's response.
• Summary articles—Strata Copilot aggregates and summarizes knowledge from all Palo
Alto Networks resources, including technical documentation, knowledge base articles, and
community content, to provide concise, comprehensive answers. Each response includes

Strata Cloud Manager Getting Started 56 ©2025 Palo Alto Networks, Inc.
Strata Copilot

numbered citations to the primary sources used, allowing you to access the original content for
further review.

Strata Cloud Manager Getting Started 57 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 58 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• Real-time data—Strata Copilot provides answers to questions on your deployment and

network activity.

Strata Cloud Manager Getting Started 59 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 60 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• Visualizations—Strata Copilot presents some answers as dynamic and intuitive visualizations.

You can interact with Strata Copilot’s visualizations: toggle between different chart types,

Strata Cloud Manager Getting Started 61 ©2025 Palo Alto Networks, Inc.
Strata Copilot

narrow or expand the data that the charts display, and download chart images. You can specify
preferred visualization types directly in your prompts and follow-up questions.

Strata Cloud Manager Getting Started 62 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 63 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 64 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• AI-assisted workflows—Strata Copilot provides the ability to act on information that you
supply in Log Viewer search queries, enhancing its functionality beyond information retrieval.
You can prompt Strata Copilot to perform specific actions based on the context. Examples

Strata Cloud Manager Getting Started 65 ©2025 Palo Alto Networks, Inc.
Strata Copilot

of actions include searching for IOCs, searching the configuration, navigating to an area in
Strata Cloud Manager, marking apps as sanctioned, and quarantining devices.

Device quarantine is accessible across key areas of the platform, including from the Strata
Cloud Manager Summary, Prisma Access Configuration Overview, and Devices management

Strata Cloud Manager Getting Started 66 ©2025 Palo Alto Networks, Inc.
Strata Copilot

pages. You can initiate device quarantine by providing either the host ID alone or both the host
ID and device serial number.

Strata Cloud Manager Getting Started 67 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Copilot Prompts

Refer to the tips and examples below to get the most from Strata Copilot.

Tips for Improving Prompts

To maximize your experience with Strata Copilot and get the most accurate and helpful
responses, consider the following tips:
• Start with a clear and descriptive prompt.
When initiating a conversation with Strata Copilot, ensure your prompts are descriptive and
provide sufficient context. This helps the system to understand your query better and respond
more accurately.
• Use natural language phrasing. Phrase your questions as you would when speaking to a human
analyst. This conversational approach often yields better results than overly technical or
abbreviated queries.
• Use action words to structure your prompts. Begin your queries with clear action verbs like
"Show me," "Compare," "List," "Highlight," or "Analyze" to clearly communicate what you want
Strata Copilot to do.
• Use precise product terms.
Refer to features by their exact names (for example "Prisma Access", "Log Viewer," "Prisma SD-
WAN") rather than generic words like "logs", "dashboard", "branch", or "events".
• Include context and scope.
Add time frames or filters in your prompt (for example "Display a table of top 10 denied
applications in the last 24 hours, sorted by deny count," not just "Show denies.").
• Specify the output format.
Ask for tables, charts, or summaries (for example "List top 5 sources as a bar chart," or "Give
me a bullet-point summary of high-risk alerts.").
• Start broad, then refine with follow-ups. Begin with general insights before diving into
specifics. For example, first ask "Show me security alerts from the past week" before asking
"Which devices had the most critical alerts yesterday?"
• Chain your questions.
Break complex requests into steps (for example "First, find all devices with failed logins. Then,
summarize by location.").
• Use "versus" or "and" for comparisons.
Compare two entities clearly (for example "VPN usage vs. firewall usage last week," or "Admins
and standard users by number of sessions.").
• Add "exclude" or "filter" clauses.
Tell Strata Copilot what to leave out (for example "Show me all high-severity alerts excluding
scheduled maintenance windows.").

Strata Cloud Manager Getting Started 68 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• Check for query explanations.

If you get a result, make sure to read the "How is this response generated" section below the
response to ensure that Strata Copilot has interpreted your query accurately.
• Rephrase ambiguous prompts.
If Strata Copilot seems confused, try swapping synonyms (for example "failed connections" vs.
"connection errors").
• Refine your questions for better answers.
If Strata Copilot's response does not meet your expectations, refine your prompts by
rephrasing your questions. Strata Copilot adapts and learns from each interaction, improving its
ability to deliver precisely what you need over time.
• Engage regularly for better performance.
The more you interact with Strata Copilot, the more proficient it becomes in understanding and
meeting your specific needs. Regular use is crucial for optimizing its capabilities.
Most importantly, try rephrasing the question when we don't get it right the first time. We are still
learning and your feedback helps us go a long way!
For prompt inspiration, explore our example prompt library. This curated collection offers
effective query patterns tailored to each functional area in Strata Copilot, helping you unlock its
full potential.

Prompt Examples
Looking for inspiration to get the most out of your Strata Copilot experience? Browse through
these example prompts organized by feature area. While not exhaustive, these examples
represent commonly useful queries to help you quickly leverage Strata Copilot's capabilities.
Activity Insights | NGFW Alerts | Prisma Access Browser | Prisma Access SD-WAN | Data Security
| IoT Security | Visualization & Reporting

Activity Insights

Category Prompt

Performance • What are the top applications with poor TLS versions affecting
Monitoring performance?
• How does application performance vary during peak hours?
• What is the impact of TLS 1.3 on our network latency and
throughput?
• Are there recurring performance issues with specific applications?
• Can we identify any correlation between device types and
application performance issues?

User Experience • What are the average user experience scores across different
Assessment network conditions?
• How does device type affect user experience scores?

Strata Cloud Manager Getting Started 69 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Prompt
• What network conditions lead to the worst user experiences?
• Are there specific locations facing frequent user experience issues?
• How do changes in bandwidth allocation affect user experience?

Network Integrity • What is the current uptime for all our Prisma Access locations?
and Status
• Are there any locations experiencing higher than usual incident
rates?
• How does bandwidth usage correlate with incident occurrences?
• What are the common categories of incidents across our network?
• Which locations have the most stable network conditions?

Network • What are the current IP pool allocations and usage rates?
Configuration and
• How are public IPs being utilized across different locations?
Resource Allocation
• Are there any over-allocated or under-utilized resources?
• How frequently are access permissions reviewed for compliance?
• What changes in network configuration have occurred in the last
quarter?

Trend Analysis • What are the recent trends in mobile user network activity?
• How has application traffic changed over the past year?
• Are there emerging security threats based on recent incident
trends?
• What applications are most used during different times of the day?
• Which network segments are experiencing growth in data usage?

Service Stability and • How stable are the connections for our branch sites over the last
Performance month?
• What are the average downtime instances per branch site?
• Which service areas have shown improvement in performance after
upgrades?
• Are there specific times when service stability issues peak?
• What measures have effectively improved service performance?

Threat Response • Tag {application_name} as {tag_type}

• Quarantine a NGFW device with {fw_device_id}, {host_id} and
{device_serial}
• Quarantine a NGFW device with {fw_device_id} and {host_id}
• Quarantine a Prisma Access device with {host_id} and
{device_serial}

Strata Cloud Manager Getting Started 70 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Prompt
• Quarantine a Prisma Access device with {host_id}

NGFW Alerts

Category Questions

Policy Modification • Modify policy in location {location} to {action} access under

conditions: source zone {source_zone}, source address
{source_address}, source user {user}, source device {source_device},
destination zone {destination_zone}, destination address
{destination_address}, destination device {destination_device},
application {application_name}, service {service}, and URL category
{url_category}.
• Modify policy in location {location} to {action} user {user} access to
app {application_name}.

Alert Management • What is the average time it takes to resolve NGFW alerts of priority
and Analysis {alert_priority} in past {duration_value} days?
• What are the top {num_count} oldest NGFW alerts?
• What are the top {num_count} frequently seen NGFW alerts of
category {alert_category} in my deployment?
• What {alert_state} NGFW alerts in past {duration_value} days have
generated PANW support case?
• How many times in past {duration_value} days did NGFW alerts
with priority of {alert_priority} occur in my deployment?

Operational • Show me the output of metric {metric_value} for serial

Commands and {device_serial} for last {duration_value} days.
Monitoring
• Show me the output of command {command_value} for serial
{device_serial} for last {duration_value} days.

Prisma Access Browser

Category Questions

User Activity and • Which users have been most active in the last {duration_value}
Behavior {duration_unit}
• Display the distribution of active devices in last {duration_value}
days
• Display the peak usage hours of Prisma Access Browser across all
users in the last {duration_value} {duration_unit}

Strata Cloud Manager Getting Started 71 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• How many Prisma Access Browser users have there been in the last
{duration_value} days?

File Management and • List all activities involving compressed file extensions in the last
Interactions {duration_value} {duration_unit}
• What are the most common file types uploaded across the
organization, in the last {duration_value} {duration_unit}?
• What are the most common file types downloaded across the
organization, in the last {duration_value} {duration_unit}?
• List all activities involving file uploads to cloud storage services in
the last {duration_value} {duration_unit}
• List all file downloads heavier than {num_count} MB by user and
timestamp, in the last {duration_value} {duration_unit}

Web Interaction • List top {num_count} non-app URLs that are visited the most in the
Analytics last {duration_value} {duration_unit}
• What are the top {num_count} most interacted websites across all
users in the {duration_value} {duration_unit}
• What are the top {num_count} most interacted websites at non-
business hours in the last {duration_value} {duration_unit}

Prisma Access SD-WAN

Category Questions

Application Usage • What are new applications on the network seen in the past
and Performance {duration_value} {duration_unit} that were not seen in the prior?
• What are the top {num_count} collaboration apps in the past
{duration_value} {duration_unit}?
• What top {num_count} apps have the lowest health score in the
past {duration_value} {duration_unit}?
• Which applications have had the most failed connection attempts in
the past {duration_value} {duration_unit}?
• What are the top applications with packet loss in the past
{duration_value} {duration_unit}?
• Which applications have the highest data transfer rates?

Network Incidents • Show me incident with state as {incident_state}, priority as

and Security {incident_priority} and severity as {incident_severity} in the past
{duration_value} {duration_unit} at {branch_site_name}.
• Summarize the incidents that were reported in the past
{duration_value} {duration_unit} at {branch_site_name}.

Strata Cloud Manager Getting Started 72 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• How many HA failover events have occurred in the past
{duration_value} {duration_unit}?
• Show me critical process restarts in the past {duration_value}
{duration_unit}.
• List the top sites with incidents of category {incident_category}.

Site and Network • Which sites have been down repeatedly in the last {duration_value}
Management {duration_unit}?
• Analyze the trend of sites that have been down in the last
{duration_value} {duration_unit}.
• Which site is consuming the most bandwidth over the past
{duration_value} {duration_unit}?
• Show me the list of sites with {carrier} network down in the past
{duration_value} {duration_unit}.
• List the sites that have went down in the last {duration_value}
{duration_unit}.

User Behavior and • Which users have shown the most traffic volume growth in the past
Traffic Analysis {duration_value} {duration_unit}?
• How many unique users are using my network over the past
{duration_value} {duration_unit}?
• Show me a breakdown of users per site, sorted by most users to
least user count over the past {duration_value} {duration_unit}.
• For username {user} what are the top {num_count} applications in
the past {duration_value} {duration_unit}.

Network Carriers and • What is the traffic distribution per carrier across my network in the
IP Management past {duration_value} {duration_unit}?
• How many unique Source IPs are in my network over the past
{duration_value} {duration_unit}?
• Who are the top {num_count} source IPs by traffic volume in my
network over the past {duration_value} {duration_unit}?
• What Source IP addresses have shown the most traffic volume
growth in the past {duration_value} {duration_unit}?

Data Security

Category Questions

Incident Detection • How many new saas incidents have been detected in the last
and Analysis {duration_value} {duration_unit}?

Strata Cloud Manager Getting Started 73 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• What are the top applications we detected saas incidents on in the
last {duration_value} {duration_unit}?
• How many new inline incidents have been detected in the last
{duration_value} {duration_unit}?
• What are the top applications we detected inline incidents on in the
last {duration_value} {duration_unit}?

Incident • Who are the top assignees for all open saas incidents?
Management
• Who are the top assignees for all open inline incidents?

Application and Asset • What are the top high risk applications used in my organization?
Risk Assessment
• What are the top unsanctioned applications used in my
organization?
• What are the top tolerated applications used in my organization?
• What is the data risk for {application_name}?
• What are the top applications with highest impacted users in the
past {duration} hours?

Asset Exposure and • What are the top sensitive assets with {exposure} exposure?
Ownership
• Who are the top users who own assets with {exposure} exposure?
• Who are the users who own assets which have {data_profile} data?
• Who are the high data risk users owning sensitive assets in my
organization?
• What are the high risk sensitive assets owned by {user}?

IoT Security

Category Questions

Device and Network • What are the top category of devices in my network by number of
Inventory devices?
• What are the most common vendors of type {device_type} devices
in my network?
• Where are my category {device_category} devices?
• Where are my type {device_type} devices?
• What are my top device vendors by number of devices?

Security Posture and • Are there devices with weak security posture in my network?
Risk Analysis
• What device categories have a higher number of risky devices?
• Which devices are affected by vulnerabilities exploited in the wild?

Strata Cloud Manager Getting Started 74 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Category Questions
• What are the riskiest vulnerabilities that can be exploited remotely?
• Where are my riskiest devices?

Network • Which subnets have mixed business critical IoT devices with IT
Segmentation and devices?
Critical Assets
• Which subnets have a higher number of risky devices?
• Which subnets have devices of type {device_type}?
• Which subnets have devices of category {device_category}?
• What are my risky subnets?

Vulnerability and • Show me top risky devices affected by {vulnerability_priority}

Attack Vector priority vulnerabilities.
Analysis
• Show me top risky devices affected by {vulnerability_severity}
severity vulnerabilities.
• Show me risky and confirmed vulnerabilities affecting devices of
type {device_type}.
• Show me devices that are affected by {CVE}.
• Show me risky and confirmed vulnerabilities affecting devices of
vendor {device_vendor}.

Connectivity and • Show me devices connected to {destination_country}.

External Exposure
• Show me devices connected to malicious destinations.
• Which profiles have business critical IoT devices connected to the
internet?
• Which profiles have business critical IoT devices connected to
malicious destinations?
• Are there Windows devices running end of support OS?

Device Utilization • How many category {device_category} devices have been offline for
and Downtime more than {duration_value} {duration_unit}?
• How many type {device_type} devices have been offline for more
than {duration_value} {duration_unit}?

Specific Device • Tell me about device with IP {device_ip}.

Queries
• Which devices have used {application_name} application in the last
{duration_value} {duration_unit}?

Alert Management • What are the new security alerts I should pay attention to?

Strata Cloud Manager Getting Started 75 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Visualization & Reporting

Category Questions

Threat Identification • What are the top critical threats in my network?

and Analysis
• Show me the critical severity {threat_category} found on my
network in the last {duration_value} {duration_unit}?
• How many times was the {threat_name} threat seen in the past
{duration_value} {duration_unit}?
• Show me the frequency of the {threat_name} threat seen in the past
{duration_value} {duration_unit}?
• Show me the top threats by session.
• Show me the top threat subcategories by session.
• Show me the top 5 users along with their threat ID, source IP, and
destination IP for threat category C2.

Threat Trends and • Show the trend of detected threats in the last {duration_value}
Distribution {duration_unit}?
• What is the threat category distribution in the past {duration_value}
{duration_unit}?
• Show me the breakdown of threat activity by allowed vs blocked
actions

URL Monitoring and • What is the risk level breakdown of URL activity?
Security
• What are the top risky URLs in my network?
• Show me the most common blocked URLs by risk category.
• Show me the total URLs accessed between {start_time} and
{end_time}?

Policy and Guidelines • List the policies for the URL {uri}
for URLs
• Outline the rules pertaining to the website {uri}

Strata Cloud Manager Getting Started 76 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Get Help with Strata Copilot

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Copilot insights can also depend

on the products you’re using with Strata
Cloud Manager, your licenses, and your role
permissions.

Strata Copilot is your versatile AI assistant designed to enhance your experience with Strata
Cloud Manager. To ensure the best product experience possible, we continuously improve Strata
Copilot's functionality and responses based on your valuable feedback. You can leverage Strata
Copilot to troubleshoot Strata Cloud Manager issues, open support cases, and gain insights. By
mastering Strata Copilot's capabilities, you'll optimize your workflow, quickly address challenges,
and maximize the potential of your Strata Cloud Manager environment.

Share Feedback About a Response

For any Strata Copilot response, you can give a thumbs up to indicate that the response was
helpful, or give a thumbs down to let us know that the response wasn't what you were expecting.
Leaving detailed feedback on Strata Copilot responses, including what worked well and what
didn’t, helps us to make Strata Copilot better.

Get Remediation Guidance or Open a Support Case

When facing a technical issue, you can use Strata Copilot to efficiently open a support case or get
remediation guidance. There are two ways to initiate this process:

Strata Cloud Manager Getting Started 77 ©2025 Palo Alto Networks, Inc.
Strata Copilot

• In a Strata Copilot chat, type Open a Case.

• Click the Create a support ticket button at the bottom of the Copilot interface.

After you begin the process of opening a support ticket, Strata Copilot guides you through an
intelligent case creation process. It begins by collecting all necessary information upfront, ensuring
that no crucial details are missed. Strata Copilot ensures comprehensive information gathering
through mandatory data fields for each case type, while still maintaining flexibility for critical
severity cases. As you provide information, the system conducts an automated analysis using
category-specific playbooks, including a dedicated playbook for commit issues.

Strata Cloud Manager Getting Started 78 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Throughout this process, you'll receive real-time updates, keeping you informed of the playbook's
progress. If you need to step away, Strata Copilot preserves your case creation state for one hour,
allowing you to resume if interrupted.
As Strata Copilot processes your input, it also leverages your case details to provide relevant
technical content resources. These resources are designed to help you quickly address issues on
your own, potentially resolving your problem without the need to wait for a case agent. If you find
that you still need support after reviewing the provided resources, you can easily proceed with
submitting the case, now enriched with all the necessary information for swift resolution.
This workflow provides you with a streamlined and effective support experience.

Strata Cloud Manager Getting Started 79 ©2025 Palo Alto Networks, Inc.
Strata Copilot

Strata Cloud Manager Getting Started 80 ©2025 Palo Alto Networks, Inc.
AI Canvas
Where Can I Use This? What Do I Need?

• Strata Cloud Manager deployed in the US Prisma Access license

region Acceptance of the Strata Copilot SEULA
for the tenant
Enrollment in the AI Canvas beta.

AI Canvas is available in beta for select customers. To participate, please reach out to your
account representative or email [email protected] with
your TSG ID.

AI Canvas is a no-code data exploration tool that revolutionizes how you interact with your
security data. Through its flexible, intuitive interface, you can seamlessly explore and visualize
your data without the constraints of traditional dashboards.
While conventional approaches require navigating multiple screens and applying complex
filters, AI Canvas empowers you to ask questions in natural language and receive immediate
insights. This transformative approach delivers four key advantages: speed—obtaining instant
insights without waiting for new reports; simplicity—using plain English instead of complex query
languages; flexibility—creating and arranging widgets to suit your specific needs; and collaboration
—saving and sharing canvases with colleagues.
Security remains paramount with AI Canvas, as it fully honors role-based access control (RBAC).
This ensures users can only access, create, view, and share data they're authorized to see. While
widgets and canvases are personal by default, they can be easily shared with other Strata Cloud
Manager users when needed.
When troubleshooting, AI Canvas eliminates the fragmented experience of gathering information
from multiple sources. You can build focused canvases that consolidate all relevant data into a
single view. AI Canvas further enhances user confidence through transparent error messages and
clear explanations of generated queries, making complex data exploration accessible to everyone.

81
AI Canvas

Core Components
At its core, AI Canvas consists of widgets and canvases:
• Widgets—Individual data visualizations created through natural language queries or Strata
Copilot. These widgets can display various types of charts, tables, and other visualizations
based on your security data. The widget library serves as a repository for all created widgets,
allowing for easy reuse and management.
• Canvases—Customizable workspaces where administrators can assemble multiple widgets
using drag-and-drop functionality. A canvas provides a comprehensive view of related security
data, eliminating the need to switch between different dashboards.

Strata Cloud Manager Getting Started 82 ©2025 Palo Alto Networks, Inc.
AI Canvas

Data Sources
Currently, AI Canvas supports the following data sources:
• Prisma Access logs and metrics
• Log Viewer data (Threat, Traffic, URL logs)

Strata Cloud Manager Getting Started 83 ©2025 Palo Alto Networks, Inc.
AI Canvas

Create an AI Canvas
Where Can I Use This? What Do I Need?

• Strata Cloud Manager deployed in the US Prisma Access license

region Acceptance of the Strata Copilot SEULA
for the tenant
Enrollment in the AI Canvas beta.

You can create an AI Canvas using one of two approaches:

• Create from scratch—Start with a blank canvas and manually add individual widgets from the
Widget Library.
• Generate from a query—Use Strata Copilot to automatically build a canvas by describing what
you want to see in natural language.
Both methods allow you to customize your canvas after creation by adding, removing, or
rearranging widgets.

Strata Cloud Manager Getting Started 84 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 1 | Select AI Canvas from Strata Cloud Manager menu.

STEP 2 | Choose how you want to create your canvas:

• To create from scratch: Select Create a Canvas from Scratch.
• To generate from a query: Enter a descriptive query in the text field and press the arrow or
Enter key.
Example queries:
• Show me threats in my network that have occurred in the last 6
hours.
• Show me user activity in my network.

STEP 3 | Enter a descriptive name for your canvas.

Strata Cloud Manager Getting Started 85 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 4 | Customize your canvas by adding or modifying widgets:

• If you created from scratch: Find widgets in the Widget Library and drag and drop them
onto your canvas.
• If you generated from a query: Review the automatically generated widgets and make
changes as needed.
For all canvases, you can:
• Resize widgets

• Rearrange widgets

• Automatically compact widget spacing to eliminate empty space

For more information, see Manage Widgets.

STEP 5 | Click the palette icon at the top right to adjust the color story for your AI Canvas.
Four seasonal color palettes are available.

STEP 6 | Save your canvas when finished.

Strata Cloud Manager Getting Started 86 ©2025 Palo Alto Networks, Inc.
AI Canvas

Manage Widgets
Where Can I Use This? What Do I Need?

• Strata Cloud Manager deployed in the US Prisma Access license

region Acceptance of the Strata Copilot SEULA
for the tenant
Enrollment in the AI Canvas beta.

AI Canvas allows you to create and manage widgets that visualize your data. From AI Canvas, you
can create new widgets and access your widget library for customization and organization.

Create a Widget from a Query

Create widgets quickly by using natural language queries to specify the data you want to visualize.

Strata Cloud Manager Getting Started 87 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 1 | Enter a query in natural language for the data you want to visualize, choose the data source,
and then click the arrow to run the query.

For tips on crafting effective natural language queries, see AI Canvas Best Practices.

STEP 2 | Use the chart controls at the top of the widget to preview different displays for your data.

STEP 3 | If you are satisfied with the visualization, Add to Widget Library.

Strata Cloud Manager Getting Started 88 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 4 | Proceed to add the widget to a canvas.

View, Edit, and Export Widgets

STEP 1 | From AI Canvas, select the Widget Library.

Strata Cloud Manager Getting Started 89 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 2 | To view a widget in more detail and refresh the display, select the widget.

Strata Cloud Manager Getting Started 90 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 3 | Use the chart icons at the top left of the chart to switch between your preferred visualization
chart type.

The options that are available vary by the type of data. Examples include bar chart (stacked
and grouped), table, multi-line graph, map, donut and more.

STEP 4 | Use additional controls on the top right of the chart to zoom in or out on specific data.

The chart will refresh to show data in your narrower or expanded view.

STEP 5 | If you suspect the data may have changed recently, you can also Regenerate the widget.

STEP 6 | Export the chart, if desired.

You can either export the raw data to table form, or you can export the current visualization as
a PNG file.

STEP 7 | When you are satisfied, Close the widget view.

Strata Cloud Manager Getting Started 91 ©2025 Palo Alto Networks, Inc.
AI Canvas

STEP 8 | If you haven't already, proceed to create an AI Canvas and add the new widget.

Delete an Unused Widget

You can delete a widget that isn't currently in use on an AI Canvas.
STEP 1 | From AI Canvas, select the Widget Library.

STEP 2 | From the more actions menu ( ) for a widget select Delete.

If the Delete option is grayed out, it means the widget is currently in use. You must
first remove the widget from all canvases before you can delete it.

Strata Cloud Manager Getting Started 92 ©2025 Palo Alto Networks, Inc.
AI Canvas

AI Canvas Best Practices

To get the most out of AI Canvas, follow these best practices for creating effective natural
language queries and exploring your security data.

Best Practices for Prompting

Effective prompting is key to getting accurate and useful results from AI Canvas. Follow these
guidelines to craft better queries:
• Begin with broad metrics.
Start your analysis with high-level overviews to understand the scope:
• "Show me the total number of threats in the last 24 hours."
• "Summarize our overall security posture this week."
• Segment by categories.
Break down information into logical segments:
• "Break down threats by category and severity."
• "Show distribution of traffic by application type."
• Identify key contributors.
Find the most significant entities:
• "Who are the top 10 affected users this week?"
• "Which apps generated the most incidents?"
• Analyze trends over time.
Look for patterns across different time periods:
• "Compare incident volume this week vs. last week."
• "Trend of traffic volume by application over the past 30 days."
• Explore correlations.
Investigate relationships between different factors:
• "Show top users by threat category and source IP."
• "What are the most used high-risk applications by location?"
• Apply targeted filters.
Narrow focus to specific areas of interest:
• "Show me threats from San Jose with severity high."
• "Display only critical alerts affecting production servers."

Strata Cloud Manager Getting Started 93 ©2025 Palo Alto Networks, Inc.
AI Canvas

• Detect anomalies.
Look for unusual patterns or outliers:
• "What unusual traffic patterns were observed today?"
• "Identify any spike in failed login attempts this week."

Prompt Samples
Use these sample prompts as starting points for your own queries:

Threat Analysis
• Show me the top 5 threat categories, subcategories, and severities in the last 24 hours
• Show me top affected users by those top 5 threats
• Show me the top affected users and threat count in the last 24 hours
• Show me the top 5 users along with their threat ID, source IP, and destination IP for threat
category C2
• Show me the top threats by session
• Show me the top threat subcategories by session
• Show me the number of threats per PA location

Application Analysis
• Can you show me the top 10 risky applications that are accessed by top affected users
• Top 10 applications with highest impacted users in the past 3 hours
• Show me top applications in the last 30 days
• Which users are using the highest-risk applications
• What are the most used applications
• Which users were denied application access in the last 7 days

User Analysis
• How many users are using GlobalProtect version 6.3.3 and what are their names?
• How many users have been seen in the last week running GlobalProtect version 6.3.3?
• How many Prisma Access users in the last 30 days
• Show me top 10 users with high bandwidth

Location and Infrastructure

• Show me top 10 incidents in PA locations
• Show me top users impacted by top incidents
• What are the top 10 Prisma Access locations seeing high traffic volume?
• What is the current status of each PA location
• Provide a list of all Prisma Access locations with the respective number of egress IPs for MU,
EP, and RNs

Strata Cloud Manager Getting Started 94 ©2025 Palo Alto Networks, Inc.
AI Canvas

• Give me the list of all migrated Remote Networks

• Provide me the count of Remote Networks which are down
• Show me the tunnels which are in UP status
For additional Strata Copilot prompt examples across, see Strata Copilot Prompts.

Data Exploration Tasks

Follow these systematic approaches to explore your security data effectively:
• Identify Key Metrics
Start by asking for high-level summaries to understand the overall state of your environment.
Example: "Show me the total number of threats in the last 24 hours."
• Drill Down Into Categories
Narrow the focus by exploring subcategories or specific types of data.
Example: "Break down threats by category and severity."
• Spot Top Entities
Identify the most significant users, applications, locations, or assets in your environment.
Examples:
• "Who are the top 10 affected users this week?"
• "Which apps generated the most incidents?"
• Compare Over Time
Use time-based comparisons to identify trends and changes in your security posture.
Examples:
• "Compare incident volume this week vs. last week."
• "Trend of traffic volume by application over the past 30 days."
• Correlate Data Across Dimensions
Explore relationships between different entities to uncover hidden patterns.
Examples:
• "Show top users by threat category and source IP."
• "What are the most used high-risk applications by location?"
• Filter by Attributes
Add specific filters to focus on the most relevant data for your investigation.
Example: "Show me threats from San Jose with severity high."
• Look for Anomalies or Spikes
Ask for outliers or unusual changes that might indicate security issues.
Example: "What unusual traffic patterns were observed today?"

Strata Cloud Manager Getting Started 95 ©2025 Palo Alto Networks, Inc.
AI Canvas

Manage an Existing Canvas

Where Can I Use This? What Do I Need?

• Strata Cloud Manager deployed in the US Prisma Access license

region Acceptance of the Strata Copilot SEULA
for the tenant
Enrollment in the AI Canvas beta.

Export a Canvas
If you want to export a canvas, you can save it as a professionally formatted PDF.
STEP 1 | From AI Canvas, open the canvas you want to export.

STEP 2 | Click Generate Report and then Download.

STEP 3 | Save as PDF or print the canvas as desired.

Share a Canvas
You can generate a shareable link that other administrators can use to quickly view a snapshot of
a canvas. AI Canvas preserves the view of the data in the canvas at the time it was shared.
STEP 1 | From AI Canvas, open the canvas you want to export.

STEP 2 | Click Generate Report and then Share.

STEP 3 | Copy link to save it to your clipboard and then Close the dialog.

STEP 4 | Paste the link in your preferred communication tool of choice to send to the administrator.
The administrator must log in to the Strata Cloud Manager with their credentials to view the
canvas snapshot.

Delete a Canvas
There are two ways to delete a canvas:
•
From the Canvas List: Use the Delete option in the more actions ( ) menu
• Within an open canvas: Click the delete icon located at the top of the canvas

Strata Cloud Manager Getting Started 96 ©2025 Palo Alto Networks, Inc.
AI Canvas

Get Help with AI Canvas

Where Can I Use This? What Do I Need?

• Strata Cloud Manager deployed in the US Prisma Access license

region Acceptance of the Strata Copilot SEULA
for the tenant
Enrollment in the AI Canvas beta.

Troubleshoot AI Canvas
When working with AI Canvas, you might encounter situations where your queries return no
results. To resolve this issue:
• Verify that your time range settings are appropriate for the data you're seeking
• Try refining or broadening your natural language query to better match available data
• Review the prompting best practices and sample queries for guidance on effective query
phrasing
• Use the Help icon located on the widget to find recommendations for effective query phrasing

Support and Feedback

If you need assistance with AI Canvas or have suggestions for improvement, please reach out to
[email protected]. You can also start a discussion on Live Community
to connect with other users and share your experiences.

Strata Cloud Manager Getting Started 97 ©2025 Palo Alto Networks, Inc.
AI Canvas

Strata Cloud Manager Getting Started 98 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud
Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including Cloud NGFWs and those funded
by Software NGFW Credits
•

The other licenses and prerequisites needed

to access the Command Center:

A specific license to view certain metrics

in the Command Center that is outlined
below
A role that has permission to view the
Command Center
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Strata Cloud Manager Command Center is your new NetSec homepage; it is an interactive
visual summary that will help you assess the health, security, and efficiency of your network.
The command center provides a consolidated view of the NetSec platform, and gives you
comprehensive visibility into your Sources, Applications, Prisma Access deployment, your
NGFWs, and your security services in a single place.

99
Command Center: Strata Cloud Manager

The command center enables you to interact with the data and visualize the relationships
between events on the network, so that you can take immediate actions to strengthen your
security.
The command center is integrated with the new Activity Insights dashboards (Insights > Activity
Insights), and will highlight anomalies detected by your onboarded licenses and subscriptions
through actionable insights, and provide a path to remediate those anomalies.
From the new homepage, you can see:
• A comprehensive view of all traffic on your network flowing between sources (users, IoT
devices, external hosts) to applications (internet, SaaS, private).
• How assets such as users, devices, and applications are being accessed and secured.
• Navigate to specific dashboards with context for deeper understanding of the issues impacting
your network.
• Types of threats encountered while users are working.
Launch Strata Cloud Manager and click Command Center ( ) to get started.

Strata Cloud Manager Getting Started 100 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

How to Interact with the Strata Cloud Manager

Command Center
Each view in the command center neatly breaks down all the information you would need to
assess the health and security of your network.

The command center automatically refreshes data every 5 minutes and displays the last 24 hours
of data by default. You have the option to filter this data for different time periods: the past 1
hour, 3 hours, 7 days, or 30 days.
Each command center view displays different types of visual data flowing from the sources,
through Prisma Access and NGFWs or security subscriptions deployed on your network, to the
various applications on your network.

The Sources bubbles (hybrid workers, office users, IoT devices, Prisma Access Browser-Enabled
users, and others) are on the left and the Applications bubbles (accessed on the internet, SaaS,
and hosted on-prem or in-cloud) are on the right. The application bubbles display the top three
most used applications in each category.

Strata Cloud Manager Getting Started 101 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Sources include:
• IoT Devices – Devices discovered by an active IoT Security license and enabled.
• Users – Remote and Branch users.
• Other – Internal and external hosts accessing resources on the internet.
Applications include:
• Internet Apps – Applications accessed using a web browser.
• SaaS Apps – Cloud apps owned and managed by an application service provider.
• Private Apps – Applications hosted in a data center.
You can filter the data in the central view by clicking on the bubbles for sources, deployments,
or applications. This will provide you a more detailed view of the tracked data for that view in
relation to the bubble selected.
By selecting filters ( ), you can filter the data in the command center views by Tenant orNGFW
or Prisma Access specific data.
Hovering over the sources allows you to see the Agent-Enabled User Devices and PA Browser-
Enabled User Devices.
With an AI Access license, you can filter the traffic in all command center views by GenAI Apps
only to better evaluate how GenAI apps in use by users on your network might be affecting your
data security.

For more information on AI Access Security and AI Access Security licenses, see AI Access
Security.

With an Strata Cloud Manager Pro license, you can enable the Quantum Readiness View to start
evaluating your post-quantum cryptography (PQC) posture.

For more information about PQC, Quantum Security, and Quantum Readiness, click here.

Strata Cloud Manager Getting Started 102 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

When looking at one of the views, you can mouse over the lines for more information about your
network, such as the traffic or the threats blocked or allowed on your network.

Strata Cloud Manager Getting Started 103 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Below the central visual summary are several key metrics tracked by your activated subscriptions
that provide actionable insights into your network. These key metrics provide the ability to
navigate to one of several detailed context pages where you can find more information about the
metrics that have surfaced and drill-down into possible solutions.

Strata Cloud Manager Getting Started 104 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Strata Cloud Manager Command Center Views

The command center provides you with four different views, each with their own tracked data
and metrics to examine and interact with.
• Summary
• Threats
• Operational Health
• Data Security

Strata Cloud Manager Getting Started 105 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Command Center (Summary)

The Summary view displays a high-level look at all traffic from your users, external hosts, IoT
devices, and applications, as well as a preview of some of the issues and anomalies on your
network that are spotlighted by the other views. You can use this view as the first-look into the
health of your network each day.

Summary Licenses • You must have at least one of these

licenses that comes with a Strata Logging
Service license to use the Strata Command
Center:
Prisma Access license
AIOps for NGFW Premium license
• Or an AIOPs for NGFW Free license
alongside a Strata Logging Service license
• Licenses that are needed for additional
metrics in the Summary view:
Cloud-Delivered Security Services
(CDSS) subscriptions
Data Security subscriptions
ADEM license
AI Access license
Prisma Access Browser license

Central Summary View

The central Summary view provides a look into the data being transferred between the IoT
devices, users, external hosts accessing resources from the internet, internet apps, SaaS apps, and
private apps on your network.

The lines in the central Summary view represent the data transfers and traffic on your network,
with the thickness of the lines representing the volume of data being transferred from sources
and applications.
You can see how these sources are being secured by your network infrastructure:

Strata Cloud Manager Getting Started 106 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

• Prisma Access deployments

• Next-Generation Firewalls from your Strata Logging Service inventory

Total Threats Count

The Total Threats Count widget gives you a quick view into the total number of threats detected
in your network, how many threats have been blocked, how many threats have been alerted, and
the change in threats from a selected time range.

Click through to the Activities Insights (Insights > Activity Insights > Threats) screen for a more
detailed breakdown of threats on your network.

Open Incidents and User Experience

The Open Incidents and User Experience widget gives you a view into the total count of open
incidents, the breakdown of good and potentially degraded user experience from individual
segments in the service delivery chain from a user device to an application, and the change in
open incidents from a selected time range.

Click through to the Application Experience dashboard (Dashboards > Application

ExperienceInsights > Operational > Application Experience) for a more detailed breakdown of the
health and user experience across your network and performance metrics.

Top Data Profiles by Action

The Top Data Profiles widgets gives you a view into the top predefined data filtering profiles,
the number of matches found in network traffic, and the action taken for sensitive data based on
those data profiles.

Strata Cloud Manager Getting Started 107 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Click through to the Data Security view (Command Center > Data Security) for a more detailed
breakdown of sensitive data on your network.

Top GenAI Use Cases by Users and GenAI Apps

The Top GenAI Use Cases by User widget gives you a view into the top use cases for GenAI apps
being utilized by users on your networks, the amount of users for each use case, and the amount
of GenAI apps that fall under each use case.
You can also see the total number of GenAI apps on your networks, as well as the percentage
shift in apps based off of the time filter.

Click through to the AI Access Security (Insights > AI Access) dashboard in Activity Insights for
a more detailed breakdown into GenAI app adoption on your network and recommendations for
how to better secure your data.

For more information about how your organization can safely adopt GenAI applications
while mitigating risks to your data security, see AI Access Security.

Strata Cloud Manager Getting Started 108 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Threats
The Threats view shows the traffic inspected on your network and threats detected by your
CDSS subscriptions. You can use this view to monitor the blocked and alerted threats on your
network or investigate areas of your network that need updated policies to better block any
alerted threats.

Threats Licenses • Threats licenses, including:

Threat Prevention license
URL Filtering license
WildFire license
DNS Security license

Central Threats View

The central Threats view provides a look into all the threats on your network that have been
identified by your active Cloud-Delivered Security Services subscriptions.
The Threats view will show how your Palo Alto Networks CDSS subscriptions are protecting your
traffic by monitoring potential threats on your network. The Command Center gives you insight
into the percentage of traffic inspected for your IoT devices, users, and applications, and the total
number of threats allowed or alerted.

The lines in the central Threats view represent the traffic being monitored by your security
subscriptions, with the thickness representing the volume of threats detected and the color
representing if the threats are of critical, high, medium, or low severity.

Security Subscriptions
The Security Subscriptions widget gives you a view into your Cloud-Delivered Security
Subscriptions, which ones are active, and a snapshot of how they are securing your network.

Subscription Description

Threat Prevention Threat Prevention defends your network against

both commodity threats—which are pervasive but not

Strata Cloud Manager Getting Started 109 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Subscription Description
sophisticated—and targeted, advanced threats perpetuated
by organized cyber adversaries.

URL Filtering Advanced URL Filtering is our comprehensive URL filtering

solution that protects your network and users from web-
based threats.

WildFire The cloud-delivered WildFire malware analysis service

uses data and threat intelligence from the industry’s
largest global community, and applies advanced analysis to
automatically identify unknown threats and stop attackers
in their tracks.

DNS Security Automatically secure your DNS traffic by using Palo Alto
Networks DNS Security service.

Clicking on the Security Subscriptions widget (Command Center > View Security Subscriptions)
gives you a detailed report of the status of your subscriptions in relation to your NGFWs and
Prisma Access deployments. Click Back to the Dashboard to return to the Threats view.

Total Threats Count

Strata Cloud Manager Getting Started 110 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Click through to the Activities Insights (Insights > Activity Insights > Threats) for a more detailed
breakdown of threats on your network.

Blocked and Alerted Threats

The Blocked and Alerted Threats widget gives you a top-down-view of the threats being
detected in your network, organizing them by category, threat level (critical, high, medium, and
low), and if the threats have been blocked or alerted.

Click through for a more detailed table of all the threats impacting your network (Insights >
Activity Insights > Threats).

Strata Cloud Manager Getting Started 111 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Operational Health
The Operational Health view shows the health of infrastructure and user experience on your
network. You can use this view to monitor the health of your NGFWs and Prisma Access
deployments as well as the user experience on your network and review the severity of open
incidents in each area.

Operational Health Licenses • Monitoring subscriptions, including:

ADEM Observability
AI-Powered ADEM
AIOps for NGFW premium

Central Operational Health View

The central Operational Health view provides a look into the health of infrastructure and of the
user experience on your network. If users have an Autonomous Digital Experience Management
(ADEM) license, they will receive enhanced data in this view.
The Operational Health view will show how your Palo Alto Networks ADEM subscription
monitors the digital experience across all users, and applications in your SASE environment.

The lines in the central Operational Health view represent all the users on your network. The
users are organized by user experience score, with the colors of the lines representing a rating of
good, poor, or unmonitored.

Total Open Incidents and Incidents by Severity

The Open Health Incidents by Severity widget gives you a view into the all open incidents on
your network, broken down by scope (NGFW, Prisma Access, and Prisma SD-WAN), severity, and
quantity of incidents.

Strata Cloud Manager Getting Started 112 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

The widget tracks the percent change in open incidents based on the time period selected.
Click through to the Incidents and Alerts dashboard for each available scope (Incidents and Alerts
> Prisma Access / NGFW > All Incidents).

Top Subcategories for Open Health Incidents

The Top Subcategories for Open Health Incidents widget gives you a view into the top
subcategories of the open health incidents on your network, organized by scope, subcategory,
quantity of incidents, and what is impacted (data centers, sites, devices, etc.).
The widget will display the top five subcategories for a single scope, or the top two subcategories
for multiple scopes when available.

Click through to the Incidents and Alerts dashboard (Incidents and Alerts > Prisma Access /
NGFW / Prisma SD-WAN) for more details on the incidents.

Monitored Users and User Experience

Strata Cloud Manager Getting Started 113 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Click through to the Application Experience dashboard (Dashboards > Application Experience)
for a more detailed breakdown of experience across your network and performance metrics.

Strata Cloud Manager Getting Started 114 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Best Practices

Strata Cloud Manager Getting Started 115 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Data Security
The Data Security view shows all the sensitive data detected across your network and various
connected SaaS applications. You can use this to monitor and identify high risk sensitive data
flows in your organization.

Data Security Licenses • Data Security licenses, including:

SaaS Security license
Data Security license
Enterprise DLP license

Central Data Security View

The central Data Security view provides the sensitive and high risk data map across your network
and connected SaaS applications. The command center gives you insight into sensitive data users
in the organization, the specific sanctioned, unsanctioned, tolerated, or untagged applications
where there is sensitive data activity detected (asset upload, download, or assets exposed) as well
as number of assets allowed, blocked, quarantined, revoked sharing, or exposed.

The lines in the central Data Security view represent sensitive data being detected through data
at rest and data in motion security solutions, with the thickness of the lines representing the
quantity of data and the color representing whether that data has been flagged or classified as
critical, high, medium, or low risk.

Security Subscriptions
The Security Subscriptions widget gives you a view into your Data Security Subscriptions, which
ones are active, and a snapshot of how they are securing your network.

Subscription Descrition

DLP Inline Enterprise DLP is a cloud-based service that uses supervised

machine learning algorithms to sort sensitive documents into
categories to guard against exposures, data loss, and data
exfiltration.

Strata Cloud Manager Getting Started 116 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Subscription Descrition

SaaS Inline The SaaS Inline solution works withStrata Logging Service to
discover all the SaaS applications that are being used on your
network.

SaaS API SaaS API is a cloud-based service you can connect directly
to your sanctioned SaaS applications using the cloud app’s
API and provide data classification, sharing or permission
visibility, and threat detection within the application.

Posture Security SaaS Security Posture Management (SSPM) helps detect

and remediate misconfigured settings in sanctioned SaaS
applications through continuous monitoring.

Email DLP Email DLP is an add-on to Enterprise DLP that prevents

exfiltration of emails containing sensitive information with
AI/ML powered data detections.

Clicking on the Security Subscriptions widget (Command Center > View Security Subscriptions)
gives you a detailed report of the status of your subscriptions in relation to your NGFW and
Prisma Access deployments. Click Back to the Dashboard to return to the Data Security view.

Strata Cloud Manager Getting Started 117 ©2025 Palo Alto Networks, Inc.
Command Center: Strata Cloud Manager

Top Data Profiles

The Top Data Profiles widget shows the top data profiles detected across all the sensitive data
inspected, the severity of the data profile as well as the number of asset matches detected inline
with data in motion versus data at rest.

Click through to the Data Loss Prevention dashboard (Manage > Configuration > Data Loss
Prevention) to review all predefined data profiles and add custom data profiles.

Data Trend
The Data Trend widget shows trend in sensitive data monitored by your data security
subscriptions, organized by the percent change in total assets, data risks, and posture violations.

Click through to the Data Risk dashboard (Manage > Configuration > Data Loss Prevention >
Data Risk) to understand your overall data risk score and review actionable recommendations to
improve the data security posture of your organization.

Strata Cloud Manager Getting Started 118 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including Cloud NGFWs and those funded
by Software NGFW Credits
•

The other licenses and prerequisites needed

to access certain Activity Insights views are:

Cloud-Delivered Security Services (CDSS)

ADEM Observability
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Activity Insights gives you an in-depth view of your network activities across Prisma Access and
NGFW deployments. This view unifies your network data such as network traffic, application
usage, threats, and user activities in one place. Activity Insights provides visualization, monitoring,
and reporting capabilities to you carry out your tasks easily. Once you have identified the areas
that need your focus with the Strata Cloud Manager Command Center, use the context links to
navigate to Activity Insights or other dashboards for further analysis.
Activity Insights has advanced filters to help you focus on the security aspects that matter
to your deployment. The advanced reporting functionality in Activity Insights enables you to
download, share, and schedule reports from the data in the Overview tab. The report presents
data separately for each filter applied in the dashboard. Alternatively, you can schedule reports for
Activity Insights and dashboards from the Strata Cloud Manager > Reports menu.
Launch Strata Cloud Manager and click Insights ( ) to get started.

What does Activity Insights show you?

Activity Insights shows aggregated data per Strata Logging Service tenant deployed in Prisma
Access and NGFW environments. You can filter the data for a specific deployment. Activity
Insights has different tabs. Each of these tabs provides an unified view of network data in relation
to applications, users, threats, URLs, and network usage.

119
Insights: Activity Insights

• Overview—Displays the data for applications, threats, users, URLs, and sessions with the
maximum number of activities involved within the selected time range. Glance through this
view to quickly identify any irregularities within your network and then delve deeper to
examine the activities that require investigation.
• Applications—Provides an overview of all the application usage in the network, including data
transfer, application risks and ADEM capabilities to monitor application experience.
• SD-WAN Applications—Displays the performance of Prisma SD-WAN applications with details
on health score over a time range, transaction statistics, and bandwidth utilization metrics.
• Threats—Provides a holistic view of all threats that the Palo Alto Networks security services
detected and blocked in your network.
• Users—Provides deeper insights into a user’s traffic and activities, including ADEM’s
capabilities to monitor user experience.
• URLs—Displays the URLs accessed in your network, how many of them are malicious, users
and applications accessing the URLs, rules allowing the URLs in your network, and enforcement
by your security services.
• Rules—Provides insights on the security policy rules permitting the traffic generated by users
and applications, threats detected in the traffic sessions, and URLs impacting the rule.
• Regions—Displays the network traffic details in relation to applications, users, threats, and
URLs.
• Projects—Gain visibility into your Prisma Access Agent deployment by using Strata Cloud
Manager to monitor your Dynamic Privilege Access project activity.

How can you use the data from the dashboard?

Here are some ways the findings can be beneficial:
• Identify the applications you want to monitor, improve the user experience of the applications
with low scores, and control unsanctioned and risky applications.
• View the most relevant threats to your deployment and get context on the threats for
investigation.
• Refine your Security policy rules and traffic rules based on your findings from the logs to close
the security gaps.
• Monitor the user activity to detect and stop potential threats and protect misuse of sensitive
information.

Strata Cloud Manager Getting Started 120 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Overview

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including Cloud NGFWs and those funded
by Software NGFW Credits
•

The other licenses and prerequisites needed

to access certain Activity Insights views are:

Cloud-Delivered Security Services (CDSS)

ADEM Observability
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

View the summary of most seen applications, threats, users, URLs, and rules in your network for
the selected time period. Glance through this view to quickly identify any irregularities within your
network and then delve deeper to examine the activity that requires investigation. The Overview
view includes:
• Top 5 applications and application categories in your network that have the maximum activity
in terms of number of sessions, data transfer, threats detected, URLs accessed, and users who
accessed the applications. Click View all Applications to refer to the application details.

• Top 5 threats and threat categories that are most affecting the sessions, users, and
applications. View the details of sessions, users, and applications in the Log Viewer, Users, and
Applications tabs, respectively.

• Network traffic trend of blocked, allowed, and alerted sessions, the amount of data transferred,
and users generating the most traffic.

• Top 5 users with most traffic sessions, data transferred, threats found in traffic, URLs accessed,
and the user experience scores for monitored applications.

Strata Cloud Manager Getting Started 121 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Most accessed URLs along with details on session, users, and applications accessing the URLs.

• Top 5 most impacted Security policy rules configured in your deployment with filters to know
the sessions, users, URLs, threats, data transferred, applications involved in the traffic matching
the rules.

You can use the filters to view the data points you want to focus on and relevant to your
deployment. These filters are available in all the tabs of the dashboard.

Filters
Activity Insights has advanced filters to help you focus on the security aspects that matter to your
deployment. The available filters are:
• Time Range—View data for a specified time period
• Scope Selection—Data specific to a deployment: Prisma Access, NGFW
• Subtenant—The Prisma Access instance for which the data is displayed
• User Name—View activities involving an individual user
• Application—Network events concerning a specific application
• Application Type—Type of application; SaaS, internet, private
• Threat Category—Data for a particular category of threat
• Threat Action—View specific to allowed or blocked threats
• URL Risk Level—Data concerning the URLs with specific risk level; high, medium, or low
• URL Category—Filter the data based on the URL categories
• Source Location—View activity that originated from a specific location
• Destination Location—View activity targeted to a specific region
• URL—Activity related to a specific URL accessed.
• SaaS Application—Data concerning a specific SaaS application
• Sanctioned Application—View data for sanctioned or unsanctioned applications only
• Port Type—Sort traffic from applications traversing through standard or nonstandard ports
• Protocol—See traffic that uses a specific TCP, UDP, or HTTP ports
• Source Type—View activity generated from a particular device, users, or others

Time Range Selection Filter

The Time Range selection filter appears at the top of the dashboards where you want to filter
information by time range.
The time is localized, so you can filter based on the local time for your region. Data is fetched
every minute, but datapoints shown in most histograms vary according to the Time Range
selected.

Strata Cloud Manager Getting Started 122 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

For your convenience, Prisma Access lets you pick the Time Range from a few predefined ranges
or configure your own date and time range:
• Last 15 min
1 datapoint for every 3 minutes for a total of 5 datapoints.
• Last 1 Hour
1 datapoint for every 3 minutes for a total of 20 datapoints.
• Last 3 Hours
1 datapoint for every 3 minutes for a total of 60 datapoints.
• Last 24 Hours
1 datapoint for every 5 minutes for a total of 288 datapoints.
• Last 7 Days
1 datapoint for every 30 minutes for a total of 336 datapoints.
• Last 30 Days
1 datapoint for every 3 hours for a total of 180 datapoints.

Strata Cloud Manager Getting Started 123 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Custom
You can set a custom time interval (for example, date and the time example start at 5:00 pm on
June 1 and end at 4:00 pm on June 2) in addition to the prepopulated Time Range selections
available in the filter.
To set a start time, first select the date in the calendar, then select the time under Start. Apply
the start time, then set the end time by selecting an end date in the calendar and a time under
End.
Once you set a custom time range, it gets saved and applied across all widgets within Insights
that use the time range filter to display data instead of real-time data.
You can pick from prepopulated Time Range selections for custom time intervals:
• Last 15 min
1 datapoint every 3 minutes for a total of 5 datapoints.
• Last 1 Hour
1 datapoint every 3 minutes for a total of 20 datapoints.
• Last 3 Hours
1 datapoint every 3 minutes for a total of 60 datapoints.
• Last 24 Hours
1 datapoint every 5 minutes for a total of 288 datapoints.
• Last 48 Hours
1 datapoint every 30 minutes for a total of 96 datapoints.
• Last 7 Days
1 datapoint every 30 minutes for a total of 336 datapoints.
• Last 30 Days
1 datapoint every 3 hours for a total of 240 datapoints.

Reports
Click one of the icons in the Overview tab to download, share, and schedule reports from
the data in the Overview tab .

Strata Cloud Manager Getting Started 124 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Applications

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or
The other licenses needed to view the Activity
Insights:Applications tab are:

will unlock additional Prisma Access

features

Monitor the applications in your Prisma Access and NGFW setups, users using the application,
risk scores, user experience for each application, and understand the security impact posed by the
risky applications. Application Usage findings can help you to refine your security policy to control
unsanctioned and risky applications. Click Activity Insights > Applications to view the following
information:

• Applications by Risk Score—The total number of applications running in your organization

and the number of applications that are doing Good, Fair, and Poor. The applications are
categorized as Good, Fair, and Poor based on their application experience scores.
• Applications by Tag—View whether applications are approved within your organization.
From the Applications by drop-down, select Tag to see apps by Sanctioned, Tolerated, or
Unsanctioned.

Strata Cloud Manager Getting Started 125 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Application Data Transfer by—Total data download and uploaded across NGFW and Prisma
Access firewalls during the time range selected. You can filter to view data transfer originating
from the application category and flowing through the destination from the device (data center
or firewall).
• All Applications—Use this widget to see which Prisma Access applications are monitored with
synthetic tests running on them and applications running on your NGFW environments. The
table also displays their experience scores, which give you the health of each application.
• If you have a Prisma Access Browser subscription, you'll see a column for PA Browser
Events. Select the number of events, and it will redirect you to the Prisma Access Browser
management pages.
• You can also change the tag applied to Gen AI apps based on the application risk score to
reflect whether the application is approved within your organization. In the Actions column,
select the tag icon and choose the Sanctioned, Tolerated, or Unsanctioned tag and click
Apply.
•Column Description

Application Name The name of the application being monitored.

Category Application type.

App Risk Score The app risk score, with 1 being the lowest
risk and 5 being the highest risk.

Data Usage Total traffic in the infrastructure detected to

the specific application.

Avg. (Average) Throughput (App Acceleration) View average throughput

your traffic has been accelerated.

Accelerated (App Acceleration) Some or all of your

application traffic has been accelerated.

Port Port used by the application.

Tag Sanctioned, Tolerated, or Unsanctioned.

Threats Total number of threats experienced by the

application.

Users Total number of users accessing this

application during the time range specified.

URLs Total number of URLs accessing this

application during the time range specified.

Subcategory Application subcategory.

Strata Cloud Manager Getting Started 126 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Column Description

Rule Name The security policy rule name.

PA Browser Events Number of Prisma Access Browser events

accessing this application.

User Experience Application experience scores collected by

Autonomous DEM. It's aggregated across all
users monitored for this application.

Site Experience Score (ADEM) Application experience score for this

specific branch site.

Application Test Name (ADEM) The name of the test set up by the
user for this application.

Application Test Target Name (ADEM) IP address of the FQDN to which

the synthetic tests are targeted from various
endpoints.

• (Prisma Access applications only) You can download the data in the table in csv format. Click
the Manage Tests button to view all the synthetic tests that are set up for all your Prisma
Access applications in the Application Tests table. If you want to create a test to monitor an
application, click Monitor App to view Health under the User Experience column.

Strata Cloud Manager Getting Started 127 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Application Details—Select any application in the All Applications table to view general details
of the application along with details concerning application activity and application experience.

• About the app—View whether the application you selected is tagged as Sanctioned,
Tolerated, or Unsanctioned.
• App Risk—See information about this App Risk, including its risk score, ports used, and any
plugins used. Select View All Attributes for further information.
• Rules—The number of security policy rules matched against this application's traffic.
• Application ID—The application type and subcategory.
• Total Threats by Threat Type—View a graph of the number of threats by threat type that
this application faces.
• Total Users—View how many users have accessed this application during the time range
selected.
• Data Transfer—See how many times this application has been uploaded and downloaded
during the time range selected.
• Sensitive Data—Sensitive data detected by this application.
• The Activity tab shows the total number of threats seen in the application, total users
accessing the application, data transferred through the application, PA Browser Data Events,
and PA Browser Access Events.
• The following image shows Application Details about PA Browser Data Events and PA
Browser Access Events. The default view shows an Aggregate of all events and blocked
events, or you can choose to view a Breakdown by Event Type and Count.

Strata Cloud Manager Getting Started 128 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• The Experience tab shows the application experience score, score trend during the selected
time range, and network performance metrics.

If an app is a container app, then the displayed statistics are a roll-up of all the
applications in the container. For example, gmail is a container app (there is no App-ID for
gmail). It groups applications such as gmail-posting, gmail-downloading, gmail-uploading,
and so forth. The risk score set for this container app is the highest risk score found for the
contained applications. All other metrics are calculated by summing the values found for
the contained applications.

Reports—You cannot generate a report that covers the data in this view. However, you can use
the Application Usage report to view application usage data in your network. To schedule a
report, from the Strata Cloud Manager > Reports menu, click the icon and select Application
Usage from the Type drop-down.

App Acceleration
Where Can I Use This? What Do I Need?

• Prisma Access (Managed by Strata Cloud • Prisma Access license

Manager)
• Prisma Access (Managed by Panorama)

App Acceleration addresses the causes of poor application performance and acts in real time
to mitigate them, improving the user experience for Prisma Access GlobalProtect and Remote
Network users.
When your users access applications, they might experience poor application performance caused
by decreased throughput, which could be caused by degraded wireless connectivity, network
congestion, and other factors. These networking issues can adversely affect the employee
experience and reduce their productivity. App Acceleration securely builds an understanding of
the device capability, network capability, and application context to maximize throughput and
adjusts in real-time to account for changing network conditions.

Strata Cloud Manager Getting Started 129 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

In Strata Cloud Manager Command Center, go to Insights > Applications to view details about
the applications that have been accelerated in your environment. The Prisma Access Applications
table includes the Avg. (Average) Throughout column, which you see only if your user's traffic is
accelerated, and the Accelerated column, which shows that some or all of your application traffic
has been accelerated.

Go to Insights > Users to view information about the App Acceleration users in your environment.
Your users with App Acceleration enabled in their environments have the Users | Devices table,
which shows the Traffic Accelerated column. This column indicates that some or all of users'
application traffic has been accelerated.

AI-powered Autonomous DEM (ADEM) integrates with App Acceleration and provides you with
metrics such as the number of applications that were accelerated and the performance boost
gained overall. Go to SASE Health > Experience to view ADEM performance metrics in the
Accelerated Applications and Monitored Applications tabs.

Strata Cloud Manager Getting Started 130 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: SD-WAN Applications

Where Can I Use This? What Do I Need?

• license
license to view certain widgets

View the top applications which are not performing well in Prisma SD-WAN. See the determined
health score of all poor applications, list of poor applications for a tenant based on health score,
and the average health score of poor applications for the last 3 hours in 5 minutes intervals.

• Application Health Distribution—(requires WAN Clarity license) The distribution of Good, Fair,
and Poor applications for a given tenant.

Strata Cloud Manager Getting Started 131 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• TCP Application Health Distribution Over Time—(requires WAN Clarity license) The
distribution of Good, Fair, and Poor TCP applications health distribution over a period of time.
The time-series graph should be computed and refreshed based on the selected duration. For
example, supported durations are 1 hour, 3 hours, one day, seven days, 30 days, and 90 days
and the interval is 1 minute, 5 minutes, 1 hour, and one day, respectively.
• New Flows—Displays the new TCP and UDP flows for an application, a specific set of
applications, or all applications for a given period. A TCP flow is considered a new flow when
it sees the first SYN packet. A UDP flow is considered a new flow when it sees the first UDP
packet in either direction. A flow is a sequence of packets in both directions identified by the
source and destination IP, source and destination port, and the protocol.
• Bandwidth Utilization—Displays the amount of bandwidth utilized on a trail in a network. Use
the chart to identify WAN congestion in a network that may hinder application performance.
It is a visual representation of bandwidth spike, total bandwidth consumed by a particular site,
and the application; if the upload is in ingress or egress direction. Move your cursor in the
Bandwidth Utilization chart to get a more granular view of the bandwidth utilization with an
application or time-stamp. Typically, the apps are listed in order of their bandwidth utilization.
• Transaction Stats—Provides transaction statistics on TCP flows, including initiation/transaction
successes and failures for a specific application or all applications, a particular path or all paths,
and all health events.
• Applications—Lists all the applications details such as Name, Application Profile, Health Score,
Impacted Sites, Traffic Volume, Init/Failure, and Transaction/ Failure. When you click the
application name, you can see the individual App Details on a new page.

Strata Cloud Manager Getting Started 132 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Threats

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

The other licenses needed to view the Activity

Insights:Threats tab are:

CDSS licenses
will unlock additional Prisma Access
features

Get a holistic view of threat activity and various types of threats seen in your network. The tab
shows the total number of threat sessions seen in your Prisma Access, NGFW, and standalone
resolver (Advanced DNS Security Resolver) deployments, breakdown of the numbers based on
threat category and threat severity for the selected time period. You can search on a security
artifact (file hash, a URL, a domain, or an IP address (IPv4 or IPv6) associated with a threat to view
the Palo Alto Networks threat intelligence analysis and the third-party analysis findings.

Threat activity presented in Activity Insights can take up to 30 minutes to populate after
logs are forwarded to the Strata Logging service.

Review the following details of unique threats in your network:

• Threat Name—Threat signature name. Use this to find the latest Threat Vault information
about the threat including all the threat sessions during a time range.
• Threat ID—Unique threat signature ID. Use the threat ID to look up the latest information that
the Palo Alto Networks threat database has for this signature.
• Threat Category and Subcategory—The type of threats based on threat signatures (Antivirus,
Spyware (C2), and Vulnerability).
• Licenses—The Palo Alto Networks security services that detected the threat.
• Severity—The threat severity is determined based on how easy it is to exploit the vulnerability,
the impact on vulnerability, the pervasiveness of the vulnerable product, the impact of the
vulnerability, and more. The severity is categorized as:
• Critical—When vulnerability affects default installations of very widely deployed software
and the exploits can result in root compromised. The exploit code (information about how

Strata Cloud Manager Getting Started 133 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

to exploit the system code, methods, proof of concept (POC)) is widely available and easy
to exploit. The attacker doesn't need any special authentication credentials, or knowledge
about individual victims.
• High—Threats that have the ability to become critical but have mitigating factors; for
example, they may be difficult to exploit, do not result in elevated privileges, or do not have
a large victim pool.
• Medium—Minor threats in which impact is minimized, such as DoS attacks that do not
compromise the target or exploits that require an attacker to reside on the same LAN as
the victim, affect only non-standard configurations or obscure applications, or provide very
limited access.
• Low—Warning-level threats that have very little impact on an organization's infrastructure.
They usually require local or physical system access and may often result in victim privacy or
DoS issues and information leakage.
• Informational—Suspicious events that do not pose an immediate threat, but that are
reported to call attention to deeper problems that could possibly exist.
• Total Sessions—The number of sessions where the threat was detected. Click the threat name
to view all related threat sessions in the specified time range. The threat session table provides
context on the threat such as time when the Palo Alto Network security services detected the
threats, users, rules, applications, devices impacted by the threat, and action taken (allowed or
blocked) on the threat.
• Total Users—The number of users exposed to the threat.
• Allowed Threats and Blocked Threats—Action enforced on the threat. Review the action to
ensure the actions are not triggering false positives on your network.
• Actions—Log history of the threat in the Log Viewer to aid in threat investigations.
Reports—You cannot generate a report that covers the data in this view.

Strata Cloud Manager Getting Started 134 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Users

Where Can I Use This? What Do I Need?

• Prisma Access(with Strata Cloud Manager or You must have at least one of these licenses
Panorama configuration management) to use the Activity Insights:
• NGFWs(with Strata Cloud Manager or • Prisma Access
Panorama configuration management)
• Prisma Access Mobile User license
• AIOps for NGFW Free (use the AIOps
for NGFW Free app) or AIOps for NGFW
Premium license (use the Strata Cloud
Manager app)
• Strata Cloud Manager Essentials
• Strata Cloud Manager Pro
The other licenses needed to view the Activity
Insights: Users tab are:
• Strata Logging Service
• Advanced URL Filtering license
• Cloud Identity Engine license
• Advanced Threat Prevention license
• ADEM Observability will unlock additional
Prisma Access features

Monitor user activity in your Prisma Access and NGFW environment. Monitoring the user activity
helps to detect and stop potential threats, protect misuse of sensitive information, and adjust your
Security policy rule to close security gaps.
Users provides an overview of all users and hosts connected to Palo Alto Networks' security
solutions, which include Next-Generation Firewall (NGFW) and Prisma® Access. You can easily
determine a user's or host's connection status to NGFW or Prisma Access, whether at a branch
site, service connection, or remote location. You can view information about:
• The total number of unique users currently connected to Palo Alto Networks security solutions
and users connected to NGFW and Prisma Access.
• The number of users who are connected during a certain time range, broken down by users
connected through NGFW and Prisma Access.
• Agent-based users connected through NGFW and Prisma Access.
• Agent-based or browser-based Explicit Proxy users connected to NGFW and Prisma Access.
• Users connected through Enterprise Browsers.
• A list of unmanaged device users accessing Prisma Access.
• A list of users connecting from branch locations to Prisma Access.

Strata Cloud Manager Getting Started 135 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• A list of users connecting their data centers using specific service connections.

Users
In Strata Cloud Manager, go to Insights > Activity Insights > Users to view information about your
Prisma Access Agent Users, Agentless Proxy Users, Enterprise Browsers, Office Users, and Other
Hosts.

All Users/Hosts Table

The All Users/Hosts table shows all the mobile users in your environment. In the Scope Selection
drop-down, remove NGFW to view ADEM-related data. Select a User Name to go to the user's
details page, and click on the number of Threats to see threat details.
• User Name—Unique username or IP address.
• Connection Method—Access Agent, Agentless Proxy, Enterprise Browser, Office, or Other
Hosts.
• Last Device Location—Device's location by city, country.
• Threats—Number of threats the user faces. Click on the number to see threat details.
• Applications—Number of applications connected to the user.
• Data Usage—Total data usage in bytes.
• User Experience Score—ADEM user experience score.
• Endpoint Experience Score—ADEM endpoint experience score.
• Wi-Fi Experience Score—ADEM Wi-Fi experience score.
• Local Network Experience—ADEM local network experience.
• PA Experience Score—ADEM Prisma Access experience score.
• Internet Experience Score—ADEM internet experience score.
• Self Serve—ADEM Self-Serve information.

Strata Cloud Manager Getting Started 136 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Last Firewall/PA Location—Last connected NGFW name or Prisma Access location.

• Last Activity Time—Most recent date and time the user was active.

Agent Users
Agent users connect through GlobalProtect or Prisma Access Agent. Select the number under
Agent Users to view details about your agent users.

View details about your Users, User Devices, and the number of currently connected users. You
can View Trend by Users or User Devices connected to Prisma Access at the time indicated in the
timestamp. From the Scope Selection drop-down, select All, Prisma Access, or NGFW users to
refine the data that appears. If you have an Autonomous DEM (ADEM) license, you can remove
NGFW from the drop-down to view ADEM-related data.
Baselines in Widgets
If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly
onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.

Strata Cloud Manager Getting Started 137 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Access Agent Users Graph

Hover over the trend line in the Access Agent Users chart to observe the number of Connected
Users or Connected User Devices and the corresponding connection time.
Monitored Users
If you have an AI-Powered ADEM license, you can view the number of users monitored by
Autonomous DEM (ADEM) and the number of monitored user devices. This widget appears only
when you have disabled NGFW from the Scope Selection drop-down.
• Monitored Users—Total number of users monitored by ADEM.
• Average User Experience Score—Experience score aggregated across all users monitored on
ADEM. See how many users have a Good (green), Fair (orange), or Poor (red) experience score.
• Monitored User Devices—Total number of user devices monitored by ADEM.

Agent Risky Users

View the number of agent users affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.

Strata Cloud Manager Getting Started 138 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

View More Details for Access Agent Versions

Select View More Details for: Access Agent Versions shows the access agent versions that your
users’ devices are using to connect to Prisma Access. Select GlobalProtect or Prisma Access
Agent to see the total Number of Connected Devices as well as the Version and Number of
Connected Devices during the last 30 days. Use the data displayed to enforce compliance with
the latest GlobalProtect or Prisma Access Agent versions.

View More Details for IP Pool Utilization

Static IP pools provide an alternate means of allocating IP addresses to the agent users. To view
IP pool utilization by different IP pool allocation theaters based on the number of connected users
at that time, select View More Details for: IP Pool Utilization. The IP pool utilization percentage
on the graph is the number of IP pool blocks used out of all the IP pool blocks that are available
across all the subnets. You can proactively add subnets when you see an IP pool bar approaching
the maximum capacity for any region.
IP Pool Utilization Details
Current IP Pool Utilization—One IP pool address block is a /24 subnet and has 254 IP addresses.
Allocation of a pool block counts toward utilization; however, allocating a pool block does not
mean that all IP addresses are in use. There are still available pool blocks that can be allocated
to new or existing mobile user gateways as needed. You can view IP pool utilization per pool
locations and subpool regions.

Strata Cloud Manager Getting Started 139 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• IP Pool Allocation—The IP pool utilization percentage on the graph is the number of IP pool
blocks used out of all the IP pool blocks that are available across all subnets. You can add
subnets when you see an IP pool bar approaching the maximum capacity for any region.
• Static IP Address Allocation provides an alternate means of allocating IPs to the agent users.
IP Pool Details shows IP pool utilization displayed under the IP Pool Name that comes from
the static IP pool configuration. Total IP Pool Profiles shows the number of utilized profiles in
the IP pool, and Total Unused IP Addresses shows the number of unused IP addresses in the IP
pool.
The IP Pool Details table shows:
• IP Pool Name—Unique IP pool name.
• Total IP Addresses—Total number of users in the IP pool.
• Active IP Addresses—Total number of active users in the IP pool.
• Peak Utilization Status—Highest percentage of use for the IP pool during the selected Time
Range.
• Last IP Assignment Timestamp—Most recent time the IP pool was active.

Strata Cloud Manager Getting Started 140 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Access Agent Users Table

The Access Agent Users table shows Users or User Devices.
Users
• Current Connected—Turn Current Connected ON to view connected users only. Turn it OFF
to see all of your users.
• User Name—Unique username.
• User Devices—Number of devices associated with the user.
• Applications—Number of applications connected to the user.
• Threats—Threats information for the user.
• Data Usage—User's data usage.
• Last Login Time—Last date and time the user logged in.
User Devices
• Current Connected—Turn Current Connected ON to view connected users only. Turn it OFF
to see all of your users.
• Agent Type—Filter information by GlobalProtect or Prisma Access Agent.
• Source IP Address—Unique IP address.
• OS Family/Version—OS family and version to which the device belongs.
• User Experience Score—Overall application experience score of your users.
• Last Device Location—Device's location by city, country.
• Last Firewall/PA Location—Last connected NGFW name or Prisma Access location.
• ISP Name—Unique ISP name.
• Last Activity Time—Most recent date and time the user was active.
• Connectivity Mode—Tunnel, Proxy, or Tunnel and Proxy.
• Self Serve Notifications—(ADEM only) Number of Self-Serve notifications sent to the user's
device.

Strata Cloud Manager Getting Started 141 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Self Serve Status—(ADEM only) Enabled or disabled on the device.

Click on any username to view information about the user's Activity, Connectivity, and
Experience.
Agent User Activity
See the user's Total Threats, Threats by Risk Level, Unique Threats, Web Browsing Summary,
and Application Summary during the selected time range.
Unique Threats provides details about the threats this user faced during the time range selected.

The Web Browsing Summary shows details about the URLs the user has visited.

Strata Cloud Manager Getting Started 142 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Overview shows the number of unique URLs that the user has visited, Severity of URLs (High,
Medium, or Low), and the number of Malicious URLs the user has visited.
Most Visited Sites shows the most visited sites in order of number of times visited, Site
Category, Risk Level, and number of Sessions, or visits the user made to this site.

• Blocked shows the number of Blocked URLs the user tried to access, the Severity of Blocked
URLs (High, Medium, or Low), Malicious Blocked URLs, and Blocked URLS with Most Visited
Sites.
• Sessions shows:
• Total Hits—The number of times the user has accessed websites.
• Category Session Breakdown—Breaks down the types of sites the user visited.
• Top URL Categories for Sessions—The top categories, in order, that the user visited.
• Data Transfer shows the Total Data Transferred, Category Data Transfer Breakdown, and Top
URL Categories for Data Transfer table that shows Category, Unique URLs for each category,
and Data Transferred, in MB, for each category.
Application Summary shows information about the user's applications during the selected time
range.

Strata Cloud Manager Getting Started 143 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Activity—The user's number of Total Apps, Applications by Risk Score, Top App Categories,
and a list of All Applications that shows each one's App Risk score. App risk scores are ranked
in numerical order from high (5) to low (0).

• Blocked—The user's Total Blocked Applications, Total Allowed Applications, and the Total
Blocked Applications table that shows a list of blocked applications by Application Name and
Rule.
• Sessions—Details about each time the user accessed each application. You can view the user's
number of Total Sessions, Category Sessions Breakdown, and the Top Used Applications,
which shows the number of user sessions for each application during the selected time range.
• Data Transfer—The Total Data Transferred, Category Data Transfer Breakdown, and Top
Applications with Data Transferred by Application Name and Data Transferred in MB.
Agent User Connectivity
Understand your user's device connectivity by reviewing the Connected User's Device Trend
chart, Connected User's Devices, and User Login & Logout Events on all devices.

Strata Cloud Manager Getting Started 144 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• The Connected Devices User Trend chart illustrates the number of devices that connect at
specific times during the selected time range. Hover over a point in the chart to view the
number of devices connected at that date and time.
• The Connected User's Devices table shows details about each of the user's connected devices,
by device name:
• Last User Source IP Address—Most recent user source IP address.
• Last Private IP—Most recent private IP address.
• Last User Location—User's most recent location.
• Last Login Time—Date and time the device last logged in.
• Last Logout Time—Date and time the device last logged out.
• Last Session Duration—How long the most recent session lasted.
• Auth Type—Auth type used.
• OS Family/Version—OS family and version used by the device.
• Agent Version—Agent version used by the device.
• Firewall/Location—Firewall or location used by the device.

Strata Cloud Manager Getting Started 145 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• The User Login & Logout Events table gives details about the device's login and logout events:
• User Source IP Address—Device's user source IP address.
• Private IP—Device's private IP address.
• User Location—Device user's location.
• Login Time—Date and time the device is logged in.
• Logout Time—Date and time the device is logged out.
• Session Duration—How long the session lasted.
• Auth Type—Auth type used.
• OS Family/Version—OS family and version used by the device.
• Agent Version—Agent version used by the device.
• Firewall/Location—Firewall or location used by the device.
• Agent Type—Agent type used.

Agentless Proxy Users

Select the number under Agentless Proxy Users to view details about your agentless proxy
(formerly Explicit Proxy) users.

Active Agentless Proxy Users Graph

Hover over the trend line in the Active Agentless Proxy Users chart to observe the number of
Active Users and the corresponding connection time. View the total number of Active Users
connected through agentless proxy.

Strata Cloud Manager Getting Started 146 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Agentless Proxy Risky Users

View the number of users affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.

Agentless Proxy Users Table

The Agentless Proxy Users table lists your agentless proxy users by User Name.
• Last Source Location—The source's last city and country.
• Last Used PA Location—The last used Prisma Access location.
• Source IP—The source IP address.
• Last Login Time—The most recent time the agentless proxy user logged in.
• OS Family/Version—OS family and version.
• Browser Name—Name of the browser used.
Click on any username to view information about the agentless proxy user's Activity and
Connectivity.
Agentless Proxy User Activity
Hover over the trend line in the Active User Session Trend chart to observe the number of
connected users and the corresponding connection time.
View all User Login & Logout Events details:
• User Source IP Address—Device's user source IP address.
• User Location—Device user's city and country.
• Login Time—Date and time the device last logged in.
• PA Location Used—Prisma Access location.
• Bytes Sent—Number of bytes sent.
• Bytes Received—Number of bytes received.

Enterprise Browser Users

Prisma Access enables secure communication between third-party enterprise browsers and
Prisma Access for accessing SaaS and private web applications, with network admins needing
visibility and necessary connectivity information for troubleshooting. Select the number under
Enterprise Browser Users to view details about your users connected through Enterprise
Browser. If you have multiple enterprise browsers, Enterprise Browser Users shows the
cumulative user count connected to multiple enterprise browsers within the environment.

Strata Cloud Manager Getting Started 147 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Enterprise Browser Users

View the number of Enterprise Browser users. Hover over the trend line in the Enterprise
Browser Users chart to observe the number of Active Users and the corresponding connection
time.

Enterprise Browser Risky Users

View the number of Enterprise Browser users affected by threats. The Up or Down arrow
compares this time range with a previous time range to determine the difference, in percentage,
of the number of connected devices.

Enterprise Browser Users Table

The Enterprise Browser Users table shows the following Users details.

• User Name—Unique username.

• Browser Type—The type of browser user is accessing. It can be Enterprise Browser or any
supported third-party browser.
• Browser Version—The version of the browser being used by the user.
• Last Source IP—Most recent user source IP address.
• Last Source Location—The source's last city and country.
• Last Used PA Location—The last used Prisma Access location.
• Last Activity Time—Most recent date and time the user was active.
Select any username to view information about the user's Activity and Experience.

To view the specific information related to your enterprise browser, use Connection
Method. You can select Enterprise Browser or any other supported third-party enterprise
browser.

Office Users
Office users physically occupy the office and connect internally. Even if they are not using
GlobalProtect or Enterprise Browser, they can still connect to internal applications such as

Strata Cloud Manager Getting Started 148 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Confluence or Jira. Branch users are included in the Office Users category. Select the number
under Office Users to view details about your users connected through Enterprise Browser.

Office Users Graph

Hover over the trend line in the Office Users chart to see connected Office Users and when they
were connected. View the total number of active office users.

Office Users Risky Users

View the number of office users affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.

Office Users Table

The Office Users table shows office users by User Name.
• Connection Method—Method through which the user connects.
• Last Device Location—Device's location by city, country.
• Threats—Number of threats the user faces.
• Applications—Number of applications connected to the user.
• Data Usage—Total data usage in bytes.
• Last Firewall/PA Location—Last connected NGFW name or Prisma Access location.
• Last Activity Time—Most recent date and time the user was active.

Strata Cloud Manager Getting Started 149 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Other Hosts
The Other Hosts category shows IP addresses with traffic on the network, such as users' private
mobile phones that are not connected through GlobalProtect or internally as an office user.
Information for other hosts falls into two categories: internal and external hosts accessing
resources on the internet. Internal hosts serve on-site users, such as guests or employees using
their mobile phones in the office, and external hosts serve users, such as people visiting your
enterprise website.
Select the number under Other Hosts to view details about your other hosts.

Other Hosts Graph

Hover over the trend line in the Other Hosts chart to see the number of connected IP addresses,
or other hosts and the date and time they were connected. View the total number of active other
hosts.

Other Hosts Risky Users

View how many other hosts are affected by threats. The Up or Down arrow compares this time
range with a previous time range to determine the difference, in percentage, of the number of
connected devices.

Other Hosts Table

The Other Hosts table shows other hosts by IP address.
• User Devices—Number of devices associated with the user.
• Applications—Number of applications connected to the user.

Strata Cloud Manager Getting Started 150 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

• Threats—Threats information for the user.

• Data Usage—User's data usage.
• Last Activity Time—Date and time of the user's most recent activity.

IPv6 for Mobile Users

If you use IPv6 networking in your Mobile Users - GlobalProtect deployment, you can configure
Prisma Access to use IPv6 addresses in your mobile user networking. You also need to enable
IPv6 networking globally in your Prisma Access infrastructure before you can use IPv6 addressing.
With IPv6 in your GlobalProtect deployment, the Users | Devices table shows either an IPv4 or
IPv6 address in the Source IP Address column.

Select any connected user to see information about their devices' trend. The Connected User's
Devices table shows data about a user's devices, including the Last User Source IP Address and
Last Private IP, both of which can include IPv4 and IPv6 addresses for a single device entry.

You can view IPv6 address information in the User Login & Logout Events table. The User Source
IP Address and Private IP Address columns show either an IPv4 or IPv6 address.

Strata Cloud Manager Getting Started 151 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Domains

Where Can I Use This? What Do I Need?

• Prisma Access You must have at least one of these licenses

to use the Activity Insights:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Free (use the AIOps
for NGFW Free app) or AIOps for NGFW
(with Strata Cloud Manager or Panorama
Premium license (use the Strata Cloud
configuration management)
Manager app)
Strata Cloud Manager Essentials
Strata Cloud Manager Pro

The other licenses needed to view the Activity

Insights: Domains tab are:
Strata Logging Service
Advanced URL Filtering license
Advanced DNS Security or Advanced DNS
Resolver license

The Domains page consolidates information to provide a unified view of domain activity. This
view summarizes the domain and URL activity in your Prisma Access, NGFW, and standalone
resolver deployments that the Advanced URL Filtering, Advanced DNS Security, and Advanced
DNS Security Resolver services have detected. You can get visibility into the total number
of domains detected in your network during the specified time period, the breakdown of
these domains by category and risk level, and use the filtering options to filter the view in the
dashboard.

Domain activity presented in Activity Insights can take up to 30 minutes to populate after
logs are forwarded to the Strata Logging service.

Use the data to:

• Identify the most accessed domain categories, unique domains within each category, and
domain history in your network along with global analysis findings. Based on the malicious
domains filtered by the URL Filtering and DNS Security services, these domain categories are

Strata Cloud Manager Getting Started 152 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

likely to expose your network to malicious and exploitative content. It's a best practice to block
these domains and URL categories.
• Review the high-risk domains, their impact on users, applications, and rules. High-risk domains
are not always malicious; however, they might still expose your network to threats. Consider
targeting these sites with strict decryption and Security policy rules.
• Analyze domain information from both URL Filtering and DNS Security, providing a
comprehensive view of domain activity across your network.
• Examine malicious domains detected by both services to enhance your threat prevention
strategies.
• (Advanced DNS Security Resolver) You can constrain the scope of the search to display
domains that have been processed by the Advanced DNS Security Resolver.
Reports—You cannot generate reports that cover the data in this view.

Strata Cloud Manager Getting Started 153 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Rules

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

The other licenses needed are:

View the Security policy rules that are matched against all the traffic in your network. Security
policy rules determine whether to block or allow a session based on traffic attributes, such as the
source and destination IP address, the application, the user, and the service. All traffic passing
through your network is matched against a session and each session is matched against a Security
policy rule. When a session match occurs, the Security policy rule is applied.

The dashboard shows the following details of the network event matching the Security Policy
rule:
Traffic sessions, data transferred, threats detected in the sessions, users impacted, URLs browsed,
and applications accessed. Review the most matched rules to the traffic sessions, analyze those
sessions to understand if the rule is overly permissive and optimize the rule if required.
Reports—You cannot generate reports that cover the data in this view.

Strata Cloud Manager Getting Started 154 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Regions

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

The other licenses needed are:

These are the regions from which the traffic originated in your network. The view provides
information on threats, users, URLs, network sessions, and data transfer originating from these
locations. You can also drill down to know the targeted location of the traffic. Click Actions to
view the traffic logs for the session. You can use the data to identify and narrow down regions
that are targets for threats attempting to infiltrate your network. Optimize the rule that applies to
the targeted regions.

There are filtering options to narrow down the traffic to and from a specific source and
destination regions. The other filtering options include:
• Traffic observed in a specific deployment; Prisma Access, NGFW
• Traffic to and from sanctioned or unsanctioned applications
• Traffic using specific port and protocols
• Traffic involving specific threat types, threat category, URL, and URL category
Reports—You cannot generate reports that cover the data in this view. However, you can utilize
the Network Usage report to view details about your network traffic. To schedule report, from
the Strata Cloud Manager > Reports menu, click the icon and select Network Usage from the
Type drop-down.

Strata Cloud Manager Getting Started 155 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Activity Insights: Projects

Where Can I Use This? What Do I Need?

• You must have at least one of these licenses

(with or configuration management)
to use the Activity Insights:
• NGFWs
(with or configuration management)
or

Gain visibility into your Prisma Access Agent deployment by using Strata Cloud Manager to
monitor your Dynamic Privilege Access project activity.

• The Projects table provides an overview of the projects your Dynamic Privilege Access users
access using Prisma Access. Select any project's name to view its details page.
• The project's details page shows:
• Overview—See the maximum allowed users and the peak number of users during the
selected time range for this project.
• IP Pools Utilization—View the number of IP addresses in use and the number of IP
addresses that are still available for the pools in this project.
• Connected Users—View a graph of the users connected during the selected time range.
• Connected Users by Location Group—See the number of users by the Prisma Access
location group they're in.

Strata Cloud Manager Getting Started 156 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Insights: AI Access
Where Can I Use This? What Do I Need?

• One of the following licenses:

(with or configuration management)
license
• NGFWs
CASB-PA license
(with or configuration management)
CASB-X license
For more information on licenses that support
AI Access Security, click here.

Generative artificial intelligence (GenAI) applications are AI applications capable of generating

text, images, videos, and other forms of data in response to user prompts and continuously learn
based on user data inputs. Their usage is proliferating at an astonishing rate and offer limitless
opportunities for businesses. However, the nature by which GenAI applications contentiously
improve presents a new danger to businesses and security administrators—how can you ensure
your employees are not exposing sensitive or proprietary data to GenAI apps?
Palo Alto Networks introduces AI Access Security to enable safe adoption of GenAI applications
across your organization.
Use the AI Access Security Insights dashboard to filter the GenAI application usage on your
network. The AI Access Security Insights dashboard provides in-depth details to help you
understand which GenAI apps are being used and by who.

To learn more about how to secure your sensitive data from GenAI applications, click
here.

Strata Cloud Manager Getting Started 157 ©2025 Palo Alto Networks, Inc.
Insights: Activity Insights

Insights: Prisma AIRS Runtime

Where Can I Use This? What Do I Need?

• Activate Your AI Runtime Security License

(with or configuration management)
AI Runtime Security Setup Prerequisites
• NGFWs
Onboard and Activate a Cloud Account in
(with or configuration management) SCM

Palo Alto Networks Prisma AIRS is a purpose-built centralized security solution to protect your
organization’s cloud network architecture from AI-specific and conventional network attacks
by leveraging real-time, AI-powered security. It secures your next-generation AI models, AI
applications, and AI datasets from network threats such as prompt injections, sensitive data
leakage, insecure output (for example, malware and URLs), and model DoS attacks.
Use the AI Runtime Security Insights dashboard to understand your cloud network attack surface
and defend your cloud assets against malicious threats.

To learn more about how to secure your AI and non-AI network traffic flow from potential
attacks, see Prisma AIRS documentation.

Strata Cloud Manager Getting Started 158 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

to access certain Dashboards are:
Cloud-Delivered Security Services (CDSS)
ADEM Observability
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager provides a set of interactive dashboards that give you a comprehensive
view of the applications, ION devices, threats, users, and security subscriptions at work in
your network. The dashboards provide visibility into the health, security posture, and activity
happening in your deployment that helps you to prevent or address performance and security
gaps in your network. Dashboard support extends across the Palo Alto Networks products
and subscriptions that are supported for cloud management, and from other sources as well,
including Traps, Cortex XDR, Prisma SaaS, and Proofpoint. The data you see often depends on
your subscription. You can review each dashboard topic to see what the license requirements are
for that dashboard, if role permissions might impact what data is visible, and to learn about the
different types of data that each subscription unlocks.
You can access dashboards from the Dashboards menu on the left navigation pane. The SASE
Health dashboard is pinned to the landing page by default. Click More Dashboards and select or
clear the check box beside a dashboard name to pin or unpin the dashboard to the Dashboard
landing page. You can also build your own dashboard using the Build My Dashboard option. Some
of the dashboards also have the option to download and share reports that you can share offline
and schedule for regular updates. To see if reports are supported for a dashboard, check for these
icons:

159
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 160 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Integrate with Cloud Identity Engine

We recommend setting up Cloud Identity Engine (Directory Sync) to get the most out of
dashboards. Cloud Identity Engine is a free Palo Alto Networks app that gives other apps read-
only access to your Active Directory information, and enables you to:
• Get User Activity data—Cloud Identity Engine enables you to specify the user for whom you
want to run a report.
• Easily and securely share reports with other members of your organization—After Cloud
Identity Engine is set up, you can easily add recipients to a scheduled report. Your report
recipients are checked against Cloud Identity Engine, and if no match is found, it performs an
additional validation by checking the email address domain against those associated with your
support account. This process ensures that reports are only sent to individuals within your
organization.
Integrated apps must be deployed in the same region. At any time, you can go to the hub to
integrate Cloud Identity Engine with Prisma Access or Directory Sync. ➡ Integrate Palo Alto
Networks apps

Strata Cloud Manager Getting Started 161 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Support for Dashboards

Some of the dashboard supports in the product are pending migration to
Strata Cloud Manager.

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)

• Docs for Prisma • Docs • Docs

Access (Managed for for
by Strata Cloud AIOps Prisma
Manager) and Prisma for SASE
Access (Managed by NGFW Multitenant
Panorama) Platform

SASE Yes Yes Yes • ADEM

Health Observability
• AI-
Powered
ADEM

Best Yes No PAN-OS Yes [Only for • Prisma Access (Manage

Practices versions: AIOps for NGFW] per
10.0 or Enable tenant
later telemetry
• AIOps for NGFW:
sharing in
per
devices
NGFW/
Panorama
associated
with
AIOps for NGFWinstan

Compliance No No Yes No [Only for AIOps for

Summary AIOps for NGFW: per
NGFW] NGFW/
Enable Panorama
telemetry associated
sharing in with AIOps
devices for NGFW
instance

Strata Cloud Manager Getting Started 162 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)

On No No Yes No Tech AIOps for

Demand Support File NGFW: per
BPA (TSF) NGFW/
Panorama
associated
with AIOps
for NGFW
instance

Executive Yes Yes Yes Yes • Strata Per Strata

Summary Logging Logging
Service Service
license tenant
• Threat
Prevention
license
• URL
Filtering
license
• WildFire
license
• Enterprise
DLP
license

WildFire Yes No Yes Yes** WildFire Per tenant

license service
group (TSG)

DNS Yes Yes Yes Yes** DNS Per tenant

Security Security service
license group (TSG)

Log Yes Yes Yes Yes Strata Per Strata

Viewer Logging Logging
Service Service
license tenant

IOC Yes No Yes Yes** Requirements

Search to view

Strata Cloud Manager Getting Started 163 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)
trend graph
in search:
• DNS
license
• WildFire
license
• Strata
Logging
Service
license
• URL
Filtering

Download/ Yes Yes Yes Yes Refer to

Share/ respective
Schedule feature
column in
this table

Saas Yes No No No • Saas Per

Security Security Prisma Access
license tenant
• Strata
Logging
Service

DLP Yes No No No Enterprise Per

Incidents DLP license Prisma Access
tenant

Device No No Yes No • [Only for AIOps for NGFW:

Health per NGFW/
AIOps for NGFW]
Enable Panorama
telemetry associated
sharing in with
devices AIOps for NGFW
instance

Strata Cloud Manager Getting Started 164 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)

Security No No Yes No AIOps for NGFW:

Posture per NGFW/
Insights Panorama
associated
with
AIOps for NGFW
instance

Advanced No No Yes No • Threat Per Strata

Threat Prevention Logging
Prevention or Service
Advanced tenant
Threat
Prevention
license
• Strata
Logging
Service

IoT Yes Yes Yes No IoT Security Per

Security license IoT Security
tenant

Prisma SD-WAN
No No No Yes Prisma SD-WAN
Per
license Prisma SD-WAN
tenant

PAN-OS No Yes Yes [Only for • AIOps for

CVEs AIOps for NGFW:
NGFW] per
Enable NGFW/
telemetry Panorama
sharing in associated
devices with
AIOps for
NGFW
instance
• PSIRT
Database
of CVEs

Strata Cloud Manager Getting Started 165 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Feature Supported on Licenses Scope of

and Other Aggregated
Prisma Prisma AIOps for NGFW*
Prisma
Requirements Data
Access Access SASE
( Managed (Managed Multitenant
by Strata by Platform
Cloud Panorama )*
Manager)
using API
access

CDSS Yes Yes Yes [Only for AIOps for

Adoption AIOps for NGFW: per
NGFW] NGFW/
Enable Panorama
telemetry associated
sharing in with AIOps
devices for NGFW
instance

Feature No Yes Yes [Only for AIOps for

Adoption AIOps for NGFW: per
NGFW] NGFW/
Enable Panorama
telemetry associated
sharing in with AIOps
devices for NGFW
instance

Prisma Access (Panorama Managed)* -

• For Prisma Access (Panorama managed) users with Strata Logging Service hosted in the non-
Americas region, you need to provide consent to allow Prisma Access to read and process data
from the Strata Logging Service in the non-Americas region. Review and accept the privacy
notice on the Dashboard home page to provide your consent and view more dashboards and
logs. Only app, instance, and account administrators can see and accept the privacy notice.
• Dashboards are not supported in Prisma Access (Panorama managed) multi-tenant
environment.
Yes*—Yes means all versions of Prisma Access and PAN-OS are supported.
Yes**—In the multitenant platform, tenants are identified as tenant service groups (TSGs) and
assigned with TSG ID. A single or multiple tenants can be associated per Customer Support Portal
(CSP). The data shown in the dashboard depends on the following scenarios:
• Your app from which you access the dashboard needs to be TSG supported and accessed
through the SASE platform or the tenant view on the hub.
• You have associated devices with your tenant using Common Services in the hub.

Strata Cloud Manager Getting Started 166 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Verify if your tenants have one-to-one or many-to-one mapping with CSP.

• If your tenants have one-to-one mapping with CSP, you can view dashboard data across all
sources (for example, in WildFire dashboard, data across samples from Palo Alto Networks
firewalls, Prisma Access, Cortex XDR, Prisma SaaS, Proofpoint and manual uploads are
shown).
• If multiple tenants are associated per CSP, the dashboard shows data from only Prisma
Access, Palo Alto Networks firewalls, and Panorama appliances associated with specific
tenants and not from other sources.
AIOps for NGFW*—The dashboards available in AIOps for NGFW depend on whether you have a
Free or Premium license tier.

Strata Cloud Manager Getting Started 167 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Build a Custom Dashboard

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
Licenses to unlock certain widgets in the
dashboard
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Apart from the default dashboards, you can create custom dashboards to get visibility into
areas of your interest in your network using widgets. Widgets are components used to create
a dashboard. Widgets are categorized and stored in the widget library. Click Dashboards > +
and select a category from the drop down list to view the widgets.. The widgets available in
the widget library depend on your security services subscriptions. For example, if you have
AIOps for NGFW Premium and Advanced WildFire licenses, you can view and use all the widgets
under WildFire category to create dashboard.
These are the widget categories available to create a dashboard. Refer to the links below to know
the license requirements to access widgets under these categories and learn about them.
• Dashboard: Advanced Threat Prevention
• Dashboard: DNS Security
• Dashboard: WildFire

Create a Dashboard
You can add up to 10 widgets in a custom dashboard and create 10 custom dashboards per
user. The dashboard and widgets can be customized at any time. You can customize the widget
tile, description, show or hide filters, dashboard settings such as layout, dashboard name, and
descriptions, and also include filters in the dashboard.

Strata Cloud Manager Getting Started 168 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

STEP 1 | Click Dashboards > +.

STEP 2 | Enter a name for the dashboard.

STEP 3 | Select a widget category from the Widget Library drop-down.

STEP 4 | Add the widget to the dashboard: Hover over the widget to learn about the widget. Drag and
drop the widget to the dashboard canvas.
You can add more widgets of the same or different types from another widget category to the
dashboard canvas.

STEP 5 | Switch between the Sample Data and Real Data view to know how your dashboard
widget looks. Sample data helps you visualize how your dashboard will look and what type
of information you can see. Use the Real Data option to view the actual data for your
deployment.

STEP 6 | (Optional) You can customize the dashboard in the editor view:
• Rearrange the widgets in the dashboard - select the widget and drag and drop where
required in the canvas.
• Edit a widget using the edit icon at the top-right corner of each widget. Editable settings
vary by widget type — for example, name, description, and data filtering options like verdict
and action.

You can edit the widget settings in the editor view or after you save the dashboard.

STEP 7 | Save the dashboard and click Go to see dashboard at the top of the page to open the
dashboard.

Strata Cloud Manager Getting Started 169 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

STEP 8 | (Optional) After you save the dashboard, you can:

• change the time range for which you want to view the dashboard data.

You can change the time only after you save the dashboard. In the editor view, the
time range defaults to 24 hours.
• use the edit or delete icon to modify or delete the custom dashboard.

Strata Cloud Manager Getting Started 170 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Device Health

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > Device Health to get started.

What does this dashboard show you?

The dashboard shows the aggregated data for all firewalls onboarded to your tenant and
are also sending telemetry data.

The Device health dashboard shows you the cumulative health status and performance of
your deployment based on the health scores of the onboarded NGFWs. The device health is
determined by the severity of the health score (0-100) and its corresponding health grade (good,
fair, poor, critical). The health score is calculated based on the priority, quantity, type, and status
of the open alerts.

How can you use the data from the dashboard?

This dashboard helps you:

Strata Cloud Manager Getting Started 171 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Understand the deployment improvements that you have made over a period by looking at the
historical health score data.
• Narrow down devices that require attention in your deployment and prioritize the issues to
resolve them.

The report functionality (download, share, and schedule report) is not supported for this
dashboard.

Device Health Dashboard: Device Health Scores

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > Device Health to view the dashboard.

The dashboard widget shows:
• The total number of onboarded NGFWs.
• The number of devices that have not sent telemetry data for over 12 hours.
• The severity of the health score for the onboarded devices in your deployment. Click the
numeric link to view detailed information about the device, including health statistics and alerts
that require attention.

Device Health Dashboard: Device Statistics

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or

Strata Cloud Manager Getting Started 172 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > Device Health to view the dashboard.

Top Unhealthy
These are the devices with most health and performance issues in your deployment. You can also
drill down to view the device details and the alerts on the device. Fix the critical alerts to improve
the health score and deployment health.
Top Improving
View the top 10 devices over the 30 days time period with improved health scores compared to
the current health scores of the devices.
Top Worsening
Review the device health over the 30 days time range. These are the top 10 devices with the
declined health scores compared to the current health scores of the devices.

Device Health Dashboard: Score Trend

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > Device Healthto view the dashboard.

Strata Cloud Manager Getting Started 173 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

The chart shows the health trend of your deployment for the selected time period. Hover over the
trigger point to know the devices that are contributing to the health score severity. You can view
trends for one or more devices filtered by the hostname, model, or software version.

Strata Cloud Manager Getting Started 174 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Executive Summary

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

• Click Strata Cloud Manager > Dashboards > More Dashboards > Executive Summary to get
started.

What does this dashboard show you?

The dashboard shows aggregated data per Strata Logging Service tenant.

The Executive Summary dashboard shows you how your Palo Alto Networks security
subscriptions are protecting you. This report breaks down malicious activity in your network
that these subscriptions are detecting: WildFire, Advanced Threat Prevention, Advanced URL
Filtering, and Enterprise DLP. The dashboard shows data for each of these service with links to
security services dashboards to dive deeper for further investigation.
This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.

Strata Cloud Manager Getting Started 175 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

How can you use the data from dashboard?

• Review all the malicious activity that the active Palo Alto Networks subscriptions are detecting.
See if you need to refine the subscription settings or security rule settings to close any security
gaps.
• Shows you industry data to gives you perspective on the threat landscape you’re facing and
how you stack up against your peers.
The dashboard provides the following data.

Executive Summary This report gives you the numbers on the malicious activity your
Dashboard: Your Security subscriptions are detecting and preventing:
Subscriptions
• high-risk applications
• severe threats (exploits, malware, and C2)
• malicious web activity
• file-based threats (including never-before-seen threats)
• data loss

Strata Cloud Manager Getting Started 176 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Executive Summary Review the traffic logs for high-risk applications and
Dashboard: Application see how you can strengthen the security posture.
Usage

Executive Summary Examine the security policy rules that allow most threats.
Dashboard: Advanced Review these rules to see where you can enable stricter threat
Threat Prevention enforcement. Learn more.

Requires
Advanced
Threat
Prevention
license.

Executive Summary Review the malicious web activity in your

Dashboard: URL Filtering network, particularly the number of malicious web

Requires
Advanced
URL
Filtering
license.

Strata Cloud Manager Getting Started 177 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

sites that your users are attempting to access.

Peer data in this dashboard gives you a view into your industry’s
threat landscape and how your security coverage compares
to similar organizations. This industry data is also shown for
subscriptions you’re not using; this helps you to see if there are
places where you can increase coverage to close security gaps.
Here’s a close-up of the kind of data this dashboard
provides—here, you can see the work WildFire is doing
to protect your network and your industry. Learn more. ➡
Executive Summary
Dashboard: WildFire

Requires
Advanced
WildFire
license.

Executive Summary See how your Palo Alto Networks Enterprise DLP service is
Dashboard: Enterprise protecting your data by enforcing data security standards. The
DLP dashboard gives insights into the applications to which most
uploads are prevented by DLP and the total number of files that
Requires are blocked by DLP in your network. You can also use this data to
Enterprise compare with your industry peers and benchmark your security
DLP license. posture standards.
Review the applications and source usernames to better
understand where the DLP incidents originated and manage them.

Strata Cloud Manager Getting Started 178 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 179 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: WildFire
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > WildFire to get started.

Strata Cloud Manager Getting Started 180 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

What does this dashboard show you?

The dashboard shows aggregated data per tenant service group (TSG). The dashboard
shows data across Prisma Access, Palo Alto Networks firewalls, and Panorama appliances
associated with your tenant, provided your tenants have a one-to-one mapping with
your Customer Support Portal account. The dashboard does not show data from other
sources if multiple tenants are associated per Customer Support Portal.

The WildFire dashboard shows you how WildFire is protecting you from net new malware that’s
concealed in files, and executables. This dashboard supports reports. These icons, in the
top right of a dashboard indicate that reports are supported for this dashboard. You can share,
download, and schedule reports that cover the data this dashboard displays. Before you can
access the Strata Cloud Managerdashboards, you must first activate and onboard as well as
configure your NGFW and/or Prisma Access to forward submission logs to Palo Alto Networks.

How can you use the data from the dashboard?

Use this dashboard to:
• monitor WildFire submissions and get details of WildFire samples submitted to WildFire cloud
for analysis.
• view details of targeted users, the applications that delivered the files, the firewalls that
submitted the samples for analysis, and all URLs involved in the command-and-control activity
of the files.

WildFire Dashboard: Filters

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

The WildFire dashboard provides a variety of filter options to narrow down on specific data from
the dashboard.

Strata Cloud Manager Getting Started 181 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Time range—Set the time-frame for which you want to display data. Select from the Last 24
hours, Past 7 days, Past 30 days, or custom time range.
• Tenant Name—View the tenant for which the dashboard data is displayed.
• Cloud—Filter data based on the available Advanced WildFire cloud regions.
• Sample Source—Filter data based on the devices that are submitting samples to the Advanced
WildFire cloud for analysis. The options include NGFW-All, Prisma Access-All, and Prisma
Access-Mobile.

The quantity of WildFire samples submitted from Prisma Access-All that are visible in
the dashboard is dependent on the version of Prisma Access.
• Sample Type—Filter data based on a specific sample type, either File or Link.
• Total/Unknown—Filter data based on the unknown sample status when initially submitted to
the Advanced WildFire cloud for analysis (previously unknown samples). These also include the
total number of samples that were submitted or queried through the Advanced WildFire cloud.
• File Hash (SHA256)—View the data for samples with SHA-256 values for files analyzed by
Advanced WildFire.
• File Name—Filter data based on the File Name with a user-designated search string.
• Verdict—View samples identified as Benign, Malware, Grayware, C2, Phishing, or Pending as a
result of Advanced WildFire analysis.
• File Type—View data based on the file type of the sample analyzed by WildFire. Learn about
the supported file types for WildFire analysis.
• URL—Filter data based on the URL with a user-designated search string.
• App Name—Filter data based on the samples that are delivered by an application.
• Attack Origin Region—Filter to view the samples that are sent from a specific location.
• Attack Target Region—Filter to view the samples that are received in a specific location.
• User Name—Enter the username to filter data for the user that is targeted to deliver the
sample in your network.
• Prisma Access Location/Branch—Filter samples based on the Prisma Access branch location.
• FW Device Serial Number—Filter the data for the device that submitted the sample for
WildFire analysis.
• Analysis Type—Filter based on the type of Advanced WildFire Analysis that the sample has
undergone.

WildFire Dashboard: Submissions and Verdicts

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Cloud Manager Getting Started 182 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

The other licenses and prerequisites needed
for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
The total number of samples submitted for Advanced WildFire analysis during the selected time
period. The widget shows the number of samples submitted from each source and the verdict
generated for the samples. The widget also shows the spike in the samples submitted for WildFire
analysis. Investigate the spikes in malware samples and take action to mitigate threat impacts on
your network.

WildFire Dashboard: Analysis Insights

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard

Strata Cloud Manager Getting Started 183 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
Get insights into the unique Advanced WildFire samples submitted from your network and
subsequent signatures generated from the analysis. Use the data to understand the new threats
that were observed only in your network in the selected time frame and the number of times your
network has been protected by the signatures generated. Due to the nature of this widget, only
the Time range filter is applicable when adjusting the scope of the presented data.
• Signatures Created by My Org - Percentage of signatures generated from samples unique/first
seen in your environment.
• Signatures Created by Others - Percentage of new signatures created by Advanced WildFire
from all uploaded samples, across the entire spectrum of Palo Alto Networks customers and
other sample sources.

The signature generation data shown in the widget is refreshed every 24 hours by Palo
Alto Networks.

WildFire Dashboard: Verdict Trends

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Cloud Manager Getting Started 184 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
Examine the trends for all the samples submitted to Advanced WildFire from your sources and
the verdicts for those samples. Select a verdict count to open all submissions included in the
dashboard settings. You can perform an IOC search on these samples to know the history of the
sample in your network and the global analysis findings of the sample.

WildFire Dashboard: Verdict Distribution

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Cloud Manager Getting Started 185 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
Learn more about the verdicts for net new samples that Advanced WildFire detected for the first
time in your network. Focus in on the sample types that are most frequently concealing malware.
You can open a list of analyzed samples based the verdict or the WildFire file forwarding category
by clicking on the sample count on the X or Y axis.

Alternatively, you can also view the data in table format:

WildFire Dashboard: Recent Submissions

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

Strata Cloud Manager Getting Started 186 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

• , including those funded by Software
NGFW Credits
The other licenses and prerequisites needed
for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
View recently submitted samples to Advanced WildFire from your sources and the details for
those samples, including the source and destination IP addresses, the file type, and the verdict.
For a more comprehensive backlog of sample submissions, select All Samples. You can perform an
IOC search on any of these samples to access the history of the sample in your network and the
global analysis findings of the sample. Additionally, from the resulting IOC search result, you can
also Download and view the complete WildFire report for the sample.
For a complete listing of available WildFire sample submissions, you can select All Samples
from the Recent Submissions widget.

WildFire Dashboard: Submissions Per Source Application

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:

Strata Cloud Manager Getting Started 187 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
Review the details of the applications that facilitated the delivery of samples into your network
based on the globally selected verdict category.

WildFire Dashboard: Submission Per Destination User

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Advanced WildFire (active subscription
attached with and/or )
Strata Logging Service

Strata Cloud Manager Getting Started 188 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
This shows the users who received the most samples in your network based on the globally
selected verdict category.

WildFire Dashboard: Malware Regions

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

• Click Dashboards > More Dashboards > WildFire to view the dashboard.

Strata Cloud Manager Getting Started 189 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Review the locations from where the malicious samples originated or that were delivered to in
your network. You can view the sample count for attack origin and target on a map or organized
into a table format. Use this to narrow down regions targeted by malware and type of malware
attack. Due to the nature of this widget, the Verdict filter is not applicable when adjusting the
scope of the presented data.

WildFire Dashboard: Firewalls

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

• Click Dashboards > More Dashboards > WildFire to view the dashboard.
View the Palo Alto Networks NGFWs and Prisma Access tenants that are submitting malicious
samples for Advanced WildFire analysis in order of prevalence. Review the statistics to track

Strata Cloud Manager Getting Started 190 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

down the impacted endpoints and reconfigure the policy rules to mitigate the threats and contain
the malicious files at the source.

Strata Cloud Manager Getting Started 191 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: DNS Security

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
DNS Security or Advanced DNS Security
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > DNS Security to get started.

What does this dashboard show you?

The dashboard shows aggregated data per tenant service group (TSG). The dashboard
shows data across Prisma Access, Palo Alto Networks firewalls, and Panorama appliances
associated with your tenant.

The new DNS Security dashboard shows you how your DNS Security subscription is protecting
you from advanced threats and malware that use DNS. You can also filter the information
displayed on the dashboard by time range, action taken, domain, resolver IP, and DNS category.
The source and tenant name for which the data is displayed on the dashboard are shown in the
Tenant Name and Source filters. You can view:DNS request statistics and trends
• Total DNS Requests - Displays the total number of DNS requests that are processed by DNS
Security. The line chart diagrams the number of DNS requests based on the user-defined time
range. Specifying a custom time range updates the line chart accordingly.
• Malicious DNS Requests - Displays a stacked bar graph showing DNS requests that are
categorized as malicious. Click the number link to view the details of the DNS requests.

Strata Cloud Manager Getting Started 192 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Subscription - Displays the number of devices in your network with an active DNS Security
subscription. A percentage of devices that are not equipped with DNS Security or with an
expired subscription is also shown with a link to a complete list.

• High-Risk DNS Category Trends - Examine the trend of high-risk DNS requests according to
DNS category or according to the action taken against them. Hover over a specific flow to
open a popup to show the number of requests or type of action enforced.

Strata Cloud Manager Getting Started 193 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• High-Risk DNS Category Distribution Across Actions- Examine the actions the firewall is
taking against particular high-risk DNS categories.

• Most Accessed Domains - Provides a list of the top 10 most commonly requested domains
from your network along with the DNS category and the action taken. You can view more
details and the relevant logs for a domain. Select View All DNS Requests for a complete list of
domains that have been accessed.

• DNS Resolvers - Monitor malicious and suspicious DNS resolution activity in your network.
View the top DNS resolvers that resolve to malicious domains and the resolvers that are
resolving a suspiciously low number of DNS requests. Click the search icon to view more

Strata Cloud Manager Getting Started 194 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

details on the artifact (IP address). You can view the history of the artifact in your network and
the global analysis findings.

• Users Visiting Malicious Domains- Examine the hosts on your network who are attempting to
resolve the hostname or domain of a malicious URL.
• (Requires Advanced DNS Security license) Hijacked Domains- Provides a list of hijacked
domains as determined by Advanced DNS Security. For each entry, there is a categorization
reason and a traffic hit count based on the source IP.

• (Requires Advanced DNS Security license) Misconfigured Domains- Provides a list of non-
resolvable domains associated with the user specified public-facing parent domain(s). For each
entry, there is a misconfiguration reason and a traffic hit count based on the source IP.

This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.

How can you use the data from dashboard?

This dashboard helps you to:

Strata Cloud Manager Getting Started 195 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• examine how DNS requests are processed and categorized

• get insight into the DNS based threats
• detect DNS requests from hijacked and misconfigured domains with Advanced DNS Security

Strata Cloud Manager Getting Started 196 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: AI Runtime Security

The Strata Cloud Manager (SCM) Command Center dashboard provides a consolidated view of
the cloud workloads deployed in Clusters and VMs, such as the pods, the models, the apps, the
VMs, and namespaces.

Where Can I Use This? What Do I Need?

• AI Runtime Security Activate Your AI Runtime Security License

AI Runtime Security Setup Prerequisites
Onboard and Activate a Cloud Account in
SCM

Discover Cloud Resources

On successfully onboarding your cloud account in SCM and activating your service account, the
SCM dashboard provides a unified real-time asset discovery of your cloud workloads.
The Cloud Application Command Center in SCM under Insights → AI Runtime Security provides
actionable insights into discovering all the cloud assets in your onboarded cloud account.
The assets discovery on the SCM dashboard is classified into the operational view and security
view.
The discovery shows the threats breakdown based on threat urgency and risk categories such as
vulnerability detection, URL Security, and Prompt Injection.

Strata Cloud Manager Getting Started 197 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

1. The Operational view is an aggregated view of:

1. A total count and breakdown of assets discovered in your onboarded cloud environments
2. Traffic flows - protected and unprotected by AI Runtime Security instance
3. Application workloads (Containers, Serverless functions, and VMs)
4. AI models being queried
5. User applications accessing the internet destinations
6. Application users applications being accessed from external applications
7. Inbound and outbound traffic statistics

Strata Cloud Manager Getting Started 198 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

2. In Security view:
1. You can add an (“+” icon) AI Runtime Security instance to protect the unprotected network
traffic as identified in the operational view.
2. If the AI Runtime Security instance protection already exists, redirect the unprotected traffic
through the available AI Runtime Security instance.

Next, detect the risky network flow paths between the user apps, AI models, and the internet.
See AI Traffic Network Risk Analysis and Deploy an AI Runtime Security instance to monitor and
defend your cloud network architecture.

Strata Cloud Manager Getting Started 199 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Advanced Threat Prevention

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Advanced Threat Prevention
to get started.

Strata Cloud Manager Getting Started 200 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 201 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

What does this dashboard show you?

The dashboard shows aggregated data per Strata Logging Service tenant.

The Advanced Threat Prevention dashboard gives insight into threats detected in your network
and identifies opportunities to strengthen your security posture. Threats are detected using inline
cloud analysis models and threat signatures generated from malicious traffic data collected from
various Palo Alto Networks services. This dashboard provides a timeline view of threats allowed
and blocked and a list of hosts generating cloud-detected C2 traffic and hosts targeted by cloud-
detected exploits.
This dashboard supports reports. These icons, in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule reports that
cover the data this dashboard displays.

How can you use the data from dashboard?

Use this dashboard to:
• get threat visibility in your network traffic
• analyze threat sessions to improve the accuracy of your policy rules
• gain insight into the real-time threat detected by inline cloud analysis
• get context around the threat from logs and cloud reports and use this data to improve your
incident response process.

Advanced Threat Prevention Dashboard: Threat Overview

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
Threat Prevention or Advanced Threat
Prevention
Strata Logging Service

Strata Cloud Manager Getting Started 202 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Advanced Threat Prevention
to view the dashboard.
Compare the delta between the threats that are allowed and blocked by your security rules.

Advanced Threat Prevention Dashboard: Top Rules Allowing

Threats
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

• Click Strata Cloud Manager > Dashboards > More Dashboards > Advanced Threat Prevention
to view the dashboard.

Strata Cloud Manager Getting Started 203 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Examine the threat sessions that matched the security policy rule and see if you need to modify
the policy rule to strengthen your security posture. You can further analyze the threats and
matching rules in Activity Insights.

Column Description

Policy Name The security policy rule that is allowing the

corresponding threats.

Sessions The number of threat sessions that matched

the security policy rule.

Data Transfer (Bytes) The amount of data flowed through the

sessions that matched the security policy rule.

Unique Threat Count The number of threats that matched the

security policy rule.

Advanced Threat Prevention Dashboard: Hosts Generating Cloud

Detected C2 Traffic
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard

Strata Cloud Manager Getting Started 204 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

Threat Prevention or Advanced Threat
Prevention
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Advanced Threat Prevention
to view the dashboard.
Examine the source IPs and users responsible for generating command and control (C2) traffic.
Advanced Threat Prevention uses cloud-based engines and inline cloud analysis to detect and
analyze traffic for unknown C2 and vulnerabilities. Click the search icon next to the source IP
to review the usage patterns related to the source IP. A contextual link to Log Viewer helps to
analyze the threat sessions, download the packet capture and cloud report to get additional
context and leverage Palo Alto Networks threat analytics data and improve your incident
response processes.

Advanced Threat Prevention Dashboard: Hosts Targeted by

Cloud-Detected Exploits
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

• Click Strata Cloud Manager > Dashboards > More Dashboards > Advanced Threat Prevention
to view the dashboard.

Strata Cloud Manager Getting Started 205 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

These are the IPs targeted by vulnerability exploits. Advanced Threat Prevention uses cloud-
based engines and inline cloud analysis to detect and analyze this traffic. Hover over the
destination IP address and click the search icon to review the usage patterns related to the
destination IP. View logs to get context around the threat. Download cloud report and packet
capture from the logs to get additional context and use Palo Alto Networks threat analytics data
and threat intelligence to improve your incident response processes.

Strata Cloud Manager Getting Started 206 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: IoT Security

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
IoT Security
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

To get started, select Dashboards > More Dashboards > IoT Security.

What does this dashboard show you?

The IoT Security dashboard provides information about the devices on the network, their device
profiles and operating systems, and how they are distributed by device type across subnets. For
advanced IoT Security products (Enterprise IoT Security Plus, Industrial IoT Security, or Medical
IoT Security), the IoT Security dashboard additionally displays the total number of active alerts to
date and vulnerabilities to date.
• Assets - From here, you can see a dynamically maintained inventory of the IoT, OT, and
IT devices on your network with numerous attributes for each one such as its IP and MAC

Strata Cloud Manager Getting Started 207 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

addresses; profile, vendor, model, and OS; and (for advanced IoT Security products) its device-
level risk score.
Use the data in this inventory to learn about the assets on your network:
• View a dynamically generated and up-to-date inventory of the devices detected on your
network, including IoT, OT, and IT devices.
• While the IoT Dashboard displays the types of devices you have at a high level, the Assets
inventory lets you explore individual devices to see more details and assess their security
posture.
• Filter the data displayed in the dashboard by site, device type, period of time, and one or
more device attributes to see data about devices of interest.
• Show and hide columns to view device attributes that are important to you. There are over
100 attribute columns from which to choose.
• Download the data displayed on the currently active page as a file in CSV format for
inclusion in reports or for future reference. The file contains the devices and device
attributes that you have on display at the time of the download.
• Vulnerabilities: The Vulnerability tab lets you customize how information about vulnerabilities
and vulnerability instances is presented so you can view their impact on your devices from
different perspectives. By setting filters, you determine the scope of the information displayed,
and by defining queries and settings, you control the types of vulnerabilities and the types of
devices you want to see.
The Vulnerabilities page lists the vulnerabilities that IoT Security has detected or learned about
through a third-party integration.
You can search for a text string in any of the columns, download the list of vulnerabilities,
create a filter to show only the vulnerabilities you want to see, and control which columns you
want to show and hide.
While a severity level in the IoT Security system reflects a Common Vulnerability Scoring
System (CVSS) score, there isn’t always a direct correlation between the two. IoT Security
bases the severity level not only on the CVSS score but on other determining risk factors as
well. For example, a hard-coded password in a device might have a CVSS score of 10.0, but
an IoT Security severity level of High rather than Critical. This can happen when there isn’t
proof that the device can be accessed from the Internet or by an unauthorized user. While the
National Institute of Standards and Technology (NIST) assigns a CVSS score to a vulnerability
generically, IoT Security assigns a “risk severity” level to vulnerabilities based on the specifics of
each case.

How can you use the data from this dashboard?

Use the data in this dashboard to learn about the devices on your network:
Filters (at the top of the page)
• Filter the data displayed in the dashboard by device type and period of time (past year, month,
week, day, or hour) to see data about devices of interest.
Summary (across the top of the dashboard)

Strata Cloud Manager Getting Started 208 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• See the total number of devices that have been active on your network as determined by the
device type and time filters.
• Of the total number of active devices, see how many are specifically IoT devices.
• Develop a sense of the security landscape in which devices operate by seeing the number of
active alerts and vulnerabilities detected to date.
Devices
• Learn how many devices there are among various device types and drill down to learn how
many devices are among various device categories and then among various device profiles.
Find out how many critical risk devices are at each increasingly granular level of device
classification and what kind of devices they are.
Top 10 Operating Systems
• Of all the devices whose OS IoT Security detected, see the top 10 most common operating
systems, how many devices use each one, and what that percent is.
Subnet Distribution by Device Type
• See how different device types are distributed in subnets throughout the network. If you see
a large mix of device types in the same subnet, consider segmenting them into their own,
separate subnets.

Strata Cloud Manager Getting Started 209 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Prisma Access Usage

Where Can I Use This? What Do I Need?

• One of these:
license

→ The features and capabilities available to

you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Prisma Access to get started.

Strata Cloud Manager Getting Started 210 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

What does this dashboard show you?

See how you’re leveraging what’s available to you with your license, and get a high-level view into
the health and performance of your Prisma Access environment.
Prisma Access Usage data includes:
• An overview of your Prisma Access usage—your licenses, Prisma Access locations, and mobile
user capacity and/or bandwidth utilization
• Top Prisma Access locations for mobile users and remote networks
• Overall bandwidth consumption for remote network and service connection sites, and the
highest-consuming remote network and service connection sites
• Tunnel disconnection trends, including the most impacted tunnels

The dashboard shows the aggregated data per Prisma Access tenant.

How can you use the data from dashboard?

This dashboard helps to get visibility into the Prisma Access usage in your network and adjust
your configuration settings based on the dashboard data.

Strata Cloud Manager Getting Started 211 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Application Experience

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

• Click Strata Cloud Manager > Dashboards > More Dashboards > Application Experience to
get started.

What does this dashboard show you?

The data displayed in this dashboard will change and correspond to the card that you select -
Mobile User Experience or Remote Site Experience. If you are new to AI-Powered ADEM, you
may want to begin by surveying the applications that are in use across your organization and
use this information to identify which applications you want to create app tests for. In addition,
if you have users or remote sites reporting application issues, this dashboard is a good place to
start isolating the issue. The application usage data is pulled from the real user traffic traversing
through Prisma Access. It includes traffic from Mobile Users and Remote Sites.
You can add a filter to narrow down the results to show data for only specific applications,
deployment type, experience score, mobile users, groups, or Prisma Access locations. View the
individual experience score for the application and the number of users and remote sites that are
being impacted by any existing performance issues.

How can you use the data from dashboard?

After you’ve surveyed the applications running on your network and determined which
applications you want to monitor, you can create an app test. As you create app tests, keep in
mind that although you can create app tests targeted to multiple users or sites, the number of
tests is based on the number of app tests each individual user or ION device runs (for example, if
you have an app test for Slack and target it to 1000 users, this would count against your license as
1000 tests).

Application Experience Dashboard: Mobile User Experience Card

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

This widget shows you the average of the application segment score for all Mobile Users for all
monitored applications. It also shows you a breakdown of Good, Fair, and Poor experiences by
number of user devices. You can drill down into users experiencing fair or poor performance to
begin investigating. The experience score in this card will give you an indication of the overall
digital experience for the user. For each application that is monitored per mobile user, ADEM

Strata Cloud Manager Getting Started 212 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

calculates a score based on the 5 critical metrics - application availability, DNS resolution time,
TCP connect time, SSL connect time, and the HTTP latency. If the application fails the availability
test (application is unavailable), then the experience score is 0. If the application is reachable,
only then the remaining four metrics will be calculated. Each of the above metrics (other than
application reachability) have a different weightage and baselined lower and upper thresholds,
and their combined weightage equals 100. The sum of these individual metric scores determines
the application experience score for a user. An average of all the test sample results for each
application determines the experience score of a user.

Application Experience Dashboard: Remote Site Experience Card

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

The remote site experience score is an average score of all monitored applications on all
active WAN paths. It is an average of all test sample results that are collected from individual
applications monitored for that remote site. It is the overall experience score (enclosed in a color
coded square) of the remote site or branch, which is an average of experience scores from all the
test samples collected on active paths of all the applications monitored for that site. Although the
experience score of each backup path will be individually calculated and available for each remote
site and application, the experience score for backup paths are not taken into consideration when
calculating the Experience Score of a remote site. You can drill down into sites experiencing fair or
poor performance by clicking on the number next to Fair or Poor.

Application Experience Dashboard: Experience Score Trends

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Strata Cloud Manager Getting Started 213 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

This widget displays a time series graph of average Mobile Users experience of all Mobile Users.
The experience score is calculated and displayed at set intervals during the selected time range.
The y-axis is color coded based on score range to show you the quality of your experience score
(Red = Poor, Yellow = Fair, and Green = Good). Hover your mouse cursor over the trend line to
see the experience score at the time where your cursor is placed.

Application Experience Dashboard: Experience Score Across the

Network
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Identify the segment of the network that might be causing issues within your organization from
the endpoints (for Mobile Users) or branch (Remote Sites) all the way to the applications. You
can see what segment of the network might be causing issues within your organization from the
endpoints and Prisma SD-WAN remote sites all the way to the application. You can see which
segment—such as an ISP or compute location outage or a SaaS app outage—is impacting digital
experience within your organization and also the precise number of users or sites which are
impacted by it. The icons are color coded and based on the average of segment health score for all
Mobile Users. A green icon stands for Good (score is >=70), yellow stands for Fair (score is 30-70),
red stands for Poor (Score<30).

Devices - Device Health Metrics (CPU/Memory/Disk Space/Disk Queue/Battery)

Wi-Fi - WIFI Metrics (Signal Quality,Tx,Rx,SSID,BSSID,Channel)
Local Networks - Network Performance Metrics (Latency/Loss/Jitter)

Strata Cloud Manager Getting Started 214 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Internet - Network Performance Metrics (Latency/Loss/Jitter) If a device is not connected to

GlobalProtect,the Internet segment, the Network Performance Metrics will be the same as the
TCP PING test executed for application segment.
Prisma Access Locations - Network Performance Metrics (Latency/Loss/Jitter) The test for this
segment is not executed if device is not connected to GlobalProtect.
Monitored Apps - Network Performance Metrics (Latency/Loss/Jitter) Application Performance
Metrics (Availability,DNS Lookup,TCP Connect,SSL Connect,HTTP Latency,Time to First
Byte,Time to Last Byte,Data Transfer)

Application Experience Dashboard: Global Distribution of

Application Experience Scores
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Depending on the card you select, the map view in this widget shows you the experience of
Prisma Access Locations based on the total number of Mobile Users and applications monitored
or the total number of Remote Sites and applications monitored on specific Prisma Access
Location. The Prisma Access locations are marked with circles that are color coded to represent
the status of application segment scores of all monitored mobile users and remote sites connected
to that specific Prisma Access Location where the circle appears. Hover your mouse cursor over
a circle to see the experience scores for the location, as well as the total number of Mobile User
Devices or Remote Sites monitored and the total number of apps that are monitored for that
location. Multiple locations that are geographically very close to each other are represented by
one circle with a number in it. The number denotes how many locations were grouped in that
area. To see exactly which locations were grouped together, zoom in on the map.

Application Experience Dashboard: Experience Score for Top

Monitored Sites
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

This widget displays one card per application and displays the sites with the highest scores. This
widget shows the remote sites experience score trend during the selected time range. Hover your
mouse cursor over the trend line to see the experience score for that specific point in time.

Strata Cloud Manager Getting Started 215 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Application Experience Dashboard: Experience Score for Top

Monitored Apps
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Each application card shows you the average application segment score (the number enclosed
in the square) for all monitored Mobile Users for that particular application on the remote site.
The experience score is calculated as an average of App experience scores of all monitored
applications. The experience score depicts the end-to-end experience for the active paths of
the application. It is the average of all test samples collected on the active paths for that specific
application only. The trend line shows you the average of all 5 minute APM data samples for the
selected time frame.
You can see how many applications you are monitoring and also how many active and backup
paths are monitored. Each application card shows the number of paths that are impacted. Click an
application card to see the metrics for that specific app.

Application Experience Dashboard: Application Performance

Metrics
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

Strata Cloud Manager Getting Started 216 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Autonomous DEM uses TCP ping and Curl to determine the end to end Application Performance.

Metric Description

Availability Application availability (in percentage) during the Time

Range.

DNS Lookup DNS resolution time.

TCP Connect Time taken to establish a TCP connection.

SSL Connect Time taken to establish an SSL connection.

HTTP Latency Time taken to establish an HTTP connection.

Time to First Byte The total of DNS Lookup, TCP Connect, SSL Connect
and HTTP Latency time results in the Time to First Byte.

Data Transfer Total time taken for the entire data to be transferred.

Time to Last Byte Time to First Byte + Data Transfer time.

Application Experience Dashboard: Network Performance Metrics

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license to view the data for Monitored
Applications

ADEM uses ICMP pings to determine Network Performance on each segment.

Strata Cloud Manager Getting Started 217 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Metric Description

Availability Network availability metrics during the Time Range.

Network Latency Time taken to transfer the data over the network.

Packet Loss Loss of packets during data transmission.

Jitter Change in latency during the Time Range.

Strata Cloud Manager Getting Started 218 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Best Practices

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Best Practices to get started.

Strata Cloud Manager Getting Started 219 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

What does this dashboard show you?

The dashboard shows aggregated data per Prisma Access and NGFW/Panorama
associated with your tenant.

The best practices dashboard measures your security posture against Palo Alto Networks’ best
practice guidance. Importantly, the best practices assessment includes checks for the Center for
Internet Security’s Critical Security Controls (CSC). CSC checks are called out separately from
other best practice checks, so you can easily pick out and prioritize updates that will bring you up
to CSC compliance.
The best practice dashboard is divided into five sections:
• Summary
Gives you a comprehensive view of all the failed checks for a device across the configuration
types (Security, Network, Identity, and Service Setup), View historical trend charts for BPA
checks and assess your best practice adoption rate for key feature areas.
• Security
Shows the rules, rulebases, or profiles that are failing best practice and CSC checks for the
selected device and location. When available, CLI remediations allow you to resolve issue with
your policy rules. CLI remediations are generated using TSF data you upload when generating
an On-Demand BPA report.
• Rulebases
Looks at how your policy is organized, and whether configuration settings that apply across
many rules align with best practices (including CSC checks).
• Rules
Shows you the rules failing best practice and CSC checks. See where you can take quick
action to fix failed checks. Rules are sorted based on session count, so you can start by
reviewing and updating the rules that are impacting the most traffic.
• Profiles
Shows you how your profiles stack up against best practices, including CSC checks. Profiles
perform advanced inspection for traffic matched to a security or decryption rule.
• Identity
Shows whether the authentication enforcement settings (authentication rule, authentication
profile, and authentication portal) for a device meet the best practices and comply with CSC
checks.
• Network
Checks whether the application override rules and network settings align with best practice
and CSC checks.
• Service Setup
See how the subscriptions you have enabled on your devices are aligning with the best practice
and CSC checks. You can review the WildFire setup, GlobalProtect portal and GlobalProtect
gateway configurations here and fix the failed checks.

Strata Cloud Manager Getting Started 220 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

You can download the BPA report for NGFW in either CSV or PDF format. All other BPA
reports are available for download in the PDF format only.

How can you use the data from the dashboard?

While best practice guidance aims to help you bolster your security posture, findings in this report
can also help you to identify areas where you can make changes to more effectively manage your
environment.

Strata Cloud Manager Getting Started 221 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Compliance Summary

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

You can view a history of changes to the security checks made up to 12 months in the past,
grouped together by the Center for Internet Security (CIS) and the National Institute of Standards
and Technology (NIST) frameworks. For each framework, you’ll see a list of controls as well as the
percentage of current and average compliance rate, total number of best practice checks, and the
number of failed checks for each control.

The dashboard shows the aggregated data for all firewalls onboarded to your tenant and
are also sending telemetry data.

Interact with the chart and the list to see the relationship between controls and their historical
statistics. View details of individual controls and their associated checks, and select a best practice
check to view the firewall configuration that is failing the check.
The CIS Critical Security Controls framework is a prioritized set of recommended actions and best
practices that help protect organizations and their data from known cyberattack vectors. You can
view check summaries for 11 of the 16 basic and foundational CIS controls:
• CSC 3: Continuous Vulnerability Management
• CSC 4: Controlled Use of Administrative Privileges
• CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
• CSC 7: Email and Web Browser Protections
• CSC 8: Malware Defenses
• CSC 9: Limitation and Control of Network Ports, Protocols, and Services
• CSC 11: Secure configuration for Network Devices, such as Firewalls, Routers, and Switches
• CSC 12: Boundary Defense
• CSC 13: Data Protection
• CSC 14: Controlled Access Based on the Need to Know
• CSC 16: Account Monitoring and Control
The NIST Cybersecurity Framework SP 800-53 Controls framework provides guidance for federal
agencies and other organizations to implement and maintain security and privacy controls for
their information systems. You can view check summaries for eight families of NIST controls:
• SC: Access Control
• AU: Audit and Accountability

Strata Cloud Manager Getting Started 222 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• CM: Configuration Management

• CP: Contingency Planning
• IA: Identification and Authentication
• RA: Risk Assessment
• SC: System and Communications Protection
• SI: System and Information Integrity
Go to Dashboards, and then select the Compliance Summary .

If you don’t see Compliance Summary among the tab choices, select More Dashboards,
and then select the checkbox for Compliance Summary from the choices listed under
Posture.

Strata Cloud Manager Getting Started 223 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

A) Security Controls selector Select CIS or NIST controls

B) Filter by • Device
• Time-frame
• Past 7 Days
• Past 30 Days
• Past 90 Days
• Past 6 Months
• Past 12 Months

C) Sort by • Control CSC Number

• Current Passing %
• % Change
• Number of Failed Checks

D) Line Chart • Passing % - Shows passing percentage for a

given check type.

Strata Cloud Manager Getting Started 224 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Timeline - Shows when the percentage was

measured for a given check type.

E) Check List • Stats

• Average Passing % - Shows the average
percentage of passing checks.
• 12-Month Change - Shows change over
a 12-month period.
• Checks Failed - Shows the number of
failed checks.
• Selected Controls - A checkmark brings a
control into view on the line chart.
• Reset - Removes all locks.
• Collapse All/Expand All - Shows/Hides
stats in the list.
• Lock Line Chart - Keeps locked checks in
view on the line chart.

Strata Cloud Manager Getting Started 225 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Select a control on the list to see the best practice checks it includes.

• Select a best practice check to view the firewall configuration that is failing the check.

Strata Cloud Manager Getting Started 226 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Security Posture Insights

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Security Posture Insights to
get started.

What does this dashboard show you?

The dashboard shows aggregated data for all firewalls associated with your tenant and
are also sending telemetry data.

Get visibility into the security status and trend of your deployment based on the security postures
of the onboarded NGFW devices. The severity of the security score (0-100) and its corresponding
security grade (good, fair, poor, critical) determine the security posture of a device. The security
score is calculated based on the priority, quantity, type, and status of the open alerts.

How can you use the data from the dashboard?

Use this dashboard to:

Strata Cloud Manager Getting Started 227 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• Know the trend of issues that impact the security posture of your deployment.
• Understand the security improvements that you have made in your deployment by looking at
the historical security score data.
• Narrow down devices where there is an opportunity to improve the security posture and
prioritize the issues to resolve them.

The report functionality (download, share, and schedule report) is not supported for this
dashboard.

Security Posture Insights Dashboard: Device Security Posture

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Security Posture Insights to
view the dashboard.

The dashboard widget shows:

• The total number of onboarded NGFWs.
• The number of devices that have not sent telemetry data for over 12 hours.
• The priority of security score for the onboard devices in your deployment. Click the number
link to know the device details and security statistics.

Strata Cloud Manager Getting Started 228 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Security Posture Insights Dashboard: Security Posture Statistics

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Security Posture Insights to
view the dashboard.

Top Unhealthy
These are the top 10 devices most impacting the security posture of your deployment. Drill down
to view the device details and the alerts on the device. Perform the remediation steps for the
critical alerts on the devices to improve the security posture.
Top Improving
View the top 10 devices with improved security posture scores over a 30 days time period,
compared to the current security scores of the devices.
Top Worsening
These are the devices with the declined security posture scores compared to the current security
scores of the devices. Review the alerts on these devices and prioritize to fix them.

Strata Cloud Manager Getting Started 229 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Security Posture Insights Dashboard: Score Trend

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Strata Cloud Manager > Dashboards > More Dashboards > Security Posture Insights to
view the dashboard.
The chart shows the security posture trend of your deployment for the selected time period.
Hover over the trigger point to know the devices and active alerts that are contributing to the
security posture trend. You can view trends for one or more devices filtered by the hostname,
model, or software version.

Strata Cloud Manager Getting Started 230 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: NGFW SD-WAN

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > NGFW SD-WAN to get started.

To utilize this dashboard, you can set up a Software-Defined Wide Area Network (SD-WAN) on
Strata Cloud Manager for your Palo Alto Networks Next-Generation Firewalls.

Strata Cloud Manager Getting Started 231 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

What does this dashboard show you?

The NGFW SD-WAN dashboard shows you the performance metrics for links and application
traffic for cloud managed firewalls with SD-WAN.

How can you use the data from the dashboard?

This dashboard helps you with:
• Visibility into application and links performance metrics in your VPN clusters to troubleshoot
issues by viewing summary information across all VPN clusters.
• Drilling down to isolate the issues to affected sites, applications, and links.
• Raising actionable alerts to investigate and remediate poor links and applications. With ML-
powered anomaly detection, normality band, and forecasting, the actionable alerts are based
on data-driven thresholds, and you will get insights around trends.
Here’s a video that shows how to monitor the NGFW SD-WAN dashboard.

NGFW SD-WAN Dashboard: Application Health

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The dashboard shows:

• The total number of applications for the selected time duration and VPN cluster.
• The number of impacted applications, that is, one or more applications in the VPN cluster for
which none of the paths have jitter, latency, or packet loss performance that meet the specified
thresholds in the Path Quality Profile in the list of paths from which the firewall can choose.
• The number of applications whose health is good, that is, applications in the VPN cluster that
are not experiencing jitter, latency, or packet loss performance issues.

Strata Cloud Manager Getting Started 232 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

NGFW SD-WAN Dashboard: Top Impacted Applications

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

For the selected time duration and VPN cluster, Strata Cloud Manager displays your top 5
impacted applications based on their computed percentage of impacted traffic out of total bytes.
A higher computed percentage indicates a greater impact on the application.

Strata Cloud Manager Getting Started 233 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Click View More to check all the impacted applications.

Strata Cloud Manager Getting Started 234 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 235 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Furthermore, click an application to view its details including traffic and the used links. You can
also click a used link to view its details.

Strata Cloud Manager Getting Started 236 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 237 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

NGFW SD-WAN Dashboard: Impacted Applications

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Chart shows a trend showing impacted applications in the last 24 hours. Hover your cursor
over the trend line to view impacted applications at a specific point of time.
• Click View Alerts to view the associated alerts that are raised due to the impacted applications.

NGFW SD-WAN Dashboard: Link Health

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• The total number of links for the selected time duration and VPN cluster.
• The number of links classified as Critical, Warning, and Good.
• Click the number link for Critical to view the alerts raised due to SD-WAN link performance.

Strata Cloud Manager Getting Started 238 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

NGFW SD-WAN Dashboard: Top Worst Links

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

For the selected time duration and VPN cluster, Strata Cloud Manager displays your top 5 worst
links based on the computed average of the interface metrics (Tunnel downtime, Latency, Jitter,
and Packet Loss). The links are ranked based on the priority of Tunnel downtime, Latency, Packet
Loss, and Jitter. A higher computed average indicates the poor quality of the links.

Strata Cloud Manager Getting Started 239 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

You click View More to check all the impacted links.

Furthermore, click a link to view its details including charts based on link performance.

Strata Cloud Manager Getting Started 240 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

NGFW SD-WAN Dashboard: Poor Links

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Chart shows a trend showing poor links detected in the last 24 hours. Hover your cursor over
the trend line to view poor links at a specific point of time.
• Click View Alerts to view the associated alerts that are raised due to the poor links.

Strata Cloud Manager Getting Started 241 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

NGFW SD-WAN Dashboard: Health By Cluster and Sites

Where Can I Use This? What Do I Need?

• , including those funded by Software or

NGFW Credits
→ The features and capabilities available to
you in depend on which license(s) you are
using.

View the number of links, their health, and the impacted applications for every site.

Click the number links under these columns to view details about them.

Strata Cloud Manager Getting Started 242 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Prisma SD-WAN

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis
A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

What does this dashboard show you?

The Dashboard shows you a high-level and graphical view of the network, device, and application
metrics of Prisma SD-WAN. In addition, it shows you:
• The connectivity status of your branch and data center devices to the controller.
• The application utilization data for your ingress and egress traffic.
• Basic network insights and reports for all branch sites across a tenant from the past week.
• Information about the top branch and data center sites by the number of incidents generated.
• The link quality metrics across your sites like MOS score, packet loss, jitter, and latency.
• The predictive capacity utilization at a site level based on the previous three to six months of
information.

Prisma SD-WAN Dashboard: Device to Controller Connectivity

Where Can I Use This? What Do I Need?

• license
The other licenses and prerequisites needed
for visibility are:
Licenses to unlock certain widgets in the
dashboard
WAN Clarity for predictive analysis

Strata Cloud Manager Getting Started 243 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

A role that has permission to view the
dashboard
Strata Logging Service
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Device to Controller Connectivity widget depicts the number of Online and Offline ION
devices connected to the Prisma SD-WAN controller for a Branch and Data Center. Using
this interactive graph, you can view the online or offline status for a claimed device for the
corresponding branch and data center.

On clicking either, Branch or Data Center on the interactive graph, you can view the claimed and
unclaimed devices name, status, software version installed, last activity, and redundancy status of
the device.

Prisma SD-WAN Dashboard: Applications

Where Can I Use This? What Do I Need?

The Applications widget displays information about the application utilization at the site during
the selected time range. The total application ingress and egress traffic for the time range is

Strata Cloud Manager Getting Started 244 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

displayed. The top 10 applications by traffic volume are displayed along with the other traffic.
Click View All to see the application health distribution, TCP application health distribution over
time, new flows, bandwidth utilization, transaction stats for the selected time range along with the
top applications. You can drill down to view an application's performance and metrics per site for
the selected time range in the dashboard.

The metrics for all TCP applications are initially displayed but, any one of the top 10 TCP
applications can be selected to more narrowly focus on a specific top application.

Prisma SD-WAN Dashboard: Top Alerts by Priority

Where Can I Use This? What Do I Need?

The Top Alerts by Priority widget displays the top 5 alerts by priority. You can see information on
the top branch and data center sites by the number of alerts generated in the selected time range.
You can drill down to view the alert information per site for the selected time range.

Strata Cloud Manager Getting Started 245 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Click View All to see the following information on the alerts:

• When the alert was created.
• Name of the incident.
• The primary impacted object.
• The severity of the alert.
• The priority of the alert.
Click the ellipsis to troubleshoot the alert.

Prisma SD-WAN Dashboard: Overall Link Quality

Where Can I Use This? What Do I Need?

The Overall Link Quality widget provides an overall snapshot of the current state of links for
all your sites for the selected time range. You can drill down to view the Link Performance, Link
Packet Loss, Link Jitter, and Link Latency and allows you to analyze information you want to view
in greater detail in the Link Quality Metrics dashboard.

Strata Cloud Manager Getting Started 246 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Prisma SD-WAN Dashboard: Bandwidth Utilization

Where Can I Use This? What Do I Need?

The Bandwidth Utilization widget displays the amount of bandwidth utilized on a trail in a
network. It is a visual representation of bandwidth spike, total bandwidth consumed by a
particular site, and the application; if the upload is in ingress, egress direction or both.

Move your cursor in the Bandwidth Utilization chart to get a more granular view of the
bandwidth utilization with an application or time-stamp. Typically, the apps are listed in order of
their bandwidth utilization. The chart displays the bandwidth consumed over time. The 1H view
provides granular per minute data, and the 1D picture shows data every 5 minutes. The 1D chart
data averages above 5 minutes for each sample. If utilization sustains above 5 minutes, you can
see the corresponding peak utilization in both charts.

Strata Cloud Manager Getting Started 247 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

You can use the download option from the widget to download the Bandwidth Utilization chart in
either PDF, CSV, XLS, or PNG formats.

Prisma SD-WAN Dashboard: Transaction Stats

Where Can I Use This? What Do I Need?

The Transaction Stats widget provides transaction statistics on TCP flows, including initiation/
transaction successes and failures for a specific application or all applications, a particular path
or all paths, and all health events. It measures the performance and availability of networks
and applications that run on network paths. For each request on a given path, Prisma SD-WAN
monitors, in real-time, the transaction error rates for initiation and data transfer transactions.

From the Transaction Stats chart, view the list of Apps by their bandwidth utilization or by path.
You can filter out successful transactions to get a granular view of transaction failure stats. The
chart displays the count of successful or failed transactions for the following categories:
• Init Sucessful: Successful completion of the three-way handshake.
• TXNs Sucessful: Successful transfer of data after the completion of the three-way handshake.
• Init Failure: Failure to complete the three-way handshake. Reasons for failure may include
a misconfiguration firewall, an application server issue, a misconfiguration network access
control list, or a WAN network provider issue.

Strata Cloud Manager Getting Started 248 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• TXNs Failure: Unsuccessful transfer of data after the completion of the three-way handshake.
Reasons for failure can include a mis-configured firewall, an application server issue, a mis-
configured network access control list, or a WAN network provider issue.
You can use the download option from the widget to download the Bandwidth Utilization chart in
either PDF, CSV, XLS, or PNG formats.

Prisma SD-WAN Dashboard: Predictive Analytics

Where Can I Use This? What Do I Need?

The Predictive Analytics widget provides insight into the health of sites and applications and
proactive monitoring to identify critical issues and troubleshoot them faster, thus enhancing
service levels. It identifies critical sites, links, and applications and categorizes them as Good,
Fair, and Poor at the tenant level, based on the AI/ML health scores. The widget includes
predicting capacity utilization at the branch site level based on the previous three to six months of
information.

Strata Cloud Manager Getting Started 249 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

The default time range to view the metrics is three hours; however, you can adjust it to shorter
or longer periods depending on the desired scope of information. Gain insights into the top 10
sites whose bandwidth utilization increased in the previous 28 days; you can view seven days
prediction whenever 28 days prediction is unavailable and predict the future branch capacity
utilization.
Click View All to gain insights on Branch Sites, Applications, Links, Network Insights, Top Sites
with Traffic Volume Growth in Past 30 days, and Site Capacity Prediction And Anomaly.

Strata Cloud Manager Getting Started 250 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: PAN-OS CVEs

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > More Dashboards > PAN-OS CVEs to get started.

What does this dashboard show you?

The dashboard shows the aggregated data for all firewalls and Panorama onboarded to
your tenant and are also sending telemetry data. Additionally, it shows the telemetry data
from NGFW PSIRT Database of CVEs.

The PAN-OS CVEs dashboard shows you the number of devices impacted by a specific
vulnerability based on the features that have been enabled on devices. Strata Cloud Manager
analyzes the features that have been enabled to determine the devices impacted by the CVE.

Strata Cloud Manager Getting Started 251 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

After you understand the vulnerabilities for impacted devices, you can plan your patching using
the Upgrade Recommendations feature. Expand the CVEs and select firewalls that you want
to upgrade to fix the vulnerabilities, and click Generate Upgrade Recommendations. You are
redirected to NGFW - Upgrade Recommendations to view the generated report.
Here is how to assess vulnerabilities that impact devices and generate upgrade recommendation
to fix the vulnerabilities.

How can you use the data from the dashboard?

This dashboard helps you:
• Decide which devices to upgrade to mitigate a vulnerability.
• View details about an impacted device such as Host Name, Model, Serial Number, SW Version,
and Last Telemetry Update by expanding a CVE.
• Filter CVEs and sort them further by Severity or Devices Impacted.
• View the advisory associated with a CVE by clicking it.

Strata Cloud Manager Getting Started 252 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: CDSS Adoption

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > Posture > CDSS Adoption to get started.

Strata Cloud Manager Getting Started 253 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

What does this dashboard show you?

• The dashboard shows the aggregated data for all firewalls onboarded to your tenant
and are also sending telemetry data.
• Currently, this dashboard only supports four security subscriptions: Advanced Threat
Prevention, Advanced URL Filtering, DNS Security and Wildfire.

The CDSS Adoption dashboard shows the recommended Cloud-Delivered Security Services
(CDSS) subscriptions and their usage in your devices. This helps you to identify security gaps and
harden the security posture of your enterprise. After you navigate to this page, you will see a pop-
up asking you to confirm or update your zone roles in NGFWs to get accurate security services
recommendations. You can follow the link in this pop-up window to map zones to roles.

How can you use the data from the dashboard?

This dashboard helps you with the following:
• At the top of the Overview page, you can view the number of total known NGFWs and
number of NGFWs sending telemetry in your AIOps for NGFW instance. The adoption of
CDSS involves progressing through activation, configuration, and adherence to best practices.
To track progress for each subscription, simply click on the numbers in the chart to view a list
of devices that require updates along this journey. To use a security subscription license in a
device, you need to activate it and then set up the service or feature accordingly.
To focus on the security services data for a specific NGFW, filter the chart based on it. You can
also view the best practice violations for a device in this drop-down list.

Strata Cloud Manager Getting Started 254 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• You can click one of the values under ACTIVATE, CONFIGURE, or BEST PRACTICES to view
details in a tabular format.

Strata Cloud Manager Getting Started 255 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 256 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

In this example, AIOps for NGFW recommends the activation of Advanced URL Filtering
(ADV-URL) along with Advanced Threat Protection (ATP), Domain Name System (DNS), and
WildFire (WF) security services for NGFWs. You can click Back to Graph View to navigate to
the Overview page.
• You can also view the same security posture data in a pie chart format. Click the pie-chart icon
to view the information about recommended security services in a pie-chart format.

Strata Cloud Manager Getting Started 257 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• You can click the sections of the pie-chart to view the information about the individual security
service.

In this example, to view the NGFW where DNS Security is not configured, you can either click
the value above the DNS Security section of a pie chart or click the DNS Security section of a
pie chart.

Override Recommended Security Service

When you do not need a recommended security service for any reason, you can override it. Click
a value under CONFIGURE to view details in a tabular format, you can override the recommended
security service.

Strata Cloud Manager Getting Started 258 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 259 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

In this example, AIOps for NGFW recommends the configuration of Advanced URL Filtering
(ADV-URL) along with other security services for a device. You can cancel the ADV-URL security
service for the NGFW device and all the zones under it.

Strata Cloud Manager Getting Started 260 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 261 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

You can also override the recommended security service at a zone level. View Details for an
NGFW to view the source and destination roles, policies, and their recommended security
services.

Strata Cloud Manager Getting Started 262 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Strata Cloud Manager Getting Started 263 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

In this example, you can override the ADV-URL security service for the source role as Third
Party Vendor and the destination role as Unknown. You can also restore the overridden
recommendation by clicking on the security service under the Overrides column.
You can View Policies associated with roles. Select a rule to view its details without needing to
leave the app.

Strata Cloud Manager Getting Started 264 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Click Back to Table View to view the security services in a tabular format.

Strata Cloud Manager Getting Started 265 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: Feature Adoption

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Click Dashboards > Feature Adoption to get started.

What does this dashboard show you?

The dashboard shows the aggregated data for all firewalls onboarded to your tenant and
are also sending telemetry data.

The Feature Adoption dashboard shows you the security features that you are using in your
deployment, and you can use it to identify gaps in adoption. This helps you make sure that you are
getting the most out of your Palo Alto Networks security subscriptions and firewall features.

Strata Cloud Manager Getting Started 266 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

How to use this dashboard

To focus on the feature adoption for a specific set of firewalls, you can filter the chart based on
device group, including Panorama-managed devices. You can also see historical adoption trend
charts.

Strata Cloud Manager Getting Started 267 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

• When you generate an On-Demand BPA report using a TSF, adoption information
from your TSF is reflected on the Feature Adoption dashboard. (PAN-OS 9.1 and
above TSFs)
• You can export adoption data in .csv format for use in third-party applications such
as Microsoft Excel

Select the section for a feature on the chart to view which policy rules lack that feature.

Strata Cloud Manager Getting Started 268 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Select a rule to view its details without needing to leave the app.

Identify gaps in adoption

This dashboard shows where your security policy is strong and where there are gaps in capability
adoption that you can focus on improving. To gain maximum visibility into traffic and maximum
protection against attacks, set goals for security capability adoption and use the following
recommendations as a best practice baseline. Assess your current posture against the baseline to
identify gaps in security policy capability adoption.
Adoption Summary helps identify devices, zones, and areas where you can improve security policy
capability adoption. You can review adoption information by Device Group, Serial Number & Vsys,
Zones, Areas of Architecture, Tags, Rule Details, and Zone Mappings. Filter on Device Group to
narrow the scope and identify gaps.
In Dashboard > Feature Adoption, select Overall Adoption to check the adoption rates of the
following capabilities. Select Best Practices to see the adoption rates of these capabilities that
adhere to Palo Alto Networks best practices. Use this information as gap identification criteria—if
the actual adoption rate doesn’t match the recommendations, plan to close the gap:

Strata Cloud Manager Getting Started 269 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Apply WildFire Analysis, Antivirus, Anti-Spyware, Vulnerability, and File Blocking profiles to
all rules that allow traffic, with a target of 100% or almost 100% adoption. If you don’t apply a
profile to an allow rule, ensure that there is a good business reason not to apply the profile.
Configuring security profiles on all allow rules enables the firewall to inspect decrypted traffic
for threats, regardless of application or service/port. After updating the configuration, you can
run the BPA for non-telemetry devices to measure progress and to catch new rules that don’t
have security profiles attached.

You can apply WildFire profiles to rules without a WildFire license. Coverage is limited
to PE files, but this still provides useful visibility into unknown malicious files.
In the Anti-Spyware profile, apply DNS Sinkhole to all rules to prevent compromised internal
hosts from sending DNS queries for malicious and custom domains, to identify and track the
potentially compromised hosts, and to avoid gaps in DNS inspection. Enabling DNS Sinkhole
protects your network without affecting availability, so you can and should enable it right
away.
Apply URL Filtering and Credential Theft (phishing) Protection to all outbound internet traffic.
In the Adoption Summary’s Apps, Users, Ports summary, check the adoption rates of the following
capabilities. Use the recommendations as gap identification criteria—if the actual adoption rate
doesn’t match the recommendations, plan to close the gap:

Strata Cloud Manager Getting Started 270 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Apply App-ID to as close to 100% of the rules as possible. Apply User-ID to all rules with
source zones or address ranges that have a user presence (some zones may not have user
sources; for example, sources in data center zones should be servers and not users). Leverage
App-ID and User-ID to create policies that allow appropriate users to sanctioned (and
tolerated) applications. Explicitly block malicious and unwanted applications.
Target 100% or close to 100% service/port adoption—don’t allow applications on non-standard
ports unless there’s a good business reason for it.
In the Adoption Summary’s Logging summary, check the adoption rates of the following
capabilities. Use the recommendations as gap identification criteria—if the actual adoption rate
doesn’t match the recommendations, plan to close the gap:
Target at or close to 100% adoption for Logging and Log Forwarding.
Configure Zone protection profiles on all zones.
In summary:

Feature Adoption Goal

WildFire As close to 100% of Security policy rules as possible

Antivirus As close to 100% of Security policy rules as possible

Anti-Spyware As close to 100% of Security policy rules as possible

Vulnerability As close to 100% of Security policy rules as possible

File Blocking As close to 100% of Security policy rules as possible

URL Filtering and Credential All outbound internet traffic

Theft

App-ID As close to 100% of Security policy rules as possible

User-ID All rules with source zones or address ranges that have a
user presence

Service/port As close to 100% of Security policy rules as possible

Logging As close to 100% of Security policy rules as possible

Log Forwarding As close to 100% of Security policy rules as possible

Zone protection All zones

Strata Cloud Manager Getting Started 271 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: On Demand BPA

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
Tech Support File (TSF)
→ The features and capabilities available to
you in depend on which license(s) you are
using.

• Go to Dashboards > On Demand BPA to get started.

What does this dashboard show you?

The dashboard shows the Best Practice Assessment (BPA) report based on the uploaded
TSF files of devices.

You can now run the Best Practice Assessment (BPA) and Feature Adoption summary directly
from Strata Cloud Manager. Just upload a TSF file. You can generate the on-demand BPA report
for devices that are not sending telemetry data or onboarded to AIOps for NGFW.

How can you use the data from the dashboard?

The BPA evaluates your security posture against Palo Alto Networks best practices and prioritizes
improvements for devices. Security best practices prevent known and unknown threats,
reduce the attack surface, and provide visibility into traffic, so you can know and control which

Strata Cloud Manager Getting Started 272 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

applications, users, and content are on your network. Additionally, best practices include checks
for the Center for Internet Security’s Critical Security Controls (CSC). See the best practices
guidance to bolster security posture and implement improvements.

Generate On-Demand BPA Report

Follow these steps to generate the BPA Report on demand.
STEP 1 | Dashboards > On Demand BPA.

STEP 2 | Generate New BPA Report.

Strata Cloud Manager Getting Started 273 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

STEP 3 | Select TSF and Upload TSF file.

The upload time is dependent on the size of your .tgz file and your Internet speed. Uploading
the file could take a few minutes for larger files. Expand In-Progress to view the status of the
TSF files.

• On-demand BPA supports only the TSF files in the .tgz file format.
• On-demand BPA supports TSFs from devices with the PAN-OS version 9.1 or above
for report generation.
• For information about Palo Alto Networks' data capturing, processing, and
telemetry storage, see AIOps for NGFW Privacy in the Trust Center.

STEP 4 | View Report below Completed to view the results.

Strata Cloud Manager Getting Started 274 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Dashboard: SASE Health

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

What does this dashboard show you?

This dashboard shows you the overall health of your Mobile Users, Remote Sites, and Applications
(if you have purchased an AI-Powered ADEM license) that are currently connected to Prisma
Access. The numbers in the circles represent the number of users or sites that are currently
connected from the Prisma Access Location where they appear. A dot represents a single user or
site. The areas on the map that have a blue background indicate that the numbers shown in that
region are a prediction or forecast.
Filter the data shown in this dashboard with one or more of the following filters
• Time range
• Prisma Access Location
• Source Location

How can you use the data from dashboard?

Use the dashboard to get an overview and overall health of how many Mobile Users and Remote
Sites that are connected to Prisma Access categorized by their location on the map. You can view
their overall health in this dashboard too.

SASE Health Dashboard: Current Mobile Users - Map View

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard

Strata Cloud Manager Getting Started 275 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

The Current Mobile Users tab in the SASE Health dashboard shows you an overview of
the breakdown of Mobile User experience across all locations. The number in the circles
correspond to the number of Mobile Users who are currently connected to Prisma Access using
GlobalProtect. A dot represents a single Mobile User. A green circle or dot indicates Good
user experience score. Likewise, a red one indicates a degraded experience score. Degraded
experience scores comprise of Fair and Poor scores combined. The line chart to the right of
Current Mobile Users shows you a trend of the average experience scores for all Mobile Users
during the selected Time Range.

Click the number (representing the potentially degraded-experience user count) next to the
Potential Degraded Experience or Incidents to see the details of the degraded user experience in
a pane that opens on the left.

SASE Health Dashboard: Current Sites - Map View

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

The SASE Health dashboard provides a unified view of the SD-WAN and third-party sites
connected to the Prisma Access remote network location. It displays a map view of sites and data
centers connected to Prisma Access Remote Networks and provides detailed metrics of on-site

Strata Cloud Manager Getting Started 276 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

connectivity and experience scores across networks. This enables you to monitor the status of
your remote sites and data centers.
This dashboard shows the number of configured sites connecting to Prisma Access Locations
worldwide. The number enclosed in parenthesis is the total number of connected sites and the
number to the right is the number of sites that are up with Good experience scores. Sites are
considered based on score for SD-WAN or tunnel status and incidents.
The blue line chart indicates the trend of average experience score for all sites over time. Below
the Current Sites you see the number of sites with degraded (Poor) experience score along with
the number of Incidents for all sites.
Use the detailed metrics and trend charts in the dashboard to monitor the health of distributed
sites and quickly troubleshoot any connectivity or performance issues by drilling down into
specific sites or regions. You can filter the data by Sites only, Sites and Data Centers, or Sites and
Prisma Access Locations.

If you have Juniper Mist integrated third-party sites, you will see Juniper Mist sites in the
dashboard. To know more about the integration, refer to Juniper Mist Integration.

To view the dashboard, navigate to Dashboards > SASE Health, select Current Sites on the page.
Drill down to a specific site to know the site details such as the PA location, DC connected to,
standard VPN, secure fabric, and any open incidents.

Degraded Site Experience displays the data by Incidents and Segments. Incidents, for SD-WAN
and Juniper Mist, are categorized into Infrastructure, network services, data centers, and third-
party sites. You can further drill down to a specific incident by selecting the incident you want to
investigate.

Strata Cloud Manager Getting Started 277 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

If you have ADEM enabled, you can view Site trend. Click the Experience Trends & Network
Topology icon to view a time series, followed by the end-to-end topology chart for Prisma SASE
sites.

Strata Cloud Manager Getting Started 278 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

SASE Health Dashboard: Monitored Applications

Where Can I Use This? What Do I Need?

• • One of these:
and ADEM Observability

• A role that has permission to view the

dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

See the application availability metrics in the Monitored Applications tab of the SASE Health
dashboard. This dashboard shows you how many applications are monitored through ADEM
and how many of them are experiencing a degraded score. This number takes into consideration
the application experience for both Mobile Users and Remote Sites. Applications with Poor or
Fair application experience scores are considered as degraded experience. You can also see the
application's availability during the time range you select using the filter.

Strata Cloud Manager Getting Started 279 ©2025 Palo Alto Networks, Inc.
Dashboards: Strata Cloud Manager

The number to the right of the application name tells you the percentage of time during the Time
Range that the application was available.

Strata Cloud Manager Getting Started 280 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
ADEM Observability
Autonomous DEM for Remote Networks
AI-Powered ADEM
WAN Clarity Reporting
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Get comprehensive visibility across your network traffic, and the products and subscriptions
you're managing with Strata Cloud Manager. You can protectively monitor the health and
connectivity status of your remote networks, applications, NGFW devices, and mobile users in
Prisma Access. Strata Cloud Manager also provides features to monitor the performance of the
common network services, consumption details of your subscription licenses, and manage the
tool used to analyze connectivity issues. The Prisma SD-WAN users can also monitor the health
and connectivity status of Prisma SD-WAN applications, ION devices, data centers here all in one
place.

281
Monitor: Strata Cloud Manager

Monitor: IOC Search

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

You can search on a security artifact to interact with data just for that artifact. Search results
include:
• The artifact’s history and activity in your network. Using this data, you can assess how
prevalent the artifact is in your network and compare to Palo Alto Networks global data.
• Palo Alto Networks threat intelligence on the artifact, based on analysis data of all traffic
processed by Palo Alto Networks.
• Passive DNS data that is used to populate the Passive DNS History widget (for URL and
domain searches) is generated based on user data from telemetry collected by the firewall.
Click Monitor > IOC Search to get started.

Strata Cloud Manager Getting Started 282 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

To get started, search for one of these types of artifacts: a file hash (SHA-256), a URL, a domain,
or an IP address (IPv4 or IPv6).

IP Address
You can search for an IP address (IPv4 and IPv6) to analyze the threat information related to IP
address activities in your network. The following data is displayed in the search result:
• Total number of times an IP address was detected and allowed into in your network over the
past 30 days.
• Graphical representation of global telemetry counts.
• Associated threat actors, malware Campaigns, vulnerabilities, techniques, in the form of tags
associated with the IOC.

IP Address Overview—View general information about the IP address, including the verdict,
associated tags, and, if the IP address has been analyzed previously, the timestamp when it was
initially and last observed, globally.

Strata Cloud Manager Getting Started 283 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Evidence in Your Network—Learn about detection reasons with timestamps when it was
initially and last observed in your network, unique allowed users, and total hits data for the web
request.

IP Address History {in Your Network | Globally}—Shows the number of times the IP address
was accessed by various endpoints in your network (or globally, depending on the widget
setting) during the past 30 days.
Globally:

In Your Network:

Passive DNS History —Review the passive DNS history of DNS traffic records associated with
the IP address. That can allow you to examine how domains have been resolved in the past,
track changes in DNS configurations, and identify potentially malicious activities.
You can configure the fields displayed in the passive DNS history table based on the following
fields:

Strata Cloud Manager Getting Started 284 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• ➡—Indicates the number of the passive DNS entry.

• Request—The domain name that was queried.
• Response—The domain response type.
• Count—Number of times the domain was accessed from your network.
• Type—The DNS query record type. For example, "A" (for IPv4), "AAAA" (for IPv6), "MX" (for
mail servers), "NS" (for name servers), "TXT" (for text records), and "CNAME" (for DNS
records that store information about the domain's CNAME alias history).
• First Seen—Indicates when the DNS records were first observed.
• Last Seen—Indicates when the DNS records were last observed.

Whois Information —Displays general domain information based on the resource's publicly
available registration details.

Domain
View a summary of the activities associated with the domain in your network. The search results
include:
• Classification of the domain in your network based on analysis data from URL Filtering and
DNS Security.
• Total number of activities associated with the domain over a specified duration, both in your
network and globally.
• Enforcement applied to each activity in a graphical format.
• DNS activity collected from across all WildFire submissions that contain instances of this
domain.

Strata Cloud Manager Getting Started 285 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

The IOC Search does not currently support visualization of local network activity seen by
the Advanced DNS Security Resolver.

Domain Overview—View general information about the domain, including the domain and
URL categories as determined by the Advanced DNS Security and Advanced URL Filtering
services, respectively, the category tags, and, if the IP address has been analyzed previously,
the timestamp when it was initially and last observed, globally.

Evidence in Your Network—Learn about detection reasons with timestamps when it was
initially and last observed in your network, unique allowed users, and total hits data for the web
request.

Domain History {in Your Network | Globally}—Shows the number of times the domain was
accessed by endpoints in your network (or globally, depending on the widget setting) during
the past 30 days.
Globally:

Strata Cloud Manager Getting Started 286 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

In Your Network:

Passive DNS History —Review the passive DNS history of DNS traffic records associated with
the domain. That can allow you to examine how domains have been resolved in the past, track
changes in DNS configurations, and identify potentially malicious activities.
You can configure the fields displayed in the passive DNS history table based on the following
fields:
• ➡—Indicates the number of the passive DNS entry.
• Request—The domain name that was queried.
• Response—The domain response type.
• Count—Number of times the domain was accessed from your network.
• Type—The DNS query record type. For example, "A" (for IPv4), "AAAA" (for IPv6), "MX" (for
mail servers), "NS" (for name servers), "TXT" (for text records), and "CNAME" (for DNS
records that store information about the domain's CNAME alias history).
• First Seen—Indicates when the DNS records were first observed.
• Last Seen—Indicates when the DNS records were last observed.

Strata Cloud Manager Getting Started 287 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Whois Information —Displays general domain information based on the resource's publicly
available registration details.

URL
Learn about the URL’s activity across all traffic Palo Alto Networks analyzes. The search results
include:

URL Overview—View general information about the URL, including the domain and URL
categories as determined by the Advanced DNS Security and Advanced URL Filtering services,
respectively, the category tags, and, if the IP address has been analyzed previously, the
timestamp when it was initially and last observed, globally.

Strata Cloud Manager Getting Started 288 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Evidence in Your Network—Learn about detection reasons with timestamps when it was
initially and last observed in your network, unique allowed users, and total hits data for the web
request.

URL History {in Your Network | Globally}—Shows the number of times the URL was accessed
by endpoints in your network (or globally, depending on the widget setting) during the past 30
days.
Globally:

In Your Network:

Strata Cloud Manager Getting Started 289 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Passive DNS History —Review the passive DNS history of DNS traffic records associated with
the URL. That can allow you to examine how domains have been resolved in the past, track
changes in DNS configurations, and identify potentially malicious activities.
You can configure the fields displayed in the passive DNS history table based on the following
fields:
• ➡—Indicates the number of the passive DNS entry.
• Request—The domain name that was queried.
• Response—The domain response type.
• Count—Number of times the domain was accessed from your network.
• Type—The DNS query record type. For example, "A" (for IPv4), "AAAA" (for IPv6), "MX" (for
mail servers), "NS" (for name servers), "TXT" (for text records), and "CNAME" (for DNS
records that store information about the domain's CNAME alias history).
• First Seen—Indicates when the DNS records were first observed.
• Last Seen—Indicates when the DNS records were last observed.

Whois Information —Displays general URL information based on the resource's publicly
available registration details.

Strata Cloud Manager Getting Started 290 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

File Hash
File hash search summarizes the file details in a report based on data generated during WildFire
analysis. You can download the report as a PDF or MAEC file in cases where the sample is
determined to be malicious, phishing, grayware, or benign. Unknown samples do not generate a
report.
WildFire samples that generate a verdict provide file information and session information at a
minimum; while samples that have undergone additional analysis produce specific analysis data
that is relevant to actions taken by the sample. You can drill down on the search results to review
the following information categories:

File Information—View general file information, including the file hash, size, and type, as
categorized by WildFire. You can also the see the verdict of the sample here. Alternatively, you
can search directly on VirusTotal for additional information about suspicious files, domains,
URLs, IP addresses using the supplied hash value. If the verdict is classified incorrectly, request
for a verdict change. The Palo Alto Networks threat team investigates further on the sample
and updates the verdict if found incorrect.
You can also download the WildFire report of the selected sample hash as a PDF or MAEC file.

Evidence in Your Network—Learn about detection reasons, as provided by WildFire, for the
given file hash with timestamps when it was initially and last observed in your network, unique
allowed users, and total hits data for the web request.

Strata Cloud Manager Getting Started 291 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

SHA-256 History in Your Network—View the historical prevalence of the specified file hash in
your network, and globally, based on the allow and block actions taken by the NGFW.

Session Information—Learn about the network session for a sample. Use this data to learn
more about the context of the threat, know the affected hosts and clients, and the applications
used to deliver the malware.

Static Analysis—Static analysis looks at the contents of a specific file before the file is executed
in the WildFire analysis environment. This also shows the suspicious file properties, processes,
and behaviors detected during static analysis. The search result varies depending on the file
type.

Strata Cloud Manager Getting Started 292 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Dynamic Analysis—When WildFire encounters a sample that requires additional analysis,

such as an unknown sample, the file is forwarded to the Advanced WildFire cloud an is
inspected in detail using WildFire dynamic analysis. You can pivot between the various analysis
environments used to view the specific analysis results generated by each. This can include
samples analyzed by Advanced WildFire techniques (Intelligent Run-time Memory Analysis
analysis, hypervisor Dynamic Analysis, Dependency Emulation, etc.), a cloud-based engine that
detects and prevents highly evasive malware threats. You can view the observed behaviors and
use this information for post execution analysis. You can check the process activities involved,
and the sequence of events that took place in your system while executing the file.

Actions Monitored —Review various sample process activity details that WildFire recorded
during sample analysis.

Strata Cloud Manager Getting Started 293 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Strata Cloud Manager Getting Started 294 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Branch Sites

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

Branch Sites: Prisma Access

Select Monitor > Branch Sites > Prisma Access to view the health and connectivity of your
Remote Networks and the usage of all your Remote Networks deployed in different Prisma
Access locations. It shows you the real-time connectivity status and bandwidth consumption
details, along with other deployment details. Mobile Users, branch offices, and retail locations
connect to Remote Networks. You can also view the health of the tunnels configured in your
Remote Networks and Mobile Users.
In addition to the widgets that display with the Prisma Access license, this dashboard displays the
Site Experience Score and Prisma SD-WAN branch site details page only if you have the ADEM
Observability or the AI-Powered ADEM license.
Branch Sites: Prisma SD-WAN
Select Monitor > Branch Sites > Prisma SD-WAN to set up a branch site in Prisma SD-WAN.
Branch sites include branch offices that you have in your wide area network in Prisma SD-WAN.
You can set up a branch site before or after the ION devices arrive at a given site. The branch site
in Prisma SD-WAN provides the following views:
• The Map view of the branch site provides the connectivity status of your branch site devices to
the controller and the alarm status for the site.

Strata Cloud Manager Getting Started 295 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• The List view shows you how many sites were active during the Time Range selected and the
overall health metrics of the branch sites.
• The Activity view presents key application analytics, the latest site health score and site health
distribution over time.
• Prisma Access
• Prisma SD-WAN

Branch Sites (Prisma Access)

Baselines in Widgets
If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly

Strata Cloud Manager Getting Started 296 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Sites by Status
View your Remote Networks Sites by Status. You can see how many sites are Up, Down, Inactive,
or Not Available, and how many sites have a Warning during the selected Time Range.

Bandwidth Consumption
Bandwidth Consumption shows the highest peak bandwidth consumed at a compute region
across all of the tenant's compute regions in the aggregate bandwidth allocation model. The
highest peak bandwidth consumed by a site across all sites is shown for the per-site bandwidth
allocation model. The peak values are computed for the selected time filter duration.
Select View Consumption by Compute Region to view consumption values and trend charts for
all compute regions and their configured IPSec termination nodes.
View Consumption by Compute Regions
Navigate to Monitor > Branch Sites > Prisma AccessInsights > Branch Sites > Prisma Access.
When using the Aggregate Bandwidth Allocation model, select View Consumption by Compute
Regions in the Bandwidth Consumption widget to see bandwidth consumption and trends for
your regions. The Compute Regions page shows bandwidth consumption data during the Time
Range you select. You can view a table with your Compute Regions' Average Bandwidth, Median
Bandwidth, and Peak Bandwidth.
The Bandwidth Consumption Trend by Compute Region graph shows data about your Compute
Region. Filter the data to refine the information you want to view.

Strata Cloud Manager Getting Started 297 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Select Cumulative (Ingress + Egress), Ingress, Egress, or Ingress vs. Egress from the drop-
down.

• View the Peak, Median, or Average bandwidth consumption trend during the selected time
range. The default setting is Peak bandwidth consumption.

• Log Scale or Linear Scale.

• Compute Region—Select one or more region to view.
The IPSec Termination Node Utilization graph allows you to view bandwidth consumption for the
IPSec Termination Nodes configured at a specific Compute Region. Filter the data to refine the
information you want to view:
• Select the Compute Region for which you want to view data.
• Select the specific Site of the Compute Region you want to see.
• Choose Node Aggregate or Breakdown by Sites to view the bandwidth consumption trend for
the sites that terminate at the selected IPSec Termination Node.
• View Peak, Average, or Median.

Strata Cloud Manager Getting Started 298 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• View Log Scale or Linear Scale.

Bandwidth Consumption Trend

On the main Branch Sites page, you can view your Bandwidth Consumption Trend Sites per
Compute Region for all Compute Regions when using the Aggregate Bandwidth Allocation
model or Bandwidth Consumption Trend per Branch Sites when using the Per-Site Bandwidth
Allocation Model. For the Aggregate Bandwidth Allocation model, you can select a Compute
Region and then select the sites in that Compute Region whose bandwidth consumption trend is
of interest. Filter the data to refine the information you want to view, and you can hover over the
chart to view the sites' bandwidth consumption at that time:
• The default view shows Cumulative (Ingress + Egress) bandwidth consumption. Other options
are Ingress, Egress, or Ingress vs. Egress.

Strata Cloud Manager Getting Started 299 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• View the Peak, Median, or Average bandwidth consumption trend during the selected time
range. The default setting is Peak bandwidth consumption.
• Log Scale or Linear Scale.
• Compute Region—View Compute Regions with a breakdown of sites terminating in the region
when the tenant uses the Aggregate Bandwidth Allocation model. For each Compute Region,
select the sites terminating in the Compute Region to view their bandwidth consumption trend.
• Branch Sites—Select a minimum of 1 site and a maximum of 10 sites to view their trend lines
on the graph during the selected time range.

Prisma Access Sites

The Prisma Access Sites table lists your remote Prisma Access sites and information.
• Site Name—The Prisma Access site's unique name.
• Site Status—Up, Down, Warning, or Unknown.
• Site Type—Third Party.

Strata Cloud Manager Getting Started 300 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Site Location—Prisma Access site location.

• Site BGP Status—Whether the site BGP status is Up, Down, or Unknown.
• Tunnel Status—The number of the site's tunnels and how many of those tunnels are up.
• Tunnel BGP Status—The BGP status for each tunnel.
• Prisma Access Location—This Prisma Access site's location. Select a location to view its Prisma
Access Locations details.
• Service Status—This field indicates the status of the instance or firewall to which the site is
connected. The status can be Up, Down, or Unknown.
• Compute Location—All Prisma Access locations are mapped to a security processing compute
location or region based on optimized performance and latency. At least two (often more)
Prisma Access locations that are geographically near each other are grouped into a single
compute location.
• Aggregated Bandwidth Allocated—The allocated aggregated bandwidth for the site during the
time range selected. This column appears only if you used the aggregate bandwidth model.
• Peak Burst Bandwidth Consumed—The cumulative peak value obtained by combining the
ingress and egress values for this site during the selected time range selected.
• Avg Bandwidth Consumed—The cumulative average value obtained by combining the ingress
and egress values for this site during the selected time range.
• Disconnections—How many disconnections occurred at this site during the selected time
range.
• Disconnections Duration—The total amount of time, in seconds, the site was disconnected
during the selected time range.

High-Performance Branch Site Visibility

High-performance branches (RN-HP) have different attributes than the legacy branches, and both
will coexist in your tenant. High-performance branch sites in Prisma Access have the following
benefits:
• The architecture addresses capacity efficiencies by separating network processing functions
from security processing functions. An ION device with large packet-processing ability
terminates multiple branch connections with up to 5-Gbps capacity and distributes the security
processing to SPNs.
• You can use a single IP or FQDN to terminate multiple branches in the region to a single
network processing node (NPN).
• You no longer have to monitor and manage the termination of branch sites to IPSec
termination nodes. Suitable SPNs carry out branch traffic inspection, and the NPN performs
load balancing.

Strata Cloud Manager Getting Started 301 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• You can attain true high availability by being able to specify different regions for redundancy.
You can view both high-performance and legacy branches in your environment. In Strata Cloud
Manager, go to Monitor > Branch Sites > Prisma AccessInsights > Branch Sites > Prisma Access,
and from the Prisma Access Sites table, select a branch site.
Prisma Access Site Details
Select any Prisma Access Site Name to view its Site Status, where you can see its Connectivity
and BGP Status (Up, Down, Inactive, or Not Available). View the bandwidth Peak Consumption
for the selected time interval.

You can view Cumulative (Ingress + Egress) information in the Bandwidth Consumption Trend
chart.
• Use the drop-down to view the bandwidth consumption chart by Ingress, Egress, Ingress Vs.
Egress, or Cumulative (Ingress + Egress).

• View the Bandwidth Consumption Trend chart metrics by Peak (default), Average, or Median
for the branch site.

Strata Cloud Manager Getting Started 302 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Route Table Visibility

To help you address reachability challenges, we offer visibility into the route table at each remote
network site. You can perform a route table search for a destination IP address to determine
whether there is a route available to reach the desired destination. With this information, you can
investigate other potential causes of failure. This knowledge allows you to focus your efforts on
resolving any issues that might be affecting reachability.
Select View Routing Table to see this branch's Routing Table, which has IP routes for destinations
available at the branch from Prisma Access.
• Use the search bar to select the destination or look up the route.
• Use the drop-down to filter by Flag.
The routing table shows:
• #—Route number.
• Destination—IP address and subnet of the reachable network.
• Next Hop—IP address of gateway at the next hop toward the destination network. A next hop
of 0.0.0.0 indicates the default route.
• Metric—Metric for the route determined by the routing protocol.
• Flag—Information for this route, as follows:

Strata Cloud Manager Getting Started 303 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• • A B—Active and learned from BGP.

• A C—Active and connected. Destination—network.
• A H—Active and connected. Destination—host only.
• A R—Active and learned from RIP.
• O1—OSPF external type-1.
• O2—OSPF external type-2.
• Oi—OSPF intra-area.
• Oo—OSPF interarea.
• S—Inactive and static.
• A S—Active and static.

View this branch's Bandwidth Consumption Trend for the last 30 days.

Baseline computation requires you to have the ADEM-AIOps license.

Tunnels
See how many tunnels there are for this site, and view each tunnel's details. To download tunnels
data, select the Download icon.
• Tunnel Name—The tunnel's unique name.

Strata Cloud Manager Getting Started 304 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Prisma Access Location—The Prisma Access location for this remote network.
• Tunnel Status—Up, Down, Init, or Unavailable.
• Tunnel BGP Status—Up, Down, or Unknown.
• Tunnel Monitoring—If you have enabled Tunnel Monitoring, this column shows whether it's
Up or Down. If you haven't enabled it, this column shows Not Configured.
• Average Throughput—The average bandwidth for the tunnel for the selected time range.
• Peak Throughput—The peak bandwidth for the tunnel for the selected time range.
• Source IP Address—The source IP address.
• Destination Endpoint Address—IP or FQDN address for Prisma Access to determine whether
the tunnel is up.
• Disconnections—Number of disconnections during the selected time range.
• Disconnections Duration—How long, in seconds, the tunnel is disconnected during the
selected time range.
Select a Tunnel Name to see its Tunnel Status, Bandwidth Consumption Trend, and other tunnel
details.
Tunnels in High-Performance Branch Sites
The Tunnels table for RN-HP branches shows two different Prisma Access Locations for Active
and Backup tunnels. You can have as many as eight tunnels in your environment—four Active
and four Backup. The Tunnels table includes a column for Destination Endpoint Address. RN-HP
branches always show an FQDN specification.

Tunnel Trends
With Tunnel Monitoring enabled, you can select a number of tunnels and view their median
Round-Trip Time. If you don’t specify a set of tunnels, by default the median RTT is computed for
the 10 tunnels with the highest observed RTT.
Aggregated Tunnel Connectivity shows you the total number of connected tunnels for the
selected time range. Hover over either graph to see the number of connections at a specific time.
Commits Pushed shows how many commits were pushed during the selected Time Range and
when the Last Push Commit occurred.

Strata Cloud Manager Getting Started 305 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Site Status
Site Status shows site availability during the time range selected. Green means the site was up
during this time, red means the site was down, and gray means no data was available during the
time shown.

Branch Sites (Prisma SD-WAN)

You can set up a branch site before or after the ION devices arrive at a given site. The branch site
in Prisma SD-WAN provides the following views:
• The Map view of the branch site provides the connectivity status of your branch site devices
to the controller and the alarm status for the site. When a branch site is selected the following
information is displayed:
• Site Summary: is used for Analytics and Troubleshooting.
• Configurations: is used for Site and Device Configuration.
• Overlay Connections: is used to view the status of all VPN Overlay Connections.
• The List view shows you how many sites were active during the Time Range selected and
the overall health metrics of the branch sites. A poor site's average score is the average of all
the poor samples of sites identified as poor. The time-series graph is computed and refreshed
based on the selected duration. For example, supported durations are one hour, three hours,

Strata Cloud Manager Getting Started 306 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

24 hours, seven days, 30 days, and 90 days and the interval is one minute, five minutes, one
hour, and one day, respectively.
• Site Connectivity Health Distribution: The distribution of Good, Fair, and Poor sites graph
for a given tenant based on the latest site connectivity health distribution.
• Site Connectivity Health Distribution Over Time: The time series graph of the health score
running devices software 5.6.1 or higher.
• Site Application Experience Score: The site application experience score.
• Prisma SD-WAN Branch Sites: View the site health, site connectivity health, circuit health,
secure fabric health, and the approaching capacity threshold of a branch site. You can
further drill down and filter a branch site by site prediction, alarm status, and ADEM status.
• The Activity view presents key application analytics, the latest site health score and site health
distribution over time. These include:
• Site Health Distribution: displays the distribution of Good, Fair, and Poor sites graph for a
given tenant based on the latest site health score.
• Site Health Distribution Over Time: displays the time series graph of site health distribution
over time for a given tenant based on the health score for a branch site.
• Bandwidth Utilization: displays bandwidth utilization of each application on a site and WAN
path, with data on the top ten apps that consume the most bandwidth in the network.
• Transaction Stats: displays transaction statistics on TCP flows, including initiation/
transaction successes and failures for a specific application or all applications, a particular
path or all paths, and all health events.
• New Flows: displays new TCP and UDP flows for an application, a specific set of
applications, or all applications for a given period.
• Concurrent Flows: helps you understand how many connections are active on your network
by application.

Strata Cloud Manager Getting Started 307 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Data Centers

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

Monitor how the service connections, ZTNA connectors, and site connectivity are performing in
and Prisma SD-WAN data centers. Select the Monitor > Prisma Access > Data Centers > Service
Connections or ZTNA Connectors tab to view the health and status of the service connections
and ZTNA connectors in Prisma Access.
For each Prisma SD-WAN data center, select Monitor > Data Centers > Prisma SD-WAN to view
the site connectivity information and the status of the VPN overlay connections.
• Service Connections
• ZTNA Connectors
• Prisma SD-WAN

Service Connections
See aggregated service connections data as well as information about individual service
connections. Beyond providing access to corporate resources, service connections allow your
mobile users to reach branch locations. You can view your service connections in Strata Cloud
Manager to see service connection status, bandwidth consumption trends, tunnel data and trends,
and information about overall service connection health. Select Monitor > Data Centers > Service
Connections to get started.

Strata Cloud Manager Getting Started 308 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Service Connections by Status

You can view the health status of all your service connections. The color-coded chart shows you
a distribution of how many service connections are up, down, or need attention. You can view a
synopsis of the bandwidth your service connections consumed in the last 30 days.

Bandwidth Consumption shows the highest peak bandwidth consumed by a site across all sites
for the per-site bandwidth allocation model. The peak values are computed for the selected time
filter duration.

Bandwidth Consumption Trend

View Bandwidth Consumption Trend per Service Connection. The trend shows the bandwidth
consumption by each of your service connections, as well as their average and peak utilizations.
• The default view shows Cumulative (Ingress + Egress) bandwidth consumption. Other options
are Ingress, Egress, or Ingress vs. Egress.
• View the Peak, Median, or Average bandwidth consumption trend during the selected time
range. The default setting is Peak bandwidth consumption.
• Log Scale or Linear Scale.
• Select 1 to 10 Service Connections to view their trend lines on the graph during the selected
time range. Hover over the graph to information about each of the service connections you
selected.

Baselines in Widgets

Strata Cloud Manager Getting Started 309 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly
onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Service Connections Table

The Service Connections table shows you data about your service connections, such as the
status, the remote IP address, BGP status, current tunnel status, and other data. Select a Service
Connection Name for details about that service connection.
• Service Connection Name—The service connection's unique name.
• Site Status—Up, Down, Warning, or Unknown.
• Transport Type—IPSec.
• Remote IP—The remote IP address.
• BGP Status—Whether the site BGP status is Up, Down, or Unknown.
• Tunnels Status—The number of the site's tunnels and how many of those tunnels are up.
• Tunnel BGP Status—The BGP status for each tunnel.
• Service Connection Endpoint IP—The service connection's endpoint IP address.

Strata Cloud Manager Getting Started 310 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Service Status—This field indicates the status of the instance or firewall to which the site is
connected. The status can be Up, Down, or Unknown.
• Prisma Access Location—The service connection's Prisma Access location.
• Average Bandwidth Consumption—Average bandwidth consumption in Kbps.
• Peak Bandwidth Consumption—Peak bandwidth consumption in Kbps.

Service Connection Details

Select any Service Connection Name to view its details. View its Service Connection Status,
Bandwidth Consumed during the last 30 days. The Bandwidth Consumption Trend chart shows
bandwidth consumption by each of your service connections during the selected time range.
Site Status
Select any Service Connection Name to view its Site Status, where you can see its Connectivity
and BGP Status (Up, Down, Inactive, or Not Available). View the bandwidth Peak Consumption
for the selected time interval.

Route Table Visibility

To help you address reachability challenges, we offer visibility into the route table at each service
connection. You can perform a route table search for a destination IP address to determine
whether there is a route available to reach the desired destination. With this information, you can
receive guidance from your Prisma Access infrastructure to investigate other potential causes
of failure. This knowledge allows you to focus your efforts on resolving any issues affecting
reachability.
Select View Routing Table to see this branch's Routing Table, which has IP routes for destinations
available at the branch from Prisma Access.
• Use the search bar to select the destination or look up the route.

Strata Cloud Manager Getting Started 311 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Use the drop-down to filter by Flag.

The routing table shows:
• #—Route number
• Destination—IP address and subnet of the reachable network.
• Next Hop—IP address of gateway at the next hop toward the destination network. A next hop
of 0.0.0.0 indicates the default route.
• Metric—Metric for the route determined by the routing protocol.
• Flag—Information for this route, as follows:
• • A B—Active and learned from BGP.
• A C—Active and connected. Destination—network.
• A H—Active and connected. Destination—host only.
• A R—Active and learned from RIP.
• O1—OSPF external type-1.
• O2—OSPF external type-2.
• Oi—OSPF intra-area.
• Oo—OSPF interarea.
• S—Inactive and static.
• A S—Active and static.

Strata Cloud Manager Getting Started 312 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Bandwidth Consumption Trend

The Bandwidth Consumption Trend shows Cumulative (Ingress + Egress) information by default.
• Use the drop-down to view the bandwidth consumption chart by Ingress, Egress, Ingress Vs.
Egress, or Cumulative (Ingress + Egress).

• View the Bandwidth Consumption Trend chart metrics by Peak (default), Average, or Median
for the branch site.

Strata Cloud Manager Getting Started 313 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Tunnels
See how many Tunnels there are for this service connection, and view each tunnel's details. To
download Tunnels data, select the Download icon.

Tunnel Trends
You can select a number of tunnels and view their median Round-Trip Time. If you don’t specify a
set of tunnels, the median RTT is computed for the 10 tunnels with the highest observed RTT.
Aggregated Tunnel Connectivity shows you the total number of connected tunnels for the
selected time range. Hover over either graph to see the number of connections at a specific time.
Commits Pushed shows how many commits have been pushed during the selected Time Range
and when the Last Push Commit occurred.

Strata Cloud Manager Getting Started 314 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Health
Health shows you the Site Status, and it shows the name and status of each tunnel in the site.

Connectivity
Connectivity shows the Prisma Access location the site is connected to, its source and destination
IPs, and the Prisma Access node status.

Strata Cloud Manager Getting Started 315 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Consumption
Consumption shows bandwidth consumption details.

ZTNA Connectors
The Zero Trust Network Access (ZTNA) Connector simplifies private application access for all
your applications. The ZTNA Connector VM in your environment automatically forms tunnels
between your private applications and Prisma Access. View a summary of all configured ZTNA
connectors, including the Application Targets associated with the connector, its average and
median bandwidth, and the Status (Up, Partially Up, or Down). Select Monitor > Data Centers
> ZTNA Connectors in Strata Cloud Manager to see how your ZTNA connectors and connector
groups are performing.

ZTNA Connector Groups Status

The Connectors in each group determine a Connector Group's Status.

Strata Cloud Manager Getting Started 316 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• If all Connectors in a Connector Group are up, the Status is Up (green).

• If all the Connectors are down, the status is Down (red).
• If some Connectors are up and some are down, the Status is Partially Up (orange).
• Disabled Connectors appear as gray.

ZTNA Connectors Status

View a summary of all configured Connectors, including the Application Targets associated with
the Connector and the Status.
Select any Connector Name to see details about the associated Connector groups and Application
Targets associated with each Connector.

ZTNA Access Objects

Get visibility into your private apps that were added through ZTNA Connector access objects
by viewing data such as the number of apps added by FQDNs, IP subnets, and wildcards, each
access object's connectivity status, and the Connector Groups and Connectors associated with

Strata Cloud Manager Getting Started 317 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

each access object. By viewing this information, you can get an overall picture of the health and
connectivity of your deployment.
The private apps in the data centers connect to Prisma Access through your Connector virtual
machines (VMs). You can add apps based on these access objects—FQDNs, FQDN wildcards, or IP
subnets.
• FQDNs—Prisma Access resolves the FQDNs of the applications you onboard to ZTNA
Connector to the IP addresses in the Application IP address block.
• Wildcards—For wildcard-based apps, create an FQDN-based connector group, then specify the
wildcard to use (for example, *.example.com) for the app target. When users access sites that
match the wildcard, those apps are automatically onboarded for access from ZTNA Connector
for your mobile users and remote network users.
• IP Subnets—Create an IP subnet-based Connector group, and then enter the IP subnet to use
for the app target.

All Access Objects

View Total ZTNA Access Objects to view information about all of your ZTNA Connector access
objects—FQDNs, wildcards, and IP subnets—in real time. The number in Total ZTNA Access
Objects and ZTNA Access Objects table should match, representing the number of FQDN apps,
subnet apps, and discovered wildcard apps.

• View a graph of the Total ZTNA Access Objects in your environment by Status, which means
the automated secure tunnels for the access object are Up, Partially Up, Down, or Disabled.

Strata Cloud Manager Getting Started 318 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

If the status is down, the connector associated with this access object can't reach your
application.
• Up—All tunnels are up.
• Partially Up—Some tunnels are up and others are down or disabled.
• Down—All tunnels are down.
• Disabled—All tunnels are disabled.
Select a status color square in the Total ZTNA Access Objects widget to sort access objects by
Status in the ZTNA Access Objects table.

• Total Wildcards and Total IP Subnets summarizes how many IP Subnets and Wildcard rules
you've onboarded. This is the number of wildcard rules that you created, which is a different
total than the number of apps discovered as a result of creating these rules.

Strata Cloud Manager Getting Started 319 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• ZTNA Access Objects provides information about all of your access objects.
• Access Object—Select a specific access object to view its details.
• Status—The automated secure tunnel for the access object is Up, Partially Up, Down, or
Disabled.
• FQDN/IP Subnet—The FQDN or IP subnet used to add this access object.
• Fabric IP (If Applicable)—The fabric IP associated with this access object.
• Connector Groups—Connector Groups are logical groupings of connectors and applications.
View the Connector Groups associated with an access object.
• Connectors—Connectors represent the VMs running in your data centers that connect to
Prisma Access. View the Connectors associated with an access object.

Select any Access Object to view its details.

• Connector Groups—See how many Connector Groups are associated with this access object.
Select a Connector Group to view information about its Service Connections.
• Connector Group Status (Current)—Up, Partially Up, Down, or Disabled.
• Connectors—Number of Connectors in this Connector Group.
• Application Targets—Number of Application Targets in this Connector Group.
• Bandwidth—Select the Bandwidth button to view bandwidth information for this access
object.

Strata Cloud Manager Getting Started 320 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Select any of an access object's Connectors to view its details.

• PA (Prisma Access) Location—The Prisma Access Location associated with each Connector.
• Config status—The Connector's configuration status is OK or Error. If the status is Error, the
ZTNA Connector hasn't finished onboarding.
• Fabric CIDR—The Fabric CIDR associated with this Connector.
• Tunnel Status (Current)—The automated secure tunnel status for this Connector.
• Controller Connectivity—Up, Partially Up, Down, or Disabled.

Wildcards
Select Wildcards to see your wildcard access objects. View Total Wildcards by status and the
number of Total Wildcards and Total IP Subnets.

Strata Cloud Manager Getting Started 321 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Select the arrow next to a wildcard or select View Details for information about the access
objects that make up this wildcard.
• Access Object—Select a specific access object to view its details.
• Status—The automated secure tunnel for the access object is Up, Partially Up, Down, or
Disabled.
• FQDN/IP Subnet—The FQDN or IP subnet used to add this access object.
• Fabric IP (If Applicable)—The fabric IP associated with this access object.
• Connector Groups—Connector Groups are logical groupings of connectors and applications.
View the Connector Groups associated with an access object.
• Connectors—Connectors represent the VMs running in your data centers that connect to
Prisma Access. View the Connectors associated with an access object.

Select any Access Object to view its details.

Strata Cloud Manager Getting Started 322 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Connectors—Number of Connectors in this Connector Group.

• Application Targets—Number of Application Targets in this Connector Group.
• Bandwidth—Select the Bandwidth button to view bandwidth information for this access
object.
Select Connector Groups or Connectors to see the unique connector groups or connectors
associated with the access objects in the wildcard.

IP Subnets
Select IP Subnets to see your total of IP subnet access objects. One IP subnet access object
consists of a grouping of several different apps.
View Total IP Subnets in your environment by Status (Up, Partially Up, Down, or Disabled).
IP Subnet ZTNA Access Objects provides information about all of your access objects.
• • Access Object—Select a specific access object to view its details.
• Status—Up, Partially Up, Down, or Disabled.
• IP Subnet—The IP subnet used to add this access object.
• Connector Groups—Connector Groups are logical groupings of connectors and applications.
View the connector groups associated with an access object.
• Connectors—Connectors represent the VMs running in your data centers that connect to
Prisma Access. View the connectors associated with an access object.

Select any Access Object to view its details.

Strata Cloud Manager Getting Started 323 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Data Centers (Prisma SD-WAN)

Prisma SD-WAN sites include data centers that you wish to have in your wide area network. You
can host enterprise applications and services in a data center. As part of creating a data center,
you can select a default domain and policy set, set up WAN networks, circuit categories, circuit
labels, and circuit specifications. The Prisma SD-WAN Data Center screen displays the list of data
centers with the data center name, the ION device, and any open alarms for the site.
For a data center, you see:
• The Configuration tab that shows you the site connectivity information, deployment modes,
WAN multicast peer group profiles, Internet and private WAN circuits, and IP Prefixes. You can
also configure a User Agent and view details of the cluster configuration for the data center.
• The Overlay Connections tab shows you the status of all VPN overlay connections. Each site's
connectivity is computed based on the status of its VPN overlay connections.

Strata Cloud Manager Getting Started 324 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Network Services

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

From the Monitor > Network Services page, you can view the performance of common network
services that affect your user experience for accessing applications. Select the GlobalProtect
Authentication tab to view the authentication success or failure counts for GlobalProtect for
different locations. Select Network Services: DNS to see DNS Proxy requests and responses
received across tenants with respect to Prisma Access DNS Proxy.
• GlobalProtect Authentication
• DNS

GlobalProtect Authentication
You can see the performance of common network services that affect your user experience
for accessing applications. Network services include reporting the number of GlobalProtect
authentication successes and failures as a measure of mobile users being able to connect to
Prisma Access and displays of DNS proxy requests and responses forwarded to servers during a
time range you specify. Select Monitor > Network Services > GlobalProtect Authentication to get
started.
• Set the Time Range filter to review network services data for that time range.
• Specify a Prisma Access Location to view its authentication success, total failures, and timeout
failures in the time range selected.

Strata Cloud Manager Getting Started 325 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

The data represents how many mobile users at a given time are trying to authenticate to a
GlobalProtect portal, which then sends the mobile users’ credentials for verification to an on-
premises active directory (AD) server, resulting in an authentication success or failure. If you see
a large number of authentication failures, you can correlate the failures with a network event
that indicates a problem with a certain location or an on-premises authentication server that
was down. The data in these charts provide troubleshooting insights for network administrators
who resolve network issues. You can view the count of authentication success or failure
trends for mobile users at GlobalProtect portals and gateways, use this data to learn about the
patterns of authentication successes or failures over time, and establish count ranges that can be
normal or anomalous in your Prisma Access deployment. For example, anomalous counts could
indicate existing users’ inability to connect to Prisma Access because to availability issues with
GlobalProtect portals or slow authentication servers. Or, anomalous counts might represent large
numbers of users onboarded to the customer’s network all at once.

GlobalProtect Authentication Success

View specifics about authentication success counts for GlobalProtect for different locations.
Hover your cursor over any point in the graph to see details about the user counts for successful
authentications at different Prisma Access location sites shown at a particular time.

GlobalProtect Authentication Total Failures

View specifics about authentication failure counts for GlobalProtect for different locations.
Hover your cursor over any point in the graph to see details about the user counts for failed
authentications at different Prisma Access location sites shown, such as US East and Canada East,
at a particular time.

Strata Cloud Manager Getting Started 326 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

GlobalProtect Authentication Timeout Failures

View specifics about authentication failure count for GlobalProtect for different locations.
Hover your cursor over any point in the graph to see details about the user counts for failed
authentications at different Prisma Access location sites shown, such as US East and Canada East,
at a particular time.

DNS
Select Monitor > Network Services > DNS to get started.
Network Services: DNS displays DNS Proxy requests and responses. You can use the following
filters:
• Time Range
• DNS Proxy Names
DNS Proxy filter values are related to the last 30 days and are automatically selected when you
load (that is, if there is no Explicit Proxy data, then there is no Explicit Proxy filter). For more
detailed information, see View and Monitor Network Services.

Requests Sent
View network requests and queries forwarded to servers over the time range you specify. Hover
your cursor over any point in the graph to see information about the requests sent to the DNS
proxy servers at that time. If you selected a proxy name on which to filter, you see the data for
that proxy.

Strata Cloud Manager Getting Started 327 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Responses Received
View the total responses received across tenants during the time range you specify. Hover your
cursor over any point in the graph to see information about the responses received at that time. If
you selected a proxy name on which to filter, you see the data for that proxy.
Baselines in Widgets
If you purchased the AI-Powered ADEM license, you see a baseline data band across the trend
widgets on the following Monitor pages: Users, Branch Sites, Data Centers, and Network Services.
The widgets show the baseline in the background across the trend lines. This allows you to view
at a glance whether your data has crossed the upper or lower boundaries of the baseline.
Baseline data is calculated in 1-hour bin sizes and takes into consideration the last 28 days of data
from those hour-long bins for a particular tunnel, site, Prisma Access location, or GlobalProtect
user count. For example, the baseline from 1:00 pm to 2:00 pm on Tuesday is calculated from
the 1:00 pm to 2:00 pm time frame on the previous four Tuesdays. The lower bound is the 10th
percentile of that historical data collected, and the upper bound is its 90th percentile. This allows
you to see trends for bandwidth, user counts, authentication counts, and DNS Proxy request and
response. Because the baseline data is taken from the last 28 days of historical data, the newly
onboarded tenants will need to be up and data rich for 28 days for the baseline to be calculated
correctly. If your data is less than 28 days, you may see some discrepancies.
When the values in the trend line in the widget deviate from the baseline's upper or lower limits,
the trend line for that period appears in red in the web interface.
The following example shows the GlobalProtect baseline from the Connected User widget on the
Users page.

Strata Cloud Manager Getting Started 328 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Subscription Usage

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

Select Monitor > Subscription Usage to view details about your Prisma Access Base Subscription
usage, including the total number of unique users connected, bandwidth consumed by remote
network users, the total number of service connections deployed, and details about any add-on
subscriptions.

• Total Data Transfer— Monitor your usage against your licensed data transfer limit, providing
you with a visual representation of your tenant-level data usage for Mobile Users, Remote
Networks, and combination licenses over a 12-month period starting from your license
activation date.

• Mobile Users—View how many unique Mobile Users licenses you have consumed so far. The
widget displays the total number of licenses consumed by unique Mobile Users connected in
the last 30 days. License usage is based on the previous 30 days of login data. A user who has
logged in at least once in the previous 30 days through one of these three connection methods
—Global Protect Agent, Prisma Access Agent, or Agentless (or Explicit Proxy)—contributes
toward consumption of one Mobile User license. If a user connects through multiple connect

Strata Cloud Manager Getting Started 329 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

methods—say, Global Protect Agent and Explicit Proxy—in the previous 30 days, the user is
reflected in both GlobalProtect Connected Users and Explicit Proxy Active Users counts but is
counted only once for Total Unique Users count.
Select View Usage Detail to see details about license use during the past 30 days. You
can view the total number of unique users during the past 30 days, the total GlobalProtect
connected users, and the total Explicit Proxy active users. Hover over the graph to see the
licenses consumed at that time.

• Branch Sites—See the total bandwidth usage by all Remote Networks connected to Prisma
Access. View how much bandwidth you have allocated and how much you have consumed,
in Mbps. You see usage by total bandwidth consumed by all Remote Networks connected to
Prisma Access.
Select View Usage Detail to see your licensed bandwidth consumption by Compute Regions or
branch sites based on your Bandwidth Allocation Model. In each case, a daily peak bandwidth
consumption value is indicated for each of the 30 days considered for the license computation.
You can filter the graph view by selecting Compute Regions or branch sites. There are three
lines plotted per Compute Region or per site in the chart indicating daily peak consumption
values, the allocated bandwidth to the Compute Region or site, and the 95th percentile value
obtained from the daily peaks.
• Service Connections—See how many Service Connections licenses you have consumed so far.

See the Add-On Subscriptions section on this page to see the additional licenses that you
have purchased. You can see the total number of licenses purchased as well as the number of
unconsumed licenses so far. The following images describe some of the additional licenses you
can purchase.

Strata Cloud Manager Getting Started 330 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Colo-Connects—Prisma Access Colo-Connect leverages the cloud-native GCP technology to

provide high-bandwidth service connections to your private applications.

• Prisma Access Browser—Prisma Access Secure Enterprise Browser (Prisma Access Browser)
is the only solution that secures both managed and unmanaged devices through a natively
integrated enterprise browser that extends protection to unmanaged devices. Prisma Access
Browser protects business apps and data by placing security in the browser. Your Prisma
Access Browser subscription appears in the Add-on Subscriptions or Prisma Access Base
Subscriptions.
• Prisma Access Base Subscriptions—The tenant has a Prisma Access Browser standalone
license.
• Add-on Subscriptions—When you have purchased the Prisma Access Browser license for all
mobile users, the Prisma Access Browser subscription is Activated.

See the Add-on Subscriptions section on this page to see the additional licenses that you have
purchased, such as the Autonomous Digital Experience Management licenses for Mobile Users
and Remote Networks. You can see the total number of licenses purchased as well as the
number of unconsumed licenses so far. View Application Tests for Mobile User Monitoring - the
number of application tests left that you can create for your Mobile Users. Application tests are
determined by the number of Monitored Mobile Users with up to 10 app tests allowed per Mobile
User.
For more information, see View and Monitor Subscription Usage.

Strata Cloud Manager Getting Started 331 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: ION Devices

Where Can I Use This? What Do I Need?

• license
→ The features and capabilities available to
you in depend on which license(s) you are
using.

ION Devices in Prisma SD-WAN enable you to combine disparate WAN networks, such as; MPLS,
LTE, and internet links, into a single, high-performance, hybrid wide area network (WAN).
The Device List screen provides information on the list of Prisma SD-WAN devices including the
software version and status of the ION device, where you can upgrade the device’s software
version or configure a device.

Entity Description

Device Name Displays the name configured for the ION

device.

Device Info Displays the type and serial number of the

ION device.

Software Displays the current software version of the

device. Click Upgrade to change the device
software version.

Last Activity Displays information on when the ION device

was last configured and upgraded.

State Displays the current state of the ION device.

Redundancy Displays if the ION device is part of a High

Availability (HA) configuration.

Actions You can choose to configure the ION device

from the ellipsis menu.

The Device Activity screen displays various device activity reports for a site in the last 24 hours.

Strata Cloud Manager Getting Started 332 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Access Analyzer

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

Select Monitor > Access Analyzer to start a new Access Analyzer query and view a table of
existing queries.

The Access Analyzer provides automatic monitoring of your SASE environment. It offers a
conversational AI tool for contextual troubleshooting and what-if analysis to analyze access and
connectivity issues in your SASE environment.
You can:
• Learn how to create a natural language query in Access Analyzer.
• Start a new Access Analyzer query.
• View a list of existing queries, and select any query from the table to view further details.

Strata Cloud Manager Getting Started 333 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: NGFW Devices

Where Can I Use This? What Do I Need?

• NGFWs or
(with or configuration management) Software NGFW Credits
(for VM-Series software NGFWs)

In Monitor > NGFW Devices, you can get a color-coded, interactive representation of the devices
in your deployment for easy and intuitive management and investigation.
STEP 1 | Select Monitor > NGFW Devices.

STEP 2 | Select Health or Security.

Strata Cloud Manager Getting Started 334 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

STEP 3 | Select which attribute you would like the visualization to be Grouped by.

The Device Group and Template Stack grouping options are only available in
Panorama-managed deployments where Panorama is sending device telemetry.

STEP 4 | Select a group to view the devices in it, and select a device to view general information
about it.
If you want to learn more about a device, select it.

View Device Details

By selecting a device from the NGFW Devices visualization or by following a link from elsewhere
in the app, you can view specific details about a firewall or Panorama appliance, such as health
grade, metrics, connections, and more.

Device Health Grade

The current health grade of the device and a chart showing its history over the past 30<x> days.
Possible health grades are Good, Fair, Poor, and Critical.

Strata Cloud Manager Getting Started 335 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Health Grade After Remediation

The health grade of the device after you have addressed open alerts. This tile also shows you the
health of your overall deployment after closing alerts.
Total Alerts
The total number of open alerts on the device.
Top 5 Alerts
Five of the most common alerts on this device over the past 30 days.

Overview > Device Connections

The other devices connected to the one you
are currently viewing. Select a device to view
its details.

Overview > Service Connections

An overview of all Security and Logging
services integrated with the device. Select a
service to view its details.

Strata Cloud Manager Getting Started 336 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Alert Timeline
A timeline of device alerts and commit events.
Alerts are categorized as Critical, Warning, or
Commit Events. Toggle to view the alert data
in table format.

Top Alert Types for this Device

The most common alerts over the past 30
days. Select an alert to view its alert details.

Top 10 Application Usage

The ten applications using the most data on
the firewall.

Strata Cloud Manager Getting Started 337 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Metrics for this Device

A list of all health metrics collected for the
security checks run against the device,
including HA link data.
Select a metric to view its details.

Strata Cloud Manager Getting Started 338 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Capacity Analyzer

Where Can I Use This? What Do I Need?

• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Capacity Analyzer allows you to analyze and monitor your devices' resource capacity by keeping
track of their metrics usage based on their model types. Capacity Analyzer provides the following
benefits:
• A comprehensive understanding of the existing metric utilization and the unutilized metric
capacity up to the maximum limit.
• A heatmap visualization that showcases metrics usage with respect to the hardware platforms
in a single view and helps drill-down into details.
• The ability to plan for upgrading to higher capacity firewalls based on your specific needs.

The Capacity Analyzer feature is not supported for the VM-Series firewalls.

Here’s a video that shows how to use the Capacity Analyzer feature:
Capacity Analyzer is enhanced to support alerts that help you to anticipate resource consumption
nearing its maximum capacity and trigger timely notifications. The Capacity Analyzer alerts are
generated three months in advance identifying potential capacity bottlenecks. This helps you
to plan configuration cleanup or upsize NGFW capacities before they hit maximum usage and
maintain system stability. See Premium Health Alerts for the list of supported Capacity alerts.
Capacity Analyzer supports the following metrics:

Strata Cloud Manager Getting Started 339 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Configuration resource metrics:

• ARP table size
• GlobalProtect™ Clientless VPN
• IKE Peers
• VPN Tunnels
• Address Objects
• Address Groups
• FQDN Address
• Service Objects
• Service Groups
• NAT Policies
• Security Policies
• Virtual Systems (Count)
• System resource metrics:
• Dataplane (DP) CPU
• Management Plane (MP) CPU
• MP Memory
• Traffic resource metrics:
• Concurrent Decryption Sessions
• Sessions Table Utilization

Strata Cloud Manager Getting Started 340 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

The heatmap shows metrics usage for every device. The darker color represents a higher
utilization and the lighter color indicates a lower utilization. By default, the Multicolor View is
selected. You can switch to the Monochrome View as well.
Here are the different ways in which you can use the Capacity Analyzer heatmap to obtain
information about metric usage:

Strata Cloud Manager Getting Started 341 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

• Hover your cursor on a metric block for a device to view a tooltip that provides the following
details:
• Name of the metric
• Device model and list of devices
• Device capacity range

• Filter data using the following attributes:

• Metric - Select one or more metrics that you want to view or search using the metric name.
• Model - Select one or more device models or search using the model name.
• Capacity - Select the capacity on the Capacity Filter scale.
To learn more about how to use the Capacity Analyzer heatmap, see Analyze Metric Capacity.

Strata Cloud Manager Getting Started 342 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Prisma Access Locations

Where Can I Use This? What Do I Need?

• license
(with or configuration management)

Select Monitor > Prisma Access Locations to get started. From here, you can view the health
of all your Prisma Access locations for your remote networks and mobile users. For a detailed
description of these widgets, see View and Monitor Prisma Access Locations in the Prisma Access
Administration Guide.

Top 5 Prisma Access Locations

The bars show data about the Top 5 Prisma Access locations for remote networks, service
connections, GlobalProtect mobile users, or Explicit Proxy mobile users (selected from the drop-
down), based on the total bandwidth consumed during the selected time range. Hover over any
bar to see how many users are in that particular location.

Strata Cloud Manager Getting Started 343 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Prisma Access Location Status

Depending on your license, this widget shows the number of connected remote network sites,
service connection sites, unique GlobalProtect users, and unique Explicit Proxy users logged
in to Prisma Access. The widget's color code is based on how many remote networks, service
connections, GlobalProtect users, and Explicit Proxy users are in the following status:
• Connected (green)—All Prisma Access locations are connected.
• Disconnected (red)—All Prisma Access locations are disconnected.
• Partially Connected (orange)—One or more Prisma Access locations are disconnected.

Strata Logging Service Connectivity

Strata Logging Service Connectivity widget gives you visibility into the Strata Logging Service
connectivity health status from all your Prisma Access instances for the Strata Logging Service
region that you selected during your Prisma Access license activation. It helps you determine
if firewalls have disconnected from Strata Logging Service and you are no longer obtaining
firewall logs. Each tenant can connect to only one Strata Logging Service in any region of its
choice. Prisma Access polls the Strata Logging Service database every 5 minutes to check for
connectivity between the nodes (Mobile Users, Remote Networks, and Service Connections) and
the Strata Logging Service database.

Prisma Access Locations Status

View the Prisma Access Locations status in real time. Within a specific location, if a user logs
in from multiple hosts, the user is counted as a single user, but if any user logs in from two
differentPrisma Access locations by disconnecting from one and logging in from another within
the time period, the user is counted as two users. Select a location to view details, such as
bandwidth consumed, status, Strata Logging Service Connectivity, and user ID and group
mappings.

Strata Cloud Manager Getting Started 344 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Assets
Where Can I Use This? What Do I Need?

• NGFWs subscription
(with or configuration management) Software NGFW Credits
(for VM-Series software NGFWs)

To get started, select Monitor > Assets. From here, you can see a dynamically maintained
inventory of the IoT, OT, and IT devices on your network with numerous attributes for each one
such as its IP and MAC addresses; profile, vendor, model, and OS; and (for advanced IoT Security
products) its device-level risk score.

Use the data in this inventory to learn about the assets on your network:
• View a dynamically generated and up-to-date inventory of the devices detected on your
network, including IoT, OT, and IT devices.
• While the IoT Dashboard displays the types of devices you have at a high level, the Assets
inventory lets you explore individual devices to see more details and assess their security
posture.
• Filter the data displayed in the dashboard by site, device type, period of time, and one or more
device attributes to see data about devices of interest.
• Show and hide columns to view device attributes that are important to you. There are over 100
attribute columns from which to choose.
• Download the data displayed on the currently active page as a file in CSV format for inclusion
in reports or for future reference. The file contains the devices and device attributes that you
have on display at the time of the download.

Strata Cloud Manager Getting Started 345 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Monitor: Third-Party Device-IDs

Where Can I Use This? What Do I Need?

• Prisma Access (Managed by Strata Cloud Prisma Access license

Manager) ADEM-AIOps
• Prisma Access (Managed by Panorama) ADEM Observability

You can use the Cloud Identity Engine with Prisma Access to apply information from third-party
IoT detection sources to simplify the task of identifying and closing security gaps for devices in
your network. See Configure Third-Party Device-ID in Prisma Access for details about setup and
configuration.
Go to Monitor > Devices > IOT to get insights on your IoT devices, such as the number of IoT
devices connected within the last 30 minutes, all IoT devices connected during the time range
selected, and details about all connected IoT devices.

Devices Currently Connected

View the number of devices connected, if any, in the past 30 minutes. Now always shows the
Devices Currently Connected only in the last 30 minutes.

Connected IoT Devices

Connected IoT Devices shows the number of connected devices filtered by Time Range.
Customize the data shown by selecting other filter options from the Add Filters drop-down.
• Category—The category to which this device belongs.
• Mac Address—The MAC address of the device.
• Profile—The device profile.
• Vendor—The device vendor.
• Source IP—The device's IP address.
• Prisma Access Location—The device's Prisma Access location.
• Branch Site—The branch site the device is on.

Strata Cloud Manager Getting Started 346 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Hover over a point in the chart to see the number of users at a specific time. Knowing the user
trends over a specific period of time can help you monitor usage and investigate any unusual
patterns.

IoT Devices
View the number of IoT devices connected during the selected Time Range. Use the column drop-
down to select or deselect the columns that appear in the table.

• Mac Address—The MAC address of the device.

• Category—The category to which this device belongs.
• Profile—The device profile.
• Vendor—Device vendor.
• Source IP—IP address of the device.
• Model—Device model.
• OS Version—OS version.
• OS Family—The OS family to which the device belongs.
• Prisma Access Location—The Prisma Access location used.
• Branch Site—The branch site the device is on.
The following IOT Devices table shows a customized column selection. To show all columns in the
table, select all options in the drop-down.

Strata Cloud Manager Getting Started 347 ©2025 Palo Alto Networks, Inc.
Monitor: Strata Cloud Manager

Strata Cloud Manager Getting Started 348 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud
Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits
•

The other licenses and prerequisites needed

for visibility are:
A role that has permission to view the
dashboard
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager gives you a common framework for interacting and investigating the
incidents and alerts that Palo Alto Networks products and subscriptions detect in your enterprise:
• Incidents and Alerts: NGFW
• Incidents and Alerts: Prisma Access
• Incidents and Alerts: Prisma SD-WAN
To help you maintain the ongoing health of your devices and deployments, and to avoid
disruption to your business, explore each of the incidents and alerts pages to:
• View incidents and alerts across your network, and drill down to investigate.
• Create and review rules that trigger incident and alert notifications.
You can move between your incidents and alerts and the Incidents and Alerts: Log Viewer to
investigate activity on your network that's triggering or is associated with incidents and alerts.

349
Incidents and Alerts: Strata Cloud Manager

Strata Cloud Manager Getting Started 350 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

Incidents and Alerts: NGFW

Where Can I Use This? What Do I Need?

• , including those funded by Software One of the following licenses:

NGFW Credits
or

To help you maintain the ongoing health of your devices and avoid incidents that disrupt your
business, your applications generate incidents and alerts based on one or more issues that it has
detected with your firewall deployment. With Incidents & Alerts > NGFW, you get a singular view
of your incidents and alerts across NGFWs.
Here’s how to get up and running with NGFW Incidents & Alerts:
• Incidents keep you informed about vulnerabilities. You can investigate them and take
preventive actions if necessary.
Navigate to Incidents & Alerts > NGFW > All Incidents to view incidents across your network,
and interact with them.

• An alert indicates a specific problem (degradation or loss of firewall functionality) that needs to
be addressed. Alerts can also be generated based on correlation or aggregation across multiple

Strata Cloud Manager Getting Started 351 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

events. This aggregation of events into a single alert helps triage, streamline alert hand-off
between teams, centralize critical information, and reduce notification fatigue.
Navigate to Incidents & Alerts > NGFW > All Alerts to view alerts across your network, and
interact with them.

Strata Cloud Manager Getting Started 352 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

Incidents and Alerts: Prisma Access

Where Can I Use This? What Do I Need?

• , including those funded by Software One of the following licenses:

NGFW Credits
or

Select Incidents & Alerts > Prisma Access to get started. The Incidents and Alerts available in your
environment depend on your licenses.

The Incidents & Alerts > Prisma Access page does not support custom roles.

Get an Overview
See an Overview of Incidents and Alerts information related to your Prisma Access environment.
The Incidents and Alerts available in your environment depend on your licenses.

See All Incidents

View the Incident List, which shows all incidents in your environment. Use the Add Filter drop-
down to select Incidents by the columns in the table (you can filter on more than one). From
within the table, select any Incident to view its detailed information.

Strata Cloud Manager Getting Started 353 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

View Priority Alerts

See Priority Alerts, which describe the status of your Prisma Access environment.

View Informational Alerts

View Informational Alerts, which notify you about upcoming software upgrades and status for
upgrades that are in progress or completed.

Notification Profiles
From Notification Profiles, you can view information about Notification Subscriptions and create
a new or modify an existing Notification Profile.

ServiceNow Audit Log

If you're using ServiceNow, you can review the ServiceNow Audit Log, which shows you each
ServiceNow Incident ID. It also shows you the ServiceNow operations performed on each
Incident, such as Create, Update, and Delete.

Incident Settings
From Incident Settings, you can customize the incidents you receive by Incident category and
Incident code.

Incidents and Alerts by Code

View incidents and alerts by their code IDs, understand the problems and issues they describe,
and find out how to remediate them. Incidents and alerts are categorized by license:
• AI-Powered ADEM Incidents
• ADEM Incidents
• Prisma Access Incidents
• Priority Alerts
• Informational Alerts
For information about Incidents and Alerts, see the Incidents and Alerts Reference Guide.
For information about ServiceNow integration, see Integrate ServiceNow with Prisma Access in
the Integrations Guide.

Strata Cloud Manager Getting Started 354 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

Incidents and Alerts: Prisma SD-WAN

Where Can I Use This? What Do I Need?

• license
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Prisma SD-WAN generates incidents and alerts when the system reaches system-defined or
customer-defined thresholds or there is a fault in the system. Use these incidents and alerts to
troubleshoot the system.
Select Incidents and Alerts > Prisma SD-WAN to view incidents and alerts in
Strata Cloud Manager.
Use the following tabs to navigate through incidents and alerts in Prisma SD-WAN.
• Overview
• Incidents
• Alerts
• Settings
Overview
View incidents and alerts and their categories in Prisma SD-WAN. The Overview tab is your
default view.
View the top incidents and alerts which display the following information.

Type of Incident Displays the category of the incident.

Description Displays the description of the incident.

Severity Displays the severity of the incident.

Priority Displays the priority of the incident.

Correlated Alerts Displays the number of incidents aggregated

in this incident.

Status Displays the status of the incident.

Created Displays when the incident was raised by the

system.

Strata Cloud Manager Getting Started 355 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

Last Updated Displays when the incident was last updated

by the system.

Incidents
An incident is an indication of a fault in the system. Incidents are raised and cleared and vary in
severity:
• Critical—Whole or part of a network is down and requires immediate action.
• Warning—Impacts the network and needs immediate attention.
• Informational—Network is degraded and needs attention soon.
Alerts
An alert may or may not be an indication of a fault in the network. An alert is raised when the
system reaches system-defined or customer-defined thresholds.
Settings
Use the Settings tab to create incident policies to manage event code suppression based on the
specified classifications and action attributes configured. You can use incident policy rules to
suppress or escalate incidents that arise during a scheduled time period. In addition, you can also
change the default priority of system generated incidents to a priority level that is more aligned
with your business requirements.

Strata Cloud Manager Getting Started 356 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

Incidents and Alerts: Log Viewer

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• , including those funded by Software
NGFW Credits or

A role that has permission to view the

dashboard

Log Viewer provides the capabilities of Explore — where you can view and interact with your logs
stored in Strata Logging Service.
Log Viewer provides an audit trail for system, configuration, and network events. Jump from
a dashboard to your logs to get details and investigate findings. A query field and time range
preferences help you narrow down the specific logs that are of interest to you.
• Learn more about how to build your queries
• Discover new Log Viewer features in the Strata Logging Servicerelease notes.
Log Viewer highlights actions and severity of the logs to help you understand how sessions are
enforced. You can also view the details of the security artifacts of the logs in Search page.

Select the log type you want to view. For details on the log types and definition of each of their
log fields, see the Log Reference guide.

Strata Cloud Manager Getting Started 357 ©2025 Palo Alto Networks, Inc.
Incidents and Alerts: Strata Cloud Manager

Incidents and Alert Settings

Where Can I Use This? What Do I Need?

• , including those funded by Software One of the following licenses:

NGFW Credits
or

• To define notification preferences, such as which alerts trigger notifications, how you receive
notifications, and how often you receive them, create a notification rule.
Navigate to Incidents & Alerts > Incident & Alert Settings > Notification Rules to view and add
rules to trigger notifications.

• Strata Cloud Manager generates alerts and incidents that dynamically adjust based on the
metric’s historical value and your usage trends. You can adjust this setting to control the
sensitivity level of the anomaly detection algorithm.
Navigate to Incidents & Alerts > Incident & Alert Settings > Anomaly Sensitivity to configure
the sensitivity level of the anomaly detection algorithm.

Strata Cloud Manager Getting Started 358 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma
Access
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager enables you to configure a security policy that is shared across your
NGFWs and Prisma Access.
Set up Prisma Access, your NGFWs, or both with Strata Cloud Manager
Set up folders to group NGFWs that require similar settings. Prisma Access folders are
predefined, and enable you to target configuration based on deployment type: mobile users,
remote networks, service connections.
Set the Manage: Configuration Scope you want to work in. You can configure settings that will
apply globally, across both your NGFWs and Prisma Access environment, and can also target
configuration to specific NGFWs or Prisma Access deployments based on folders.
Use Manage: Snippets to standardize a common base configuration for a set of NGFWs or
deployments. Snippets enable you to quickly onboard new devices, users, or locations with a
known good configuration and reduce the time required to onboard a new device.
Go to Manage > Configuration > NGFW and Prisma Access to start creating your security
policy, and sharing it across your NGFWs and Prisma Access using the management features
described above.
Start building the following your Security policy rules and share it across your NGFWs and
Prisma Access using the management features described above.

359
Manage: NGFW and Prisma Access

Strata Cloud Manager Getting Started 360 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Configuration Scope

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

With Strata Cloud Manager, you can apply configuration settings and enforce policy globally
across your entire environment, or target settings and policy to certain parts of your organization.
When working in your Strata Cloud Manager configuration management, the current
Configuration Scope is always visible to you, and you can toggle your view to manage a broader
or more granular configuration.
You can get clarity on the configuration elements that are applicable for a particular Configuration
Scope and whether they are inherited from a common Configuration Scope or generated by the
system. The color-coded configuration indicators help you understand where the configurations
are inherited from, and also visually distinguish the object types for easy scanning.
• Grey dot indicates inherited configuration
• Purple dot indicates a predefined configuration
• Blue dot indicates that the object is present in the current configuration scope

Global configuration settings help you to easily manage and enforce policy requirements that
apply across all your network traffic. Alternatively, you can target policy and configuration
settings to the types of deployments where they make sense.

Strata Cloud Manager Getting Started 361 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

• Prisma Access
• Mobile Users Container– Settings apply across all mobile user connection types:
GlobalProtect and Explicit Proxy, or individually to each connection type.
• Remote Networks– Settings apply to remote network sites (branch offices, retail locations,
etc.).
• Service Connections– Settings apply to service connection sites (HQ and data centers).
• All Firewalls– Settings apply across all your NGFWs, or to specific folders that group together
NGFWs that require shared or specific configuration settings or policy enforcement.
Learn more about:
• Workflows: Folder Management
Use folders to logically group your devices and deployment types for simplified configuration
management.
• Manage: Snippets
Use snippets to group configurations that you can quickly push to your firewalls or
deployments.
• Manage: Variables
Use variables your configurations to accommodate device or deployment-specific
configuration objects.

Strata Cloud Manager Getting Started 362 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Snippets
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

Strata Cloud Manager Getting Started 363 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Where Can I Use This? What Do I Need?

→ The features and capabilities available to
you in depend on which license(s) you are
using.

Use snippets to group configurations that you can quickly push to your firewalls or deployments.
A snippet is a configuration object, which can't fit into a hierarchy, or grouping of configuration
objects, that you can associate with a folder, deployment, or device. Snippets are used to
standardize a common base configuration for a set of firewalls or deployments allowing you to
quickly onboard new devices with a known good configuration and reducing the time required
to onboard a new device. For example, you can onboard a new firewall in a remote branch
office. You can associate a set of snippets that contain all of the required network and policy rule
configurations with the folder the new firewall belongs to. This reduces the time required to set
up the firewall to protect the remote branch office.
Snippet associations have a top-down priority in the event of conflicting object values. Rules with
duplicate names are not allowed, and validation fails during the creation of a snippet with the
same name in any folder or while associating a snippet to a folder if the snippet with the same
name is already associated.
This means that if the first and the last associated snippets have different values for the same
object, the value from the first snippet is inherited by the device or deployment. Additionally,
all configurations inherited from a snippet can be overridden at the child folder, deployment, or
device level.
Within a folder hierarchy, a snippet might only be associated one time within any folder hierarchy.
This means that a snippet can’t be associated with both a folder and the folder nested under
it. However, you can associate the same snippet with different folders or folders nested under
different folders. Snippets that are already associated with a folder in the folder hierarchy are
grayed out so they can’t be used more than once where applicable.

Strata Cloud Manager Getting Started 364 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Snippet Classification
• Predefined: All Strata Cloud Manager users can access these snippets to quickly set up new
firewalls and deployments with best practice configurations.
• Local: These editable snippets are created within the tenant and can't share them with other
subscriber tenants.
• Published: Trusted subscriber tenants have access to these shared snippets, which can't be
cloned or edited.

Strata Cloud Manager Getting Started 365 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

• Subscribed: These snippets, shared by the publisher tenant, can be cloned by users but can't be
edited.

Cross-Scope Configuration Referenceability in Snippets

This feature allows you to reference any common configurations or objects attached to a global
scope and push it to Prisma Access and NGFW firewalls. These shared objects and configurations
within the global scope are available to all the snippets. A snippet associated with the global scope
is considered as a global snippet. Objects defined within these snippets attached to the global
scope, can be referenced across any snippets in the configuration.
For example, you can create a snippet named Global Variable to consolidate variables and attach
it to a Global scope. This ensures easy referencing and availability across all other snippets in the
configuration. Similarly, you can effectively manage custom URL categories for access policy rules,
threat prevention profiles, zones, addresses, and other objects representing standard network
segments.

Create a Snippet
Create and associate a snippet with a folder, deployment, or device to apply a common
base configuration to a group of devices. You can associate as many snippets with a folder,
deployment, or device as needed.
Snippets can be modified and reassociated with any folder, deployment, or device at any time
after creation.

Strata Cloud Manager Getting Started 366 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Custom snippets that are no longer in use can be deleted.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Overview and expand the
Configuration Scope to view the Snippets.

STEP 3 | Add Snippet.

1. Enter a descriptive Name for the snippet.
2. (Optional) Provide a Description.
3. (Optional) Assign one or more Labels.
You can select existing labels or create a new one by typing the desired label.
4. Create the snippet.
Newly created snippets appear under Local snippets. After publishing, they move to
Published snippets.

Strata Cloud Manager Getting Started 367 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 4 | Configure your snippet.

You are now in the Configuration Scope for the snippet. All configurations made here apply
only to this snippet.
Review the snippet Overview for detailed information, including the number of variables,
creation and update details, and associated folders, deployments, and devices.

Strata Cloud Manager Getting Started 368 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 5 | Add Subscriber Tenants:

1. Add Subscriber.

2. Select the Tenant Name and Save.

3. Click the Tenant Name link to edit subscriber tenant properties for shared snippets,
controlling snippet management during disassociation.

• The Do not delete from subscriber tenant option is checked by default.

• When this option is checked, snippets cannot be deleted from the subscriber, even
without associations.
• When unchecked, snippets without folder associations can be deleted from the
subscriber. Deleting the subscriber will not remove the snippets.

Strata Cloud Manager Getting Started 369 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

• Save your changes.

4. Select the Tenant Name, and Publish.

Choose Validate before update for a pre-update validation check on the subscriber
before applying changes. If the validation fails, an error message appears. If the
validation succeeds, publisher request is sent to the subscriber.

5. The Status column shows Snippet Successfully Published to Subscriber Tenant.

6. The published snippet appears under Subscribed. Use the

refresh icon if the subscribed snippet doesn't appear immediately.

Strata Cloud Manager Getting Started 370 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 6 | To delete a subscribed snippet, select the Tenant Name and Delete Subscriber.
The deleted subscriber tenant will be removed and will not appear under Subscribed.

Strata Cloud Manager Getting Started 371 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 7 | Associate a snippet.

1. Select Manage > Configuration > NGFW and Prisma Access > Overview and expand the
Configuration Scope to view the Config Tree.
2. Select the folder, deployment, or device you want to associate the snippet with.
3. Edit the Config Snippet.
4. Add the snippets that you want to associate and order them as needed.
If you're associating a snippet to the global scope, it becomes referenceable and available
to all the other snippets in the configuration. All the snippets will be able to reference
the objects you have in the snippet attached to the global folder.
5. Close.

STEP 8 | Push Config to push your configuration changes to your network.

Modify a Snippet
Modify your snippet configurations, details, and associations.
Custom snippets no longer associated with a folder, deployment, or device can be deleted.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Overview and expand the
Configuration Scope to view the Snippets.

STEP 3 | Select the snippet you want to modify.

After you select a snippet, you’re redirected to the snippet Overview.

STEP 4 | (Optional) Edit the snippet to modify the Name, Description, or to change or assign
additional Labels. Enable or disable Pause Update to see the configuration diffs and decide
to accept the change.

Strata Cloud Manager Getting Started 372 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 5 | Edit the Snippet Associations to reassociate the snippet with a different folder, deployment,
or device or to associate the snippet with additional folders, deployments, or devices.
Exit the snippet reassociation screen to apply the changes.

STEP 6 | Make any changes to the snippet configuration as needed.

STEP 7 | Push Config.

Delete a Snippet
Delete your custom snippets to keep your configurations organized. Snippets must be
unassociated with any firewalls, folders, or deployments before they are able to be deleted.
Deleting predefined snippets is not supported.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Overview and expand the
Configuration Scope to view the Snippets.

STEP 3 | Click the three vertical dots of the custom snippet you want to delete.

Strata Cloud Manager Getting Started 373 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 4 | Delete the snippet.

Snippets currently associated with folders, deployments, or devices can't be deleted.

First edit the Snippet Associations to remove all existing associations before it can be
deleted.

Clone a Snippet
If you want to use an existing snippet as a template for a new snippet, you can easily clone it so
you do not have to configure a new object.
Cloned snippets are not associated with any devices, folders, or deployments, allowing you to
customize them freely without having to disassociate them before you begin your configurations.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Overview and expand the
Configuration Scope to view the Snippets.

STEP 3 | Click the three vertical dots of the custom snippet you want to clone.

STEP 4 | Clone the snippet.

1. (Optional) Give the cloned snippet a new name.

Share a Snippet Configuration

This feature provides a unique and flexible method for sharing common configurations across any
tenants including in a multitenant environment. You can save and manage various configurations
as snippets, easily sharing them across tenants under a customer account. This capability provides
considerable flexibility and control in managing shared configurations across different tenant
environments.
Additionally, this feature supports centralizing configuration management for common scenarios
among tenants and overseeing global configurations within a multibusiness unit setup.
In this framework, the publisher tenant shares snippets with the subscriber tenant, while the
subscriber tenant receives snippets from the publisher tenant.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | On the publisher tenant, select Manage > Configuration > NGFW and Prisma Access >
Overview, select the Global configuration scope.

Strata Cloud Manager Getting Started 374 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 3 | Establish Trust Between the Tenants: Establish a connection between the subscriber and
publisher tenants to enable the sharing of snippets.
1. Click Subscriber Tenant under Trusted Tenants for Snippet Sharing.

2. Add Subscriber Tenant.

3. Enter the TSG ID to add as a subscriber tenant, and Check TSG ID. This ensures prevention
of randomly generated TSG or serialized TSG-based attacks.
Upon successful validation, a confirmation message indicates that the TSD ID has been
verified.

4. Next: Generate Pre Shared Key.

Copy the generated PSK. You will enter this PSK when validating the publisher tenant in
step 4.

Strata Cloud Manager Getting Started 375 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 4 | Go to subscriber tenant, select Manage > Configuration > NGFW and Prisma Access >
Overview and set the configuration scope to Global.
1. The Publisher Tenants status under Trusted Tenants for Snippet Sharing shows as Pending.

2. Click Publisher Tenants and Enter Pre Shared Key generated in the previous step, and
Validate the subscriber tenant.
After successful validation, a message confirms the tenant as trusted, establishing trust
between the subscriber and publisher tenants.

Strata Cloud Manager Getting Started 376 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 5 | Publish a Snippet to a subscriber tenant.

1. Create and associate the snippet with a folder.
Newly created snippets are available under Local snippets.
• The Overview tab shows snippet details such as name, description, creation time (when
the snippet was loaded on the subscriber side), last updated time, and labels details.
• The Subscriber Tenants tab shows the tenant name, published version on the tenant, last
published date, and publish status.
• Click Published Version to review configuration changes.
• Before publishing a snippet to a tenant, Add Subscriber and Save it.
• The Version Snapshots gives a history of your snippet configuration. In this screen,
you can compare configuration snapshots with your candidate configuration, and Save
Version Snapshot or Load an earlier configuration snapshot as your candidate. Click the
Version number to view the configuration differences.
• The Audit History provides an audit trail of all actions initiated by the administrator.
It logs details such as the published version number, changes made, the owner of the
change, the date and time of the change, and specifics of the change.
2. On the Subscriber Tenant tab, select the tenant name and Publish.
This sends publish request to the subscriber tenant. In the Status column indicates that
Snippet Successfully published to subscriber and the snippet will be available under
Published snippets.

Strata Cloud Manager Getting Started 377 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 6 | Verify on the subscriber tenant.

1. Go to Overview > Configuration Scope > Snippets, and select the snippet under Subscribed
snippets.
You're redirected to the snippet Overview which shows details such as the publisher
tenant's name, description, TSG ID, snippet creation time, last updated time, labels, and
pause update details.

STEP 7 | Delete the trust.

Subscribed snippets associated with folders or firewalls can only be cloned and can't be
deleted.

1. Go to subscriber or publisher tenant.

2. Click Subscriber Tenant under Trusted Tenants for Snippet Sharing.
3. Select the Tenant Name, and Delete Trust.
After deleting the trust, the snippet will no longer be associated with the firewall or folder and
becomes a local snippet.

Manage: Variables
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Use variables your configurations to accommodate device or deployment-specific configuration

objects.
Variables are an advanced tool that allows you to standardize your configurations while giving you
the flexibility to accommodate unique configuration values that are device or deployment specific.
Variables allow you to reduce the number of snippets you need to manage while allow you to
keep any firewall or deployment-specific configuration values as needed.
For example, you have a snippet for the configuration you want to associate with multiple nested
where each nested folder contains a set of firewalls specific to a geographic location. In the
snippet, you have configured policy rules to restrict access to business critical systems for specific
IP ranges only. In this scenario, you can create a variable for each IP range specific to each nested
folder and use that variable in the inherited snippet configuration. This allows you to manage and

Strata Cloud Manager Getting Started 378 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

push configuration changes while using fewer snippets to accommodate device or deployment-
specific configuration values.
Variables can be created at the folder, deployment, or firewall level. When you create a variable
for a folder, the variable is inherited by all folders nested under the folder. In the event of
conflicting variables in a folder Configuration Scope, the firewall or deployment inherits the
variable value from the folder containing the nested folders. However, you can override an
inherited variable at the nested folder, deployment, or firewall level.
The following types of variables are supported:

Variable Type Description

AS Number Autonomous system number to use in your BGP configuration.

Count Number of events that must occur to trigger an action.

Device ID Device-ID to use to assign a device priority valuer in an active/active high

availability (HA) configuration.

Device Priority Device priority to indicate a preference for which firewall should assume
the active role in an active/passive high availability (HA) configuration.

Egress Max Egress max value to use in Quality of Service (QoS) Profile configuration.

FQDN Fully qualified domain name.

Group ID High availability Group ID.

IP Netmask Static IP or network address.

IP Range An IP range. For example, 192.168.1.10-192.168.1.20.

IP Wildcard IP wildcard mask to allow or deny similar IP addresses. For example,

10.0.0.5/255.255.0.255.

Link Tag Link tag to use in your SD-WAN configuration.

Percent Percentage between 0 and 99.

Port Source or destination port.

QoS Profile QoS Profile for use in QoS configurations.

Rate Rate to specify a threshold that triggers an action. For example, the Alarm
rate for a DoS Protection profile.

Router ID Router ID when you configure Border Gateway Protocol (BGP) for a logical
router.

Strata Cloud Manager Getting Started 379 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Variable Type Description

Timer Timer in seconds to configure a threshold that triggers an action.

Zone A security zone.

Create a Variable

You can also create a variable inline where a variable is supported.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Overview and select the
Configuration Scope where you want to create the variable.
In the Folders, select the folder or device for which you want to create a variable.
In the Snippets, select the specific snippet for which you want to create a variable.

STEP 3 | In the Variables section, click the Variables count displayed.

Strata Cloud Manager Getting Started 380 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 4 | Add Variable.

STEP 5 | Create the variable.

In this example, an IP Netmask variable is created for use as an address object for a critical
internal resource.
1. Select the variable Type.
2. Give the variable a descriptive Name.
All variable names must begin with $.
3. (Optional) Enter a Description for the variable.
4. Enter the variable Value.
5. Save.

Strata Cloud Manager Getting Started 381 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 6 | Add the variable to your configuration.

In this example, the $internal-lab-storage variable created in the previous step is added
to the address object configuration.

STEP 7 | Push Config.

Import a Variable

Where Can I Use This? What Do I Need?

• Strata Cloud Manager AIOps for NGFW Premium license

Prisma Access license

Import variables to Strata Cloud Manager using a CSV file. Variable imports are designed to
overwrite multiple variables inherited from the folder hierarchy by the firewall, or already
configured in the firewall Configuration Scope, with new firewall-specific values.
The variable must already be inherited from the folder hierarchy or configured in the firewall
Configuration Scope to overwrite using variable imports. Importing variables to create entirely
new variables isn’t supported.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Overview.

STEP 3 | In the Variables section, click the Variables count displayed.

STEP 4 | Select CSV Export/Import > Export to export the variables you want to overwrite.
Palo Alto Networks recommends you first export the variables you want to overwrite. This
guarantees the CSV file you upload to Strata Cloud Manager is properly formatted. This also
expedites the import process by ensuring the target folder and firewall variables are properly
attributed.

Strata Cloud Manager Getting Started 382 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 5 | Modify the variables in the exported CSV file.

Consider the following when modifying your CSV file for import.
• Only Simple text editors, such as Notepad, are supported for modifying an exported CSV
file.
• # signifies that the variable is created in the folder hierarchy and inherited by the firewall.
Remove the # to override the inherited variable value with a firewall-specific value.
A variable value appended with # is ignored by Strata Cloud Manager on import as only
overriding variable values at the firewall Configuration Scope is supported.
• -NA- signifies that the variable doesn’t exist in the firewall configuration. This means that
the variable was created outside of the folder hierarchy the firewall belongs to.
Changing a variable value to -NA- isn’t supported. Strata Cloud Manager ignores any
variable value modified to -NA-.
Assigning a firewall-specific value to a variable with a value of -NA- isn’t supported because
the variable doesn’t exist in the firewall Configuration Scope. The variable must be inherited

Strata Cloud Manager Getting Started 383 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

by the firewall from the folder hierarchy, or configured in the firewall Configuration Scope,
in order to be overridden using variable import.
• A variable value of None# or None means that the variable was created with the variable
Value as None.
You can modify any variable value as None to remove the value but not delete the variable.
• For a variable created in the firewall Configuration scope, deleting a variable value and
leaving it blank deletes the variable.
For a variable created in the folder hierarchy and inherited by the firewall, deleting a
variable value and leaving it blank reverts the variable value to that inherited from the
folder hierarchy.
1. Locate and open the CSV file you exported. The format of the exported CSV file the
name is:
<cloud-management-tenant-name> - Prisma Access_<export-
date>_variables
2. Modify the variables as needed.

Palo Alto Networks does not recommend modifying the folder names, device
names, or device serial numbers. This might result in import failures.

In the example below, the following changes were made to the variable values in the
Firewall-A Configuration Scope to illustrate how variable imports can be used to
modify multiple variables with one operation.
• $example1—Overwrite the inherited None# value with a firewall-specific value.
• $example2—Overwrite the firewall-specific None value with a firewall-specific
value.
• $example3—If the variable was created in the firewall Configuration Scope, an
empty value deletes the variable.
If the variable was inherited from the folder hierarchy, and was overridden in the
firewall Configuration Scope, an empty value restores the variable value inherited
from the folder hierarchy.
• $example4—Overwrite the inherited 192.168.1.101 value with a firewall-specific
value.
• $example5—Example of a variable change Strata Cloud Manager ignores because #
is still appended.

Strata Cloud Manager Getting Started 384 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 6 | Save your changes.

Select File > Save to save the changes you made to the CSV file.
Alternatively, select File > Save As to save your changes in a new CSV file. To create a new
CSV file, you must include .csv as the file extension.

STEP 7 | Import the CSV file to Strata Cloud Manager.

1. Select Manage > Configuration > Overview.
2. In the Variables section, click the Variable count displayed.
3. Select CSV Export/Import > Import.
4. Choose File and select the CSV file containing the variables you modified.
5. Import.

Export Variables
Export your folder and firewall configuration variables in CSV format to your local device.
Exporting your variables is useful when overwriting a large number of variables across multiple
firewalls.
Exporting interface variables created when you configure an interface at the folder-level isn’t
supported.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > NGFW and Prisma Access > Configuration > OverviewNGFW and Prisma
Access > Overview.

STEP 3 | In the Variables section, click the Variable count displayed.

STEP 4 | Select CSV Export/Import > Export.

Strata Cloud Manager Getting Started 385 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 5 | Select the folder and firewalls with the variables you want to export and click Next.

If you want to export all variables created on Strata Cloud Manager, select All
Firewalls.

STEP 6 | Select one or more variables to export.

STEP 7 | (Optional) Preview the selected variables to view additional details.

From the variables preview, you can view information such as the variable name, the
Configuration Scope where the variable was created, and the variable value.
Click Cancel and continue to the next step or Download CSV to your local device.

STEP 8 | Export the selected variables in CSV format.

The CSV is exported and downloaded locally to your device. The format of the exported CSV
file the name is:
<cloud-management-tenant-name> - Prisma Access_<export-
date>_variables

Strata Cloud Manager Getting Started 386 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Overview
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Think of the Overview page as your launching point in to NGFW and Prisma Access both for first
time setup, and for day-to-day configuration management (Manage > Configuration > NGFW and
Prisma Access > Overview).

• Global
• Prisma Access
• Configuration Overview (Strata Cloud Manager)

Global
Where Can I Use This? What Do I Need?

•
• license
•
•

If you select the Global configuration scope, you can view the following details:
• Global folders you create and their variables
• Firewalls with config conflicts
• Firewall sync status
• Firewall connectivity status
• General information
• Configuration snippets

Strata Cloud Manager Getting Started 387 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

• License
• Optimize
• Trusted tenants for snippet sharing
• Config version snapshots

Configuration Overview (Prisma Access)

Where Can I Use This? What Do I Need?

• license

Basics
Prisma Access configuration Basics guide you to get up and running with Prisma Access.
Complete the tasks here to get started with a basic setup, that you then can use to test your
environment and build out your deployment.
Each task links you to the page where you can set up the associated configuration; when you’re
done, tasks on this list show as complete. So, you can easily track you’re progress at a glance,
which is especially helpful if you’re in the onboarding phase.

Walkthroughs
Some to-do’s also include walkthroughs that take you through the basic, required steps to get
your environment up and running.

Strata Cloud Manager Getting Started 388 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Onboarding walkthroughs are available to you on the Overview dashboard. You can click into to
the help to see if there are walkthroughs available for the page you’re on, and keep an eye out for
walkthroughs you can launch directly on the page:

Strata Cloud Manager Getting Started 389 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Available Walkthroughs
• Onboard Remote Networks
• Onboard Your HQ or Data
Center (Service Connections)
• Onboard Mobile Users
(GlobalProtect)
• Onboard Mobile Users
(Explicit Proxy)
• Turn on decryption
• Policy Optimizer
• Create a Security Rule
• Create a Security Profile
• Set Up SAML Authentication

Prisma Access Sync Status

On the Overview page, you can quickly check status for your Prisma Access configurations. If you
see something unexpected, drill down to identify the impacted configuration. Here are statuses
you might see:
• Configuration has not been pushed—So far, no configuration has been pushed to Prisma
Access.
• This configuration is empty—A user pushed a blank configuration to Prisma Access. In this
case, a configuration was previously in place, so the push to Prisma Access might have been to
remove the configuration. Go to Push Config > Jobs to review recent changes.
• Out of sync—A user has pushed a configuration to Prisma Access but there is an error or
warning related to the push. This might be a configuration issue or it might be an issue related
to the push to Prisma Access.

Strata Cloud Manager Getting Started 390 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

• In sync—The latest configuration push to Prisma Access was successful, and there are no
errors.
If you see something unexpected, click on the status to open a map view that shows the locations
where you have either mobile users (GlobalProtect or explicit proxy connections), remote
networks, or service connections. You can then pinpoint the configuration that requires review or
where you might need to make an update.

Global Find Using Config Search

Config Search allows you to find specific configuration objects and settings for a particular string,
such as IP addresses, object name, referenced objects, duplicate objects, policy names, policy
rules, policies covered for specific CVEs, rule UUID, predefined snippets, or application name and
get the list of all references where the object is used.

Strata Cloud Manager Getting Started 391 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

1. To launch Config Search, click the

icon beside Push Config on the upper right side of the web interface. Config Search is available
from all pages under Manage.

2. In the Config Search screen, you can search by using the Config String, Location, Object Type,
Edited By, or Edited At fields.

Search tips:
• To find an exact phrase, enclose the phrase in quotes.
• Spaces in search terms are handled as AND operations. For example, if you search on corp
policy, the search results include instances where corp and policy exist in the configuration.
• To rerun a previous search, click the Config Search icon, which displays the last 50 searches.
Click any item in the list to rerun that search. The search history list is unique to each
administrator account.
• Config Search is available for each field that’s searchable. For example, you can search on
the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
• Location is grouped by Folders and Snippets. You can select more than one location to
search. If you do not select any location, All locations will be selected by default.
• If the object type is not selected, All will be selected.
3. The search results are categorized and provide links to the configuration location in the Strata
Cloud Manager, allowing you to easily find all occurrences and references of the searched
string.

Strata Cloud Manager Getting Started 392 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Configuration Overview (Strata Cloud Manager)

Where Can I Use This? What Do I Need?

•
•
•

If you’re just getting started with Cloud Management of NGFW:

• Here’s how policy and configuration folders work.
• Here’s how to push configuration changes to firewalls.
For day-to-day configuration management:
• Get at-a-glance summary of the current folder name, number of firewalls added to the folder,
number of variables created for the folder.

Strata Cloud Manager Getting Started 393 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

• Gain visibility and control over local firewall configurations without the need for switching
between the central management and individual firewalls for managing local configurations.
• Firewalls with config conflicts shows the number of firewalls with conflicts. View Conflicts
to see conflicts for all firewalls and their respective locations. Click the individual firewall to
further investigate device-level conflicts.
• Objects with config conflicts shows the number of conflicts per firewall. Click the number
to view the conflicted objects and their corresponding types specific to that firewall. Click
the object to get the granular details on the conflict.
• Connectivity Status
Review the Connectivity Status of managed firewalls to Strata Cloud Manager.
• Sync Status
Review the configuration Sync Status between Strata Cloud Manager and the current
running configuration on your managed firewalls.

• Configuration Snippets
Standardize a common base configuration for a set of managed firewalls using configuration
snippets.
• HA Devices
Configure managed firewalls in a high availability (HA) configuration to provide redundancy
and ensure business continuity.
• For details on your managed firewalls:
• Review Content Distribution and Software Versions details to see which dynamic
content updates and PAN-OS software versions are running on your managed firewalls.
• Review License details to see which licenses are activate on your managed firewalls.

Strata Cloud Manager Getting Started 394 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Global Find Using Config Search

Config Search enables you to search configuration objects and settings for a particular string, such
as IP addresses, object name, referenced objects, duplicate objects, policy names, policy rules,
policies covered for specific CVEs, rule UUID, predefined snippets, or application name and get
the list of all references where the object is used.
1. To launch Config Search, click the

icon beside Push Config on the upper right side of the web interface. Config Search is available
from all pages under Manage.

Strata Cloud Manager Getting Started 395 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

2. In the Config Search screen, you can search by using the Config String, Location, Object Type,
Edited By, or Edited At fields.

Search tips:
• To find an exact phrase, enclose the phrase in quotes.
• Spaces in search terms are handled as AND operations. For example, if you search on corp
policy, the search results include instances where corp and policy exist in the configuration.
• To rerun a previous search, click the Config Search icon, which displays the last 50 searches.
Click any item in the list to rerun that search. The search history list is unique to each
administrator account.
• Config Search is available for each field that’s searchable. For example, you can search on
the following object types for a Security policy: Tags, Zone, Address, User, HIP Profile,
Application, UUID, and Service.
• Location is grouped by folders and snippets. You can select more than one location to
search. If you do not select any location, All locations will be selected by default.
• If the object type is not selected, All will be selected.
3. The search results are categorized and provide links to the configuration location in the Strata
Cloud Manager, allowing you to easily find all occurrences and references of the searched
string.

Strata Cloud Manager Getting Started 396 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Security Services

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Manage your security services and protect your network, systems, and users.
Go to Manage > Configuration > NGFW and Prisma Access > Security Services.

With security services, you can:

• Define how you want to enforce Prisma Access traffic with Manage: Security Policy.
• Stop threats hidden in encrypted traffic with Manage: Decryption.

Strata Cloud Manager Getting Started 397 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Security Policy

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Your security policy is where you define how you want to enforce traffic in your Prisma Access
and NGFW deployments. All traffic that passes through your Strata Cloud Manager environment
is evaluated against your security policy, and rules are applied from the top down.
To set up your security policy, go to Manage > Configuration > NGFW and Prisma Access >
Security Services > Security Policy.

Get Started with Security Policy

Here are some things you can do now to make security policy work for you.
Create a Security Policy Rule – Security policies allow you to enforce rules and take action, and
can be as general or specific as needed.
Track Rules Within a Rulebase – Each rule within a rulebase is automatically numbered; when
you move or reorder rules, the numbers change based on the new order.
Enforce Policy Rule Best Practices – When creating or modifying rules, you can require a rule
description, tag, audit comment, etc. to ensure your policy rulebase is correctly organized and
grouped, and to preserve important rule history for auditing purposes.
Test Policy Rules – Use the Policy Analyzer check policy rules.
Activate a Security Profile – A security profile is applied to scan traffic after the application or
category is allowed by the Security policy.
Create a Security Profile Group – A security profile group is a set of security profiles that can
be treated as a unit and then easily added to security policies.
Set Up File Blocking – Identify specific file types that you want to want to block or monitor.
Create a Data Filtering Profile – Keep sensitive information from leaving your network.
Manage Web Security – Control access (general browsing) to the internet and SaaS
applications.

Strata Cloud Manager Getting Started 398 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Decryption
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Enable Decryption to stop threats hidden in encrypted traffic. All you need to do to get started
is import your decryption certificates — for everything else, we've built in best practices settings
that you can use to get up and running.
Learn more about decrypting traffic here.
Go to Manage > Configuration > NGFW and Prisma Access > Security Services > Decryption.

Decryption Overview
The Secure Sockets Layer (SSL) and Secure Shell (SSH) encryption protocols secure traffic
between two entities, such as a web server and a client. SSL and SSH encapsulate traffic,
encrypting data so that it is meaningless to entities other than the client and server with the
certificates to affirm trust between the devices and the keys to decode the data. Decrypt SSL and
SSH traffic to:
Prevent malware concealed as encrypted traffic from being introduced into your network. For
example, an attacker compromises a website that uses SSL encryption. Employees visit that
website and unknowingly download an exploit or malware. The malware then uses the infected
employee endpoint to move laterally through the network and compromise other systems.
Prevent sensitive information from moving outside the network.
Ensure the appropriate applications are running on a secure network.
Selectively decrypt traffic; for example, create a Decryption policy and profile to exclude traffic
for financial or healthcare sites from decryption.

SSH Proxy decryption is not supported in Strata Cloud Manager.

Decryption Policies
Strata Cloud Manager provides two types of Decryption policy rules: SSL Forward Proxy to
control outbound SSL traffic and SSL Inbound Inspection to control inbound SSL traffic.
SSL Forward Proxy

Strata Cloud Manager Getting Started 399 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

When you configure the firewall to decrypt SSL traffic going to external sites, it functions as an
SSL forward proxy. Use an SSL Forward Proxy decryption policy to decrypt and inspect SSL/TLS
traffic from internal users to the web. SSL Forward Proxy decryption prevents malware concealed
as SSL encrypted traffic from being introduced into your corporate network by decrypting the
traffic so that the firewall can apply decryption profiles and security policies and profiles to the
traffic.
SSL Inbound Inspection
Use SSL Inbound Inspection to decrypt and inspect inbound SSL/TLS traffic from a client to a
targeted network server (any server you have the certificate for and can import onto the firewall)
and block suspicious sessions. For example, suppose a malicious actor wants to exploit a known
vulnerability in your web server. Inbound SSL/TLS decryption provides visibility into the traffic,
allowing the firewall to respond to the threat proactively.

Decryption Profiles
You can attach a Decryption profile to a policy rule to apply granular access settings to traffic,
such as checks for server certificates, unsupported modes, and failures.
SSL Forward Proxy Profiles
The SSL Forward Proxy Decryption profile controls the server verification, session mode checks,
and failure checks for outbound SSL/TLS traffic defined in Forward Proxy Decryption policies to
which you attach the profile.
SSL Inbound Inspection Profiles
The SSL Inbound Inspection Decryption profile controls the session mode checks and failure
checks for inbound SSL/TLS traffic defined in the Inbound Inspection Decryption policies to which
you attach the profile.
Profile for No Decryption
No Decryption profiles perform server verification checks for traffic that you choose not to
decrypt. You attach a No Decryption profile to a “No Decryption” Decryption policy that defines
the traffic to exclude from decryption. (Don’t use policy to exclude traffic that you can’t decrypt
because a site breaks decryption for technical reasons such as a pinned certificate or mutual
authentication. Instead, add the hostname to the Decryption Exclusion List.)

Decryption Tips
Use the best practice policy rules as a starting point to build your decryption policy
These rules—one that decrypts traffic and one that excludes sensitive content from decryption
—are built based on URL categories.

Strata Cloud Manager Getting Started 400 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Exclude sensitive content from decryption

Exclude sensitive content from decryption for business, legal, or regulatory reasons.
Predefined Decryption Exclusions—Palo Alto Networks maintains this list of exclusions
and updates it regularly. This list applied globally and by default to all traffic you specify for
decryption. You can disable list entries if that fits with your business needs.
Custom Exclusions—Globally exclude sites or applications from decryption.
Policy-based exclusions—Use URL categories and external dynamic lists to create targeted,
policy-based decryption rules. Set a decryption policy rule action to no-decrypt to exclude
matching traffic from decryption.
Always place decryption exclusions at the top of your policy rules, so that they are applied first.
Consider that you can apply some decryption settings globally, and target others to specific
locations
Your Strata Cloud Manager decryption policy is applied globally to all NGFWs and Prisma
Access locations.
Manage > Configuration > NGFW and Prisma Access > Security Services > Decryption
Navigate to the decryption policy for each type to create policy rules that are targeted to
specific firewalls, mobile user locations, remote network sites, or service connections
Manage > Configuration > NGFW and Prisma Access > Configuration Scope > Global /
Firewalls / Mobile Users / Remote Networks / Service Connections
Rule order matters
Decryption policy rules are applied from the top down. Place the rules you want enforced first
at the top of your list of decryption policy rules. Global rules (pre-rules) are applied first and
are always listed ahead of rules that are specific to mobile users, remote networks, and service
connections.

Decryption at a Glance
The Decryption screen is the place to configure Decryption Policies and Profiles and view your
Best Practice Assessments.

Strata Cloud Manager Getting Started 401 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

A) Rulebase—Rulebase checks look at how security policy is organized and managed, including
configuration settings that apply across many rules.
B) Best Practices—Here you can get a comprehensive view into how your implementation
of feature aligns with best practices. Examine failed checks to see where you can make
improvements (you can also review passed checks).
C) Best Practice Assessment—Best practice scores are displayed on the decryption dashboard.
These scores gives you a quick view into your best practice progress. At a glance, you can identify
areas for further investigation or where you want to take action to improve your security posture.
D) Decryption Policies—List of onboarded decryption policies. Review the policy configuration,
policy type (SSL Forward Proxy, SSL Inbound Inspection, or SSH Proxy), policy action (decrypt or no-
decrypt), and BPA Verdict.
E) Add Rule—Add and configure new decryption policies.
F) Decryption Settings—Access certificate and decryption settings. Import and export certificates.
G) Add Profile—Add and configure new decryption profiles.
H) Global Decryption Exclusions—Applications excluded from decryption.
I) Decryption Profiles—List of onboarded decryption profiles. Review the profile configuration,
policies using the profile, and the BPA Verdict.

Strata Cloud Manager Getting Started 402 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Network Policies

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

You can create various types of network policies to protect your network from threats and
disruptions. It helps you optimize network resource allocation and manage your network policies
to prioritize traffic and configure application classifications.
Rules are evaluated from top to bottom and when traffic matches against the defined rule criteria,
subsequent rules are not evaluated. You should order more specific policy rules above the
more generic ones to enforce the best match criteria possible. A log is generated for traffic that
matches a policy rule when logging is enabled for the rule. Logging options are configurable for
each rule.
Best practice policy rules are available for most policy types and help you to get started quickly
and securely. While these rules cannot be edited to ensure that you always have a minimum
level of security readily available, you can clone them if you want to use them as a foundation for
customizing your policy.
Go to Manage > Configuration > NGFW and Prisma Access > Network Policies.
With network policies, you can:
• Prioritize the traffic that matters most to your operations with Manage: QoS.
• Manage how Prisma Access classifies your applications with Manage: Application Override.

Manage: QoS
Where Can I Use This? What Do I Need?

• One of these:
license

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager Getting Started 403 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

With Quality of Service (QoS), you can prioritize business-critical traffic and applications that
require low latency (like VoIP and video applications).To add or edit a QoS policy rule, go to
Manage > Configuration > NGFW and Prisma Access > Network Policies > QoS.

QoS Policy Rules

Quality of Service (QoS) policy rules to identify traffic that requires preferential treatment or
bandwidth limiting. QoS rules allow you to dependably run high-priority applications and traffic
under limited network capacity. You can configure traffic QoS treatment using the Differentiated
Services Code Points (DSCP). These codepoints are packet header values that can be used to
request (for example) high priority or best effort delivery for traffic. Prisma Access both enforces
DSCP values for incoming traffic and marks a session with a DSCP value as session traffic exits
the firewall. This means that all inbound and outbound traffic for a session is receiving continuous
QoS treatment. You can configure traffic QoS treatment using the following codepoints:
• Expedited Forwarding (EF)—Used to request low loss, low latency and guaranteed bandwidth
for traffic.
Packets with EF codepoint values are typically guaranteed highest priority delivery.
• Assured Forwarding (AF)—Used to provide reliable delivery for applications.
Packets with AF codepoints indicate a request for traffic to receive higher priority treatment
than best effort service provides. Packets with EF codepoint take precedence over packets
with AF codepoint.
• Class Selector (CS)—Used to provide backwards compatibility with network IP addresses that
use the IP precedence field to mark priority traffic.
• IP Precedence (ToS)—Used by legacy network IP addresses to mark priority traffic.
• Custom Codepoint—Create a custom codepoint to match traffic by entering a Codepoint Name
and Binary Value.
For example, you can create a QoS policy rule to prioritize voice communications, such
as voice over IP (VOIP), to ensure consistent packet transmission. This ensures that voice
communication are consistent.

Manage: Application Override

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager Getting Started 404 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Create an application override policy to designate applications be processed using fast path
Layer-4 inspection instead of using the App-ID for Layer-7 inspection. This forces the security
enforcement node to handle the session as a regular stateful inspection and saves application
processing times. You can create an application override policy rule when you do not want
traffic inspection for custom applications between known IP addresses. For example, if you
have a custom application on a non-standard port that you know users accessing the application
are sanctioned, and both are in the Trust zone, you can override the application inspection
requirements for the trusted users accessing the custom application.
To change how Prisma Access classifies applications, go to Manage > Configuration > NGFW
and Prisma Access > Network Policies > Application Override to then create your application
override policy rule.

Application Override Tips

Consider that when you create an application override policy rule, you’re limiting App-ID from
classifying your deployment's traffic and performing threat inspection based on that application
identification. To support internal proprietary applications, it’s worth thinking about creating a
custom application (instead of an application override rule) that include the application signature
so that Strata Cloud Manager performs layer 7 inspection and scans the application traffic for
threats. To create a custom application, go to Manage > Configuration > NGFW and Prisma
Access > Objects > Applications.

Application Override Policies

Use the following sections to configure an application override rule:
Source
Zones—Add source zones.
Addresses—Add source addresses, address groups, or regions and specify the settings.
Destination
Zones—Add to choose destination zones.
Addresses—Add source addresses, address groups, or regions and specify the settings.
Application
Application—Select the override application for traffic flows that match the above rule
criteria. When overriding to a custom application, there is no threat inspection that is
performed. The exception to this is when you override to a pre-defined application that
supports threat inspection.
To define new applications, go to Manage > Configuration > NGFW and Prisma Access >
Objects > Applications.
Protocol
Protocol—Select the protocol (TCP or UDP) for which to allow an application override.
Port—Enter the port number (0 to 65535) or range of port numbers (port1-port2) for the
specified destination addresses. Multiple ports or ranges must be separated by commas.

Strata Cloud Manager Getting Started 405 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Policy Based Forwarding

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Policy Based Forwarding rules allow traffic to take an alternative path from the next hop specified
in the route table, and are typically used to specify an egress interface for security or performance
reasons.
Go to Manage > Configuration > NGFW and Prisma Access > Network Policies > Policy Based
Forwarding.
Use a Policy Based Forwarding rule to direct traffic to a specific egress interface and override
the default path for the traffic. Before you create a Policy Based Forwarding rule, make sure you
understand that the set of IPv4 addresses is treated as a subset of the set of IPv6 addresses.
Use the following sections to configure a policy based forwarding rule:
Source
Zones—Add source zones.
Interface—Add source interfaces.
Addresses—Add source addresses, address groups, or regions and specify the settings.
Users—Add the users and user groups to whom the policy applies.
Destination
Addresses—Add source addresses, address groups, or regions and specify the settings.
Application and Services
Application Entities—Select the applications you would like to route through alternative
paths.
A Policy Based Forwarding rule may be applied before the firewall has enough information
to determine the application. Therefore, application-specific rules are not recommended for
use with Policy Based Forwarding. Whenever possible, use a service object.

You cannot use custom applications, application filters, or application groups in

Policy Based Forwarding rules.
Service Entities—Select the services and service groups you would like to route through
alternative paths.

Strata Cloud Manager Getting Started 406 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Forwarding
Action—You can set the Action to take when matching a packet by choosing from:
Forward—Directs the packet to the specified Egress Interface.
Discard—Drops the packet.
No PBF—Excludes packets that match the criteria for source, destination, application, or
service defined in the rule. Matching packets use the route table instead of PBF.
Egress Interface—Select the network information for where you want to forward the traffic
that matches your Policy Based Forwarding rule.
Next Hop
• IP Address—Enter an IP address or select an address object of type IP Netmask to which
to forward matching packets.
• FQDN—Enter an FQDN (or select or create an address object of type FQDN) to which to
forward matching packets.
• None—No next hop mean the destination IP address of the packet is used as the next
hop. Forwarding fails if the destination IP address is not in the same subnet as the egress
interface.
Monitor—Enable monitoring to verify connectivity to a target IP address or to the Next Hop
IP address if no IP address is specified.

Manage: NAT
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

NAT allows you to translate private, non-routable IPv4 addresses to one or more globally-routable
IPv4 addresses, thereby conserving an organization’s routable IP addresses. NAT also allows you
to not disclose the real IP addresses of hosts that need access to public addresses and to manage
traffic by performing port forwarding. You can use NAT to solve network design challenges,
enabling networks with identical IP subnets to communicate with each other.
You configure a NAT policy rule to match a packet’s source zone and destination zone, at
a minimum. In addition to zones, you can configure matching criteria based on the packet’s
destination interface, source and destination address, and service. You can configure multiple
NAT rules.

Strata Cloud Manager Getting Started 407 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Go to Manage > Configuration > NGFW and Prisma Access > Network Services > NAT.

Troubleshoot connectivity issues–get an aggregate view of your routing and tunnel

states, and drill down to specifics to find anomalies and problematic configurations.

Manage: SD-WAN
Where Can I Use This? What Do I Need?

• license
→ The features and capabilities available to
you in depend on which license(s) you are
using.

An SD-WAN policy rule specifies application(s) and/or service(s) and a traffic distribution profile
to determine how the firewall selects the preferred path for an incoming packet that doesn’t
belong to an existing session and that matches all other criteria, such as source and destination
zones, source and destination IP addresses, and source user. The SD-WAN policy rule also
specifies a path quality profile of thresholds for latency, jitter, and packet loss. When one of the
thresholds is exceeded, the firewall selects a new path for the application(s) and/or service(s).
To configure an SD-WAN policy, select Manage > Configuration > NGFW and Prisma Access >
Network Policies > SD-WAN.

Rules
You can define Pre rules and Post rules in a shared context, as shared policies for all managed
firewalls, or in a device group context, to make the rules specific to a device group:
• Pre Rules—Rules that are added to the top of the rule order and are evaluated first. You can
use pre-rules to enforce the Acceptable Use Policy for an organization. For example, you can
block access to specific URL categories or allow DNS traffic for all users.
• Post Rules—Rules that are added at the bottom of the rule order and are evaluated after the
pre-rules and rules that are locally defined on the firewall. Post-rules typically include rules to
deny access to traffic based on the App-ID™, User-ID™, or Service.

Profiles
Create profiles to apply to sets of applications and services specified in SD-WAN policy rules.
Path Quality
SD-WAN allows you to create a path quality profile for each set of applications, application filters,
application groups, services, service objects, and service group objects that have unique network
quality requirements and reference the profile in an SD-WAN policy rule. In the profile you set
maximum thresholds for three parameters: latency, jitter, and packet loss. When an SD-WAN link
exceeds any one of the thresholds, the firewall selects a new best path for packets matching the
SD-WAN rule where you apply this profile.
SaaS Quality

Strata Cloud Manager Getting Started 408 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

SD-WAN allows you to create Software-as-a-Service (SaaS) quality profiles to measure the path
health quality between your hub or branch firewall and server-side SaaS applications in order
to accurately monitor SaaS application reliability and swap paths should the path health quality
degrade. This allows the firewall to accurately determine when to failover to a different Direct
Internet Access (DIA) link.
The SaaS quality profile allows you to specify the SaaS application to monitor using an adaptive
learning algorithm that monitors the application activity, or by specifying a SaaS application using
the application IP address, FQDN, or URL.
Traffic Distribution
For this Traffic Distribution profile, select the method the firewall uses to distribute sessions and
to fail over to a better path when path quality deteriorates. Add the Link Tags that the firewall
considers when determining the link on which it forwards SD-WAN traffic. You apply a Traffic
Distribution profile to each SD-WAN policy rule you create.
Error Correction
If your SD-WAN traffic includes an application that is sensitive to packet loss or corruption, such
as audio, VoIP, or video conferencing, you can apply either Forward Error Correction (FEC) or
packet duplication as a means of error correction. With FEC, the receiving firewall (decoder)
can recover lost or corrupted packets by employing parity bits that the encoder embeds in an
application flow. Packet duplication is an alternative method of error correction, in which an
application session is duplicated from one tunnel to a second tunnel. To employ one of these
methods, create an Error Correction Profile and reference it in an SD-WAN policy rule for specific
applications.
(You must also specify which interfaces are available for the firewall to select for error correction
by indicating in an SD-WAN Interface Profile that interfaces are Eligible for Error Correction
Profile interface selection.)
SD-WAN Interface
Create an SD-WAN interface profile to define the characteristics of ISP connections and to
specify the speed of links and how frequently the firewall monitors the link, and specify a Link Tag
for the link. When you specify the same Link Tag on multiple links, you are grouping (bundling)
those physical links into a link bundle or fat pipe. You must configure an SD-WAN interface
profile and specify it for an Ethernet interface enabled with SD-WAN before you can save the
Ethernet interface.

Link Tags
Create a link tag to identify one or more physical links that you want applications and services
to use in a specific order during SD-WAN traffic distribution and failover protection. Grouping
multiple physical links allows you to maximize the application and service quality if the physical
link health deteriorates.
When planning how to group your links, consider the use or purpose of the links and group them
accordingly. For example, if you are configuring links intended for low-cost or non-business-
critical traffic, create a link tag and group these interfaces together to ensure that the intended
traffic flows primarily on these links, and not on more expensive links that may impact business-
critical applications or services.

Strata Cloud Manager Getting Started 409 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Identity Services

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Learn to manage your identity services and confirm that only certain users can access the right
data on your network. Go to Manage > Configuration > NGFW and Prisma Access > Identity
Services.
With identity services, you can:
• Enable only legitimate users to access your network by connecting Prisma Access to your
Identity Provider (IdP), and choosing the authentication method you want to use, in Manage:
Authentication.
• Give Prisma Access read-only access to your Active Directory information with the Manage:
Cloud Identity Engine.
• Enforce your security policy consistently and share identity data with on-premises devices at
remote network sites or service connection sites (HQ and data centers) with Manage: Identity
Redistribution.

Manage: Authentication
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager Getting Started 410 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

To ensure that only legitimate users have access to your most protected resources, Prisma Access
supports several authentication types, including support for SAML, TACACS+, RADIUS, LDAP,
Kerberos, MFA, local database authentication, and SSO.
To set up your authentication policies, go to Manage > Configuration > NGFW and Prisma Access
> Identity Services > Authentication.
Here are the services Prisma Access integrates with to provide authentication, and features to
consider when you are planning your authentication set up:

Authentication Support

SAML If your users access services and applications that are external
to your network, you can use SAML to integrate Prisma
Access with an identity provider (IdP) that controls access to
both external and internal services and applications. SAML
single sign-on (SSO) enables one login to access multiple
applications, and is helpful in environments where each user
accesses many applications and authenticating for each
one would impede user productivity. In this case, SAML
single sign-on (SSO) enables one login to access multiple
applications. Likewise, SAML single logout (SLO) enables a
user to end sessions for multiple applications by logging out
of just one session. SSO works for mobile users who access
applications through the GlobalProtect app or users at remote
networks that access applications through the Authentication
Portal. SLO is available to GlobalProtect app users.

You can't use SAML authentication profiles in

authentication sequences.

TACACS+ Terminal Access Controller Access-Control System Plus

(TACACS+) is a family of protocols that enable authentication
and authorization through a centralized server. TACACS+
encrypts usernames and passwords, making it more secure
than RADIUS, which encrypts only passwords. TACACS+ is
also more reliable because it uses TCP, whereas RADIUS uses
UDP.

RADIUS Remote Authentication Dial-In User Service (RADIUS) is

a broadly supported networking protocol that provides
centralized authentication and authorization. You can also add
a RADIUS server to Prisma Access to implement multi-factor
authentication.

LDAP Lightweight Directory Access Protocol (LDAP) is a standard

protocol for accessing information directories. You can use
LDAP to authenticate users who access applications or
services through Authentication Portal.

Strata Cloud Manager Getting Started 411 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Kerberos Kerberos is an authentication protocol that enables a secure

exchange of information between parties using unique keys
(called tickets) to identify the parties. With Kerberos, you
can authenticate users who access applications through the
Authentication Portal. With Kerberos SSO enabled, the user
needs to log in only for initial access to your network (such
as logging in to Microsoft Windows). After this initial login,
the user can access any browser-based service in the network
without having to log in again until the SSO session expires.
To use Kerberos, you first need a a Kerberos account for
Prisma Access that will authenticate users. An account is
required to create a Kerberos keytab, which is a file that
contains the principal name and hashed password of the
firewall or Panorama. The SSO process requires the keytab.
Kerberos SSO is available only for services and applications
that are internal to your Kerberos environment. To enable
SSO for external services and applications, use SAML.

Cloud Identity Engine The Cloud Identity Engine (CIE) provides both user
identification and user authentication for mobile users in a
Prisma Access—Explicit Proxy deployment. The Cloud Identity
Engine integrates with the Explicit Proxy Authentication
Cache Service (ACS) and uses SAML identity providers (IdPs)
to provide authentication for Explicit Proxy mobile users.

MFA Muti-factor authentication (MFA) gives you a way to

implement multiple authentication challenges of different
types (these are called factors) to protect your most sensitive
services and applications. For example, you might want
stronger authentication for key financial documents than for
search engines.
Prisma Access has a built-in list of supported MFA vendors,
that is automatically updated as new vendors are added:

Strata Cloud Manager Getting Started 412 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Local Database Create a database that runs locally on Prisma Access and
Authentication contains user accounts (usernames and passwords or
hashed passwords). This type of authentication is useful for
creating user accounts that reuse the credentials of existing
Unix accounts in cases where you know only the hashed
passwords, not the plaintext passwords. For accounts that use
plaintext passwords, you can also define password complexity
and expiration settings. This authentication method is
available to users who access services and applications
through the Authentication Portal or the GlobalProtect app.

Authentication Feature Highlights

SSO If you’re using SAML or Kerberos, you can implement single

sign-on (SSO), which enables users to authenticate only once
for access to multiple services and applications. SAML and
Kerberos support SSO.

Authentication Portal Redirect web requests that match an authentication rule

to a Prisma Access login page where they’re prompted to
authenticate. Prisma Access uses the information the user
submits to this authentication portal to create or update IP
address to user name mappings.
This is especially useful for remote networks, so that you
continue to have monitor and enforce traffic based on a
user (or group). When a user initiates web traffic (HTTP
or HTTPS) that matches an authentication rule, Prisma
Access prompts the user to authenticate through the
authentication portal. Prisma Access creates or updates the
IP address to username mapping based on the information
the user submits to the portal. This ensures that you know

Strata Cloud Manager Getting Started 413 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

exactly who at a remote network site is accessing your most

sensitive applications and data.

Authentication Sequence If you use multiple types of authentication for different

purposes, you can set an authentication sequence to rank
your profiles. Prisma Access checks each profile based on
your ranking until one successfully authenticates the user.

How Authentication Works

After you’ve added your organization’s authentication services to Prisma Access (here's how),
Prisma Access authenticates users at multiple points:
• When they connect to Prisma Access
Here's how to define how you’d like mobile users to authenticate to Prisma Access. You don’t
need to define authentication settings for users at remote networks to connect to Prisma
Access, as the remote network traffic is routed through secure VPN tunnels.
• When user traffic meets your requirements for additional authentication
Here's how to require users to authenticate (using one or multiple methods) to access
enterprise applications and protected network resources.
When users generate web traffic that matches your authentication requirements, Prisma Access
checks that the users are legitimate by prompting them to authenticate using one or more
methods (factors), such as login and password, voice, SMS, push, or one-time password (OTP)
authentication—the factors Prisma Access uses are all based on the authentication service and
settings that you specify in your authentication profiles. For the first factor (login and password),
users authenticate through the authentication portal.

For the other factors, users then authenticate through a multi-factor authentication login page.

Strata Cloud Manager Getting Started 414 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

After authenticating users, Prisma Access evaluates your security rules to determine whether
to allow access to the application. Prisma Access logs all activity where users attempt to access
applications, services, or resources that you’ve designated for secure access.

Manage: Authentication Setup

Where Can I Use This? What Do I Need?

• One of these:
license

→ The features and capabilities available to

you in depend on which license(s) you are
using.

To set up authentication with Prisma Access in Strata Cloud Manager, first add your
authentication service(s) to Prisma Access. Then specify the traffic for which you want to
require authentication. Build on these settings to add more authentication features, like MFA,
authentication sequences, or enable Prisma Access to create and update IP address to username
mappings.
Here’s how to get started—all the settings you need to enable authentication with Prisma Access
are in one place: Manage > Identity Services > Authentication.

Strata Cloud Manager Getting Started 415 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Authentication Rules Here’s where you specify the traffic for which you want to require
authentication
Part of setting up an Authentication Rule includes adding an authentication profile to the
rule. When Prisma Access detects traffic that matching an authentication rule, it applies the
authentication methods and settings defined in the authentication profile to the matching
traffic. The profile is what defines how the users will be required to authenticate.
1. Go to Manage > Identity and Access Services > Authentication > Authentication Rule
and Add Authentication Rule.
2. Define the users, services, and URL categories that require authentication.
3. Set the rule action to Authenticate and choose the Profile that defines the
authentication method you want to use for traffic that matches this rule.

Strata Cloud Manager Getting Started 416 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Authentication Profile Add your authentication services here, and define authentication
settings

Connect Prisma Access to the services you want to use to authenticate users—SAML, TACACS
+, RADIUS, LDAP, or Kerberos—and define authentication settings (for example, set a limit for
failed login attempts).

If you are using an on-premise authentication service, you must first create a service
connection to connect the on-premise authentication service to Prisma Access. Then,
return here to set up your authentication profile.

Go to Manage > Identity and Access Services > Authentication > Authentication Profile >
Add Profile and start by setting the profile Auth Type:
You’ll be prompted to add details about the authentication service you chose that will enable
Prisma Access to connect to the service, and read user credentials and role permissions.
Additional settings to customize authentication are provided in the profile, and might vary
depending on the type of authentication you’re setting up.

Strata Cloud Manager Getting Started 417 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

MFA Servers Specify the MFA vendor you’re using

To use multiple methods to authenticate users to sensitive applications, start by adding
the MFA vendors you want to use (Add MFA Server). Prisma Access provides a list of MFA
vendors for you to choose from.

Strata Cloud Manager Getting Started 418 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Strata Cloud Manager Getting Started 419 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Authentication Portal Set up the authentication portal (also known as Captive Portal) for users
at remote network sites, and enable Prisma Access to create IP address to username mappings
For first-factor authentication (login and password), users at remote network sites must
authenticate through the authentication portal. If the authentication succeeds, Prisma Access
displays an MFA login page for each additional authentication factor that’s required. Prisma
Access uses the credentials users submit to create and update IP address to username
mappings. This means that you’ll always know who at a remote network site is accessing web
content and enterprise applications.

Authentication Sequence Rank authentication profiles in the order you want Prisma Access to
try them
Select Manage > Identity and Access Services > Authentication > Authentication Profile and
Add Authentication Sequence to rank your authentication profiles. Prisma Access checks each
of them in sequence until one successfully authenticates the user.

Manage: Authentication Profiles

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Strata Cloud Manager Getting Started 420 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

An authentication profile defines the authentication service that validates the login credentials
of administrators who access the firewall web interface and end users who access applications
through Captive Portal or GlobalProtect. The authentication profile also defines options such as
single sign-on (SSO).
• Kerberos
• Cloud Identity Engine
Cloud Identity Engine

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

The Cloud Identity Engine (CIE) is used for identifying and authenticating users in firewall web
interfaces and mobile users in a Prisma Access Explicit Proxy deployment. In Prisma Access, the
Cloud Identity Engine integrates with the Explicit Proxy Authentication Cache Service (ACS) and
uses SAML identity providers (IdPs) to provide authentication for Explicit Proxy mobile users.
To authenticate users using Cloud Identity Engine, you must configure an authentication profile.

The SAML/CIE authentication method is displayed only if the Cloud Authentication

Service (CAS) is enabled. If the CIE authentication or CAS is not supported on your Prisma
Access tenant, then it shows only the SAML authentication method.

Before you begin:

• Review the Explicit Proxy guidelines.
• Set up an authentication profile in the Cloud Identity Engine.

Strata Cloud Manager Getting Started 421 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 1 | Go to Manage > Configuration > Identity Services > Authentication, set the configuration
scope to Explicit Proxy and Add Profile under Authentication Profiles.

STEP 2 | Select the Authentication Method: Cloud Identity Engine.

STEP 3 | Enter a unique Profile Name.

STEP 4 | Select the Cloud Identity Engine authentication Profile you configured in the Cloud Identity
Engine.

STEP 5 | Save your changes.

Kerberos

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Kerberos is a computer network authentication protocol that uses tickets to allow nodes that
communicate over a non-secure network to provide their identity to one another in a secure
manner.
The authentication profile specifies the server profile that the portal or gateways use when they
authenticate users. Follow these steps to set up Kerberos authentication profile for Explicit Proxy

Strata Cloud Manager Getting Started 422 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

mobile users to connect to Prisma Access, for administrators to connect to the firewall web
interface, and for end users to log in to the Authentication Portal.
STEP 1 | Go to Manage > Configuration > Identity Services > Authentication > Authentication
Profiles and Add Profile.

STEP 2 | Select the Authentication Method: Kerberos.

STEP 3 | Enter the Profile Name to identify the server profile. The authentication profile specifies the
server profile that the portal or gateways use when they authenticate users.

STEP 4 | Enter the Kerberos Realm (up to 127 characters) to specify the hostname portion of the
user login name. For example, the user account name [email protected] has the realm
EXAMPLE.LOCAL.

STEP 5 | Import a Kerberos Keytab file which contains the Kerberos account information. When
prompted, browse for the keytab file, and then click Save. During authentication, the
endpoint first attempts to establish SSO using the keytab.

STEP 6 | Choose the Kerberos Keytab.

STEP 7 | Click Save.

Strata Cloud Manager Getting Started 423 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

Manage: Cloud Identity Engine

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Cloud Identity Engine (Directory Sync) gives Prisma Access read-only access to your Active
Directory information, so that you can easily set up and manage security and decryption policies
for users and groups.
Cloud Identity Engine works with both on-premises Active Directory and Azure Active Directory.
To set up Cloud Identity Engine with Prisma Access, start by going to the hub to activate Cloud
Identity Engine and to add it to Prisma Access. Then go to Prisma Access to validate that Prisma
Access is able to access directory data.
STEP 1 | Activate Cloud Identity Engine
Cloud Identity Engine can share Active Directory information with any supported app on the
hub. It’s free and does not require an auth code to get started. Cloud Identity Engine setup
includes activating the Cloud Identity Engine app on the hub, configuring the Cloud Identity
Engine agent to gather Active Directory mappings, and configuring mutual authentication
between Cloud Identity and and the agent.
Make sure to deploy the Cloud Identity Engine instance in the same region that you deployed
Prisma Access and Strata Logging Service.

STEP 2 | Enable Cloud Identity Engine for Prisma Access.

You can associate Prisma Access with Cloud Identity Engine when you’re first activating
Prisma Access or anytime after:
• While you’re activating Prisma Access: When you first activate Cloud Managed Prisma
Access, you can choose a Cloud Identity Engine instance for Prisma Access to use. Make
sure to select an instance that is deployed in the same region as Prisma Access.
• After you’ve activated Prisma Access: To enable Cloud Identity Engine for an existing
Prisma Access instance, log in to the hub. From the hub settings dropdown (see the gear
on the top menu bar), select Manage Apps. Find the Prisma Access instance you want to
update, and select the Cloud Identity Engine instance you want Prisma Access to use.

Strata Cloud Manager Getting Started 424 ©2025 Palo Alto Networks, Inc.
Manage: NGFW and Prisma Access

STEP 3 | Confirm that Prisma Access is connected to Cloud Identity Engine, and that Cloud Identity
Engine is sharing directory information with Prisma Access.
• Check that you can see your directories in Prisma Access.
Go to Manage > Configuration > Identity Services > Cloud Identity Engine:
• Verify that you can add users and groups to a policy rule.
Select Manage > Security Services > Security or Decryption. In a security or decryption
policy rule, check that the Users dropdown displays your Active Directory user and group
entries. Now you can start adding these users and groups to your security and decryption
policy rules.

Troubleshoot traffic that isn't being enforced as expected–check the status of

specific firewalls to understand whether there’s a mismatch between expected
policies (as configured) and enforced policies.

Manage: Identity Redistribution

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Use Strata Cloud Manager to set up and manage identity redistribution for NGFWs and Prisma
Access.
• Prisma Access
• NGFW

Identity Redistribution (Prisma Access)

So that you can enforce your security policy consistently, Prisma Access shares identity data that
GlobalProtect discovers locally across your entire Prisma Access environment. Prisma Access can
also share identity data with on-premises devices at remote network sites or service connection
sites (HQ and data centers).
For Prisma Access managed by Strata Cloud Manager, we’ve enabled some identity data
redistribution by default, and for what’s left, we’ve made the configuration to enable
redistribution very simple (just select a checkbox to select what data you want to share).
From the Identity Distribution dashboard, you can see how identity data is being shared and
manage data redistribution (Configuration > Identity Services > Identity Redistribution.

Identity data that you can redistribute includes:

• HIP data
• IP-address-to-tag mappings
• IP-address-to-user mappings
• User-to-tag mappings
• Quarantined devices
Get started with identity redistribution:
How Identity Redistribution Works
For mobile users to access a resource at a remote network location or HQ/data center that’s
secured by a device with user-based policies, you must redistribute the identity data from the
Prisma Access mobile users and users at remote networks to that on-premises device.
When the users connect to Prisma Access, Prisma Access collects the user’s identity data and
stores it.
The following example shows two mobile users that have an existing IP address-to-username
mapping in Prisma Access. Prisma Access then redistributes this mapping by way of a service
connection to the on-premises devices that’s securing the HQ/data center.
Prisma Access managed by Strata Cloud Manager automatically enables service connections to
work as identity redistribution agents (also called User-ID agents).

Set Up Identity Redistribution

Confirm Your Service Connection Setup

If you haven’t yet set up a service connection for your HQ or data centers, begin by
configuring a service connection. A service connection is required for Prisma Access to
share identity data across your environment; Prisma Access automatically enables service
connections to work as redistribution agents. A newly-created service connection site will
be ready to be used as a redistribution agent when you see that it's been assigned a User-ID
Agent Address (Prisma Access does this automatically, and it'll just take a few minutes). Go to
Configuration > Identity Services > Identity Redistribution and set the configuration scope to
Service Connections to verify the service connection User-ID agent details.

Send Identity Data from Prisma Access to On-Premises Devices

The service connection’s User-ID agent information is all you need to configure Prisma Access
to distribute identity data to on-premises devices.
Go to Configuration > Identity Services > Identity Redistribution and set the configuration
scope to Service Connections to get the service connection User-ID agent details.
Use these details to configure Prisma Access as a data redistribution agent on Panorama or a
next-gen firewall.

Send Identity Data from On-Premises Devices to Prisma Access

Add on-premises devices to Prisma Access as redistribution agents; the devices you add will be
able to distribute identity data to Prisma Access.
• From devices at remote network sites:
Go to the Identity Redistribution dashboard, set the configuration scope to Remote
Networks, and Add Agent. In addition to specifying the host details, select the type of data

the device shares with Prisma Access. Optional settings include the name and a pre-shared
key for the device.

• From devices at service connection sites:

Go to the Identity Redistribution dashboard, set the configuration scope to Service
Connections, and Add Agent. In addition to specifying the host details, select the type of
data the device shares with Prisma Access. Optional settings include the name and a pre-
shared key for the device.

Configure the Terminal Server Agent for User Mapping

The Terminal Server (TS) Agent allocates a port range to each user to identify specific users on
Windows-based terminal servers. The TS Agent notifies Prisma Access of the allocated port
ranges, so that Prisma Access can enforce policy based on users and user groups.
On the Identity Redistribution dashboard, set the configuration scope to Remote Networks,
and Add Terminal Server Agent under Terminal Server Sending to Remote Networks Nodes.
• By default, the configuration is Enabled.
• Enter a Name for the TS Agent.
• Enter the IP address of the Windows Host on which the TS Agent is installed.
• Enter the Port number on which the agent listens for user mapping requests. The port is set
to 5009 by default.
• Save your changes.

Distribute Identity Data Across Your Prisma Access Environment

On the Identity Redistribution dashboard, Edit the diagram to specify the identity data you
want to collect from each source and share across Prisma Access.

To activate your changes, push the configuration to Prisma Access.

Identity Redistribution (NGFW)

In a large-scale network, instead of configuring all your firewalls directly to query the mapping
information sources, you can streamline resource usage by configuring some firewalls to collect
mapping information through redistribution. Data redistribution also provides granularity, allowing
you to redistribute only the types of information you specify to only the devices you select. You
can also filter the IP user mappings or IP tag mappings using subnets and ranges to ensure the
firewalls collect only the mappings they need to enforce policy rules.

To redistribute the data, you can use the following architecture types:
• Hub and spoke architecture for a single region:
To redistribute data between firewalls, use a hub and spoke architecture as a best practice.
In this configuration, a hub firewall collects the data from sources such as Windows User-ID
agents, syslog servers, Domain Controllers, or other firewalls. Configure the redistribution
client firewalls to collect the data from the hub firewall.
• Multi-Hub and spoke architecture for multiple regions:
If you have firewalls deployed in multiple regions and want to distribute the data to the
firewalls in all of these regions so that you can enforce policy rules consistently regardless of
where the user logs in, you can use a multihub and spoke architecture for multiple regions.
• Hierarchical architecture:
To redistribute data, you can also use a hierarchical architecture. For example, to redistribute
data such as User-ID information, organize the redistribution sequence in layers, where each
layer has one or more firewalls. In the bottom layer, PAN-OS integrated User-ID agents
running on firewalls and Windows-based User-ID agents running on Windows servers map IP
addresses to usernames. Each higher layer has firewalls that receive the mapping information
and authentication timestamps from up to 100 redistribution points in the layer beneath it. The
top-layer firewalls aggregate the mappings and timestamps from all layers. This deployment
provides the option to configure policy rules for all users in top-layer firewalls and region- or
function-specific policy rules for a subset of users in the corresponding domains served by
lower-layer firewalls.

When traffic isn’t being enforced as expected, use Troubleshooting to check the
dataplane status of specific firewalls to understand whether there’s a mismatch between
expected policies (as configured) and enforced policies.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Ensure your Strata Cloud Manager deployment meets the requirements to configure identity
redistribution.
1. Configure and activate the Cloud Identity Engine (CIE) for your Strata Cloud Manager
tenant.
This is required to use identity redistribution.
1. Activate the Cloud Identity Engine.
2. Set Up the Cloud Identity Engine.
2. Select Configuration > NGFW and Prisma Access > Objects > Address > Address
Groups and Add Address Group a Dynamic Address Group with the required IP address-
to-tag mappings.
For the address group Type, select Dynamic. Configure the Dynamic Address Group as
needed and Save.
3. Select Configuration > NGFW and Prisma Access > Objects > Dynamic User Groups and
Add a Dynamic User Group with the required username-to-tag mappings.
Configure the Dynamic User Group as needed and Save.

STEP 3 | Select Configuration > NGFW and Prisma Access > Identity Services > Identity
Redistribution and select the Configuration Scope where you want to configure identity
redistribution.
You can select a folder or firewall from your Folders or select Snippets to configure identity
redistribution in a snippet.

STEP 4 | Add Agent.

STEP 5 | Enter a descriptive Name for the agent.

STEP 6 | Enter the Host IP address.

STEP 7 | Enter the Port (range is 1-65535).

STEP 8 | Select the Data Type Mapping.

• IP to User—IP address-to-username mappings for User-ID.
• Host Information Profile (HIP)—IP address-to-tag mappings for Dynamic Address Groups.
• IP to Tag—Username-to-tag mappings for Dynamic User Groups.
• User to Tag—HIP data from GlobalProtect, which includes HIP objects and profiles.
• Quarantined Device List—Devices that GlobalProtect identifies as quarantined.

STEP 9 | Enter a Collector Name to identify the redistribution agent.

STEP 10 | Enter and confirm the Pre-Shared Key for the collector.

STEP 11 | Save.

STEP 12 | (Cloud Management of NGFW only) Enable identity redistribution for firewalls.
1. Select Configuration > NGFW and Prisma Access > Device > Device Setup >
Management > Service Route Settings and select Customize to configure a service route
for the uid-agent service.
Select the Configuration Scope where you want to create the service route. You can
select a folder or firewall from your Folders or select Snippets to configure the service
route in a snippet.
2. Enable the firewall to respond when other firewalls query it for data to redistribute.
1. Select Configuration > NGFW and Prisma Access > Device > Device Setup >
Management and enable the User-ID network service.
2. Select Configuration > NGFW and Prisma Access > Device > Interfaces to create or
select a Layer 3 interface.
Expand the Advanced Settings. In Other Info, create or edit the Management Profile
to enable User-ID.

STEP 13 | Push Config.

Manage: Local Users and Groups

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Locally store authentication information for administrators and end users. You can store
authentication information from administrators and end users who authenticate using
GlobalProtect or the Authentication portal.
To configure local database authentication, you create a database that runs locally on the firewall
and contains user accounts (usernames and passwords or hashed passwords). You can configure
a user database that is local to the firewall to authenticate administrators who access the firewall
web interface and to authenticate end users who access applications through Authentication
Portal or GlobalProtect.
Local database authentication can be associated with an authentication profile so they can
accommodate deployments where different sets of users require different authentication settings,
such as Kerberos single sign-on (SSO) or multi-factor authentication (MFA) . For administrator
accounts that use an authentication profile, password complexity and expiration settings aren’t
applied. This authentication method is available to administrators who access the firewall and end
users who access services and applications through Authentication Portal or GlobalProtect.
Go to Manage > Configuration > NGFW and Prisma Access > Identity Services > Local Users &
Groups to start collecting authentication data.

Create a Local User

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Identity Services > Local
Users & Groups > Local Users and select the Configuration Scope where you want to create
a local user.
You can select a folder or firewall from your Folders or select Snippets to configure a local
user in a snippet.

STEP 3 | Add Local User.

STEP 4 | Enter the user Name.

STEP 5 | Verify that the local user is Enabled.

Rather than deleting a local user from the local firewall database for authentication,
you can uncheck (disable) so that the user is no longer enabled for authentication.

STEP 6 | Enter a Password and Confirm Password.

STEP 7 | Save.

STEP 8 | Push Config.

Create a Local User Group

Group multiple local users into a single local group to add group information to the local firewall
database. You can create a local user group to manage multiple local users who have the same
authentication requirements.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Configuration > NGFW and Prisma Access > Identity Services > Local
Users & Groups > Local User Groups and select the Configuration Scope where you want to
create a local user group.
You can select a folder or firewall from your Folders or select Snippets to configure a local
user group in a snippet.

STEP 3 | Add Local User Group.

STEP 4 | Enter a local user group Name.

STEP 5 | Add the Local Users you created in the previous step.

STEP 6 | Save.

STEP 7 | Push Config.

Manage: Device Settings

Where Can I Use This? What Do I Need?

• , including those funded by Software One of these:

NGFW Credits
•
• or
→ The features and capabilities available to
you in depend on which license(s) you are
using.

From Device Settings, you can configure the following settings for your cloud-managed firewalls:

Setting Description

Interfaces Configure interfaces to enable your firewall to operate in

multiple deployments at once.
On the Ethernet tab, use the Show local device configs to
view the various configuration present on the local Firewall
and Strata Cloud Manager.

Routing Configure routing profiles, a logical router, and a static

route for your firewalls.

IPSec Tunnels Configure IPSec tunnels to authenticate and encrypt IP

packets as they traverse the tunnel.

DHCP Configure DHCP to provide TCP/IP and link layer

configuration parameters and to provide network
addresses to dynamically configured hosts on a TCP/IP
network.

Zones Configure zones to segment your network into functional

and organizational zones to reduce your attack surface.

DNS Proxy Configure a DNS proxy to configure the firewall to act as

an intermediary between DNS clients and servers.

Device Setup Set up your devices to configure service routes,

connection settings, allowed services, and administrative
access settings for the management and auxiliary
interfaces for your firewalls.

Proxy Configure a web proxy to consolidate proxy and firewall

functionality into one device.

Setting Description
Web proxy for Strata Cloud Manager requires
the legacy router stack. If you'd like this
enabled, please reach out to your account
team.

Virtual Wire Configure a virtual wire to integrate a firewall interface

into a topology so that the two connected interfaces on
the firewall don’t need to do any switching or routing.

GlobalProtect Enable your cloud-managed NGFWs as GlobalProtect

gateways and portals, in order to provide flexible, secure
remote access to users everywhere.

Manage: Objects
Where Can I Use This? What Do I Need?

• At least one of these licenses is needed

(with or configuration management)
to manage your configuration with ; for
• NGFWs unified management of NGFWs and Prisma
(with or configuration management) Access, you'll need both:

• AI Runtime Security license

AI Runtime Security Licenses (BYOL)

AI Runtime Security Deployment Profile

Objects are policy building blocks that group discrete identities such as IP addresses, URLs,
applications, or users. Use them to define and group entities, settings, or preferences. You can
then easily reference and reuse the objects in your policies. When you update an object definition
(or if it can be updated dynamically), the policy rules referencing that object automatically enforce
your latest changes. By grouping objects, you can significantly reduce the administrative overhead
in creating policies.

When used together, some objects can help you to automate policy action: auto-tags,
dynamic user groups, and dynamic address groups.

Go to Manage > Configuration > NGFW and Prisma Access > Objects to get started with policy
objects.

Object Description

Addresses Reuse and reference an address or group of

addresses across policy rules, filters, or other
functions without having to manually add
the address or addresses each time. You can
define regions to apply policy to specified
countries or locations. Applying policy based
on region is a great way to control traffic
between branch offices.

Applications Your network traffic is automatically classified

into applications that you can use to build
a versatile security policy based on your
business needs. To simplify the creation of
security policies, applications requiring the
same security settings can be combined into
an application group. Application groups can

Object Description
include applications, application groups, and
application filters.

Traffic Object Create Traffic objects to specify cloud entities

within specific clusters or VPC endpoints to
enforce customized security policy rules.

Services While the HTTP and HTTPS services are

already defined for you and ready to use,
you can add service definitions to control the
port numbers that applications can use. You
can combine services that are often assigned
together into service groups to simplify the
creation of security policies.

SaaS App Management Centrally manage your SaaS applications

for each of your SaaS apps. SaaS App
Management lets you find features you can
use to safely enable apps for your enterprise.

HIP Decide what GlobalProtect app data (the

host information profile, or HIP, data the app
collects from endpoints) that you want to
use to enforce security policy. Combine HIP
objects to build a HIP profile. Think of HIP
profiles as security posture checklists again
which your hosts are evaluated, and each HIP
object is one item on the list. You can grant
hosts access to your network or to sensitive
resources based on their security posture
compliance.

Dynamic User Groups Dynamic user groups give you a way to auto-
remediate anomalous user behavior and
malicious activity. Membership in a dynamic
user group is tag-based – users are included
in the group only so long as they match your
defined criteria.

Tags Use tags to identify the purpose of a rule or

configuration object and to help you better
organize your rulebase.

Auto-Tag Actions Auto-tags give you a way to automate

security actions based on activity. You can
specify the log criteria that triggers security
policy enforcement.

Object Description

Log Forwarding Configure a log forwarding profile to specify

which logs to forward to your Logging
Service.

External Dynamic Lists An External Dynamic List (EDL) is an internally

or externally hosted text file used for policy
enforcement. The firewall check your EDLs at
your configured intervals to enable dynamic
policy enforcement.

Certificate Management Centrally manage the certificates that secure

communication across your network.

Schedules Create a schedule to limit enforcement of a

security policy rule to specific times that you
define.

Quarantined Device Lists Identify and quarantine compromised devices.

You can either manually or automatically
(based on auto-tags) add devices to a
quarantine list. You can block quarantined
devices from accessing the network or restrict
the device traffic based on a security rule.

Manage: Certificate Management

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Centrally manage the certificates you use to secure communication across your network. In
one place, set up your certificates, add certificate authorities (Prisma Access includes preloaded
certificates for well-known CAs), add OCSP responders, and define certificate checks you want to
require. The certificates and settings you set up here can be used throughout your Prisma Access
deployment to secure features like decryption, your authentication portal, and the GlobalProtect
app.

To ensure trust between parties in a secure communication session, Prisma Access uses digital
certificates. Each certificate contains a cryptographic key to encrypt plaintext or decrypt
ciphertext. Each certificate also includes a digital signature to authenticate the identity of the
issuer. The issuer must be in the list of trusted certificate authorities (CAs) of the authenticating
party. Optionally, the authenticating party verifies the issuer did not revoke the certificate.Prisma
Access uses certificates to secure features like decryption and authentication, and to secure
communication between all the clients, servers, users, and devices connecting to your network.
Here are some of the keys and certificates that Prisma Access uses.

As a best practice, use different keys and certificates for each usage.

• Authentication—You can use certificate-based authentication for mobile users connecting

to Prisma Access. Additionally, in deployments where Authentication policy identifies users
who access HTTPS resources, designate a server certificate for the authentication portal. If you
configure the authentication portal to use certificates for identifying users (instead of, or in
addition to, interactive authentication), deploy client certificates also.
• Decrypting Trusted Sites—For outbound SSL/TLS traffic, if a firewall acting as a forward proxy
trusts the CA that signed the certificate of the destination server, the firewall uses the forward
trust CA certificate to generate a copy of the destination server certificate to present to the
client. To set the private key size, see Configure the Key Size for SSL Forward Proxy Server
Certificates.
• Decrypting Untrusted Sites—For outbound SSL/TLS traffic, if a firewall acting as a forward
proxy does not trust the CA that signed the certificate of the destination server, the firewall
uses the forward untrust CA certificate to generate a copy of the destination server certificate
to present to the client.
Go to Manage > Configuration > NGFW and Prisma Access > Objects > Certificate Management.
From this interface, you can manage:
• Custom Certificates—Generate, import, renew, revoke, and export certificates and private key.
To generate a certificate, you must first Create a Self-Signed Root CA Certificate or import
one (Import a Certificate and Private Key) to sign it. To use Online Certificate Status Protocol
(OCSP) for verifying certificate revocation status, add an OCSP Responder before generating
the certificate. And as part of generating or importing a certificate, you’ll need to define what
type of certificate it is.
You can export the private key in the following format:
• Base64 Encoded Certificate (PEM)—This is the default format. It's the most common and
has the broadest support on the internet. Export Private Key if you want the exported file to
include the private key.
• Encrypted Private Key and Certificate (PKCS12)—This format is more secure than PEM but
isn't as common or as broadly supported. The exported file will automatically include the
private key.
• Binary Encoded Certificate (DER)—More operating system types support this format than
the others. You can't export the private key in this format.
• Certificate Profiles—Certificate profiles define user and device authentication for the features
and interactions that rely on certificate authentication. The profiles specify which certificates

to use, how to verify certificate revocation status, and how that status constraints access.
Configure a certificate profile for each of your use cases.
• OCSP Responders—Use Online Certificate Status Protocol (OCSP) to check the revocation
status of authentication certificates. The authenticating client sends a request containing the
serial number of the certificate to the OCSP responder (server). The responder searches the
database of the certificate authority (CA) that issued the certificate and returns a response
containing the status (good, revoked or unknown) to the client. The advantage of the OCSP
method is that it can verify status in real-time, instead of depending on the issue frequency
(hourly, daily, or weekly) of CRLs.
• SSL/TLS Service Profiles—Prisma Access uses SSL/TLS service profiles to specify a certificate
and the allowed protocol versions for SSL/TLS services. By defining the protocol versions, you
can use a profile to restrict the cipher suites that are available for securing communication
with the clients requesting the services. This improves network security by enabling Prisma
Access SSL/TLS versions that have known weaknesses. If a service request involves a protocol
version that is outside the specified range, the firewall or Panorama downgrades or upgrades
the connection to a supported version.
• Default Trusted Certificate Authorities (CAs))—Prisma Access trusts the most common and
trusted authorities (CAs) by default. These trusted certificate providers are responsible for
issuing the certificates the firewall requires to secure connections to the internet.The only
additional CAs you might want to add are trusted enterprise CAs that your organization
requires.

Attempting to renew a nearly expired certificate by importing a new certificate with

identical properties (same issuer-hash, same subject-hash, different validity period) will
cause issues in Strata Cloud Manager.
Use one of the following options when renewing expired or nearly expired certificates:
Renew the certificate from the Certificate Management table.
Delete the certificate from the Certificate Management table and re-import it.

Manage: SaaS Application Management

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Prisma Access gives you simple, centralized management for your SaaS applications. For each
of the apps listed on the SaaS Application Management dashboard—Microsoft 365 apps,

Google apps, Dropbox, and YouTube—you’ll find features that you can use to safely enable the
applications for enterprise use.

The EDL Hosting Service for Application Endpoint Management

SaaS providers publish lists of the IP addresses and URL endpoints their SaaS applications
use, and frequently update these lists. Palo Alto Networks hosts these lists for you, and
you can reference them in policy.
For Microsoft 365, you can subscribe to endpoint lists directly from Prisma Access
managed by Strata Cloud Manager (including optional and required lists). Sometimes,
the EDL Hosting Service releases support for SaaS providers and endpoint list feeds
that is not yet available directly in Prisma Access managed by Strata Cloud Manager.
To enforce policy for application endpoints from these SaaS providers—including Azure,
Amazon Web Services (AWS), Google Cloud Platform (GCP), Salesforce (SFDC) public
endpoints, Microsoft Defender, Zoom, and GitHub—you can create an external dynamic
list based on the feed URL.
Learn more about the EDL Hosting Service.

• Microsoft 365
• Google Apps
• Dropbox
• YouTube

Microsoft 365
Prisma Access gives you simple, centralized management for your SaaS applications, including
Microsoft 365 apps.

• Easy M365 Enablement—Use the built-in settings and guided walkthrough to safely enable
M365 in just a few clicks.
• M365 for Enterprise Use—See all the controls available to you to safely enable M365:
• Microsoft 365 Endpoint Lists
• Microsoft 365 Tenant Restrictions
Easy M365 Enablement
Built-in security and decryption rules, as well as a guided walkthrough, mean you can safely
enable M365 in just a few clicks.
• Built-in security rules allow M365 apps, and ensure that they connect only to Microsoft
endpoints
• Built-in decryption rules skip decryption for traffic destined to Microsoft-categorized Optimize
endpoints (this is Microsoft’s recommendation)
• The guided walkthrough will get you up and running with M365 in two steps.

M365 for Enterprise Use

Safely enable your Microsoft apps for enterprise use by:
• Ensuring that Microsoft apps connect only to Microsoft endpoints
• Restricting app access to enterprise accounts (disallow personal use)
To manage Microsoft 365 usage, go to Manage > Configuration > NGFW and Prisma Access.
Select Prisma Access configuration scope, go to Objects > SaaS App Management and edit
Microsoft 365 settings.

Microsoft 365 Endpoint Lists

Microsoft publishes lists of the IP addresses and URL endpoints their SaaS applications use, and
frequently updates these lists.
Palo Alto Networks hosts these lists for you, and from within Prisma Access, you can subscribe to
the lists that are relevant to you (including optional and required lists). You can use the lists you’re
subscribe to in policy. As Microsoft refreshes their endpoint lists, your policy dynamically enforces
the latest version of the list; there’s no need for you to monitor list changes or make manual policy
updates to catch the latest updates.
STEP 1 | Subscribe to an endpoint list
1. Edit Microsoft 365 settings and go to Endpoint Lists.
2. Select Customize Subscription and choose the endpoint lists you want to subscribe to,
based on the services you’re using and the list type (IPv4, IPv6, or URL).

STEP 2 | Add the endpoint list to a security policy rule

Your subscribed lists are available for you to use as match criteria in a security policy rule.
1. Go to Manage > Configuration > NGFW and Prisma Access > Security Services >
Security Policy and add or edit a rule.
2. Add SaaS Application Endpoint lists as match criteria for the rule.

Microsoft 365 Tenant Restrictions

Tenant restrictions give you a way limit app usage to enterprise accounts (stop users from
accessing their personal Microsoft accounts on the company network). To put tenant restrictions
in place:
Specify the Microsoft 365 tenants to which you want to allow access.

STEP 1 | Specify the Microsoft 365 domains and tenants to which you want to allow access.

STEP 2 | Add the tenant restrictions to a security policy rule.

While you can add tenant restrictions to a security policy rule directly from the Microsoft 365
settings here, any tenant restrictions you’ve configured can also be easily added to new and
existing security policy rules:

Google Apps
Prisma Access gives you simple, centralized management for your SaaS applications – including
Google apps – and you can enforce application traffic differently for personal and enterprise
versions of the apps. For example, you can safely enable Google apps on your company network
by restricting employees on managed devices to Google enterprise accounts, and block or limit
access to personal Google accounts.

The EDL Hosting Service releases support for SaaS providers and endpoint list feeds that
are not yet available directly in Prisma Access managed by Cloud Manager. To enforce
policy for Google Cloud Platform (GCP) endpoints, you can create an external dynamic list
based on the feed URL. Learn more about the EDL Hosting Service

To enable tenant restrictions for Google apps:

STEP 1 | Go to Manage > Configuration > NGFW and Prisma Access. Select Prisma Access
configuration scope, go to Objects > SaaS App Management, and edit Google Apps settings.

STEP 2 | Add approved domains and tenants for your users to access

STEP 3 | Assign the tenant restrictions to a security policy rule

While you can add tenant restrictions to a security policy rule directly from the Google app
settings here, all tenant restrictions you’ve configured for SaaS apps are available to you when
you’re editing or creating security policy rules:

Dropbox
Prisma Access gives you simple, centralized management for your SaaS applications, including
Dropbox. You can safely enable Dropbox on your company network by restricting usage only to
enterprise accounts.
Go to Manage > Configuration > NGFW and Prisma Access. Select Prisma Access configuration
scope, go to Objects > SaaS App Management, and edit Dropbox settings.
To enable tenant restrictions:
STEP 1 | Add approved domains and tenants for your users to access

STEP 2 | Assign the tenant restrictions to a security policy rule

While you can add tenant restrictions to a security policy rule directly from the Dropbox
settings here, all tenant restrictions you’ve configured for SaaS apps are available to you when
you’re editing or creating security policy rules:

YouTube
Prisma Access gives you simple, centralized management for your SaaS applications, including
YouTube. For YouTube, you can enforce Safe Search settings.
Go to Manage > Configuration > NGFW and Prisma Access. Select Prisma Access configuration
scope, go to Objects > SaaS App Management, and edit YouTube settings.
To enforce Safe Search for YouTube:

STEP 1 | Add the domains for which you want to enforce Safe Search

STEP 2 | Add the Safe Search settings to a security policy rule

While you can add safe search to a security policy rule directly from the YouTube settings
here, the settings you’ve configured for SaaS apps are also available to you when you’re editing
or creating security policy rules:

Manage: Global Settings

Where Can I Use This? What Do I Need?

• One of these:
license

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Review and configure the global settings in Strata Cloud Manager (Manage > Configuration >
NGFW and Prisma Access > Global Settings)

Object Description

SaaS App Management Centrally manage your SaaS applications

for each of your SaaS apps. SaaS App
Management lets you find features you can
use to safely enable apps for your enterprise.

User Coaching Notification Template Centrally manage the end user notification
templates to alert users through AI-Powered
ADEM if the user generates an Enterprise
Data Loss Prevention (E-DLP) incident when
traffic containing sensitive data is inspected
and blocked.

Auto VPN Configuring network devices and establishing

VPN tunnels manually is a tedious process and
prone to misconfigurations. Auto VPN creates
the VPN tunnel between the network devices
automatically. Auto VPN enables you to
create a VPN cluster to connect multiple local
area networks (LANs). SD-WAN with Auto
VPN makes it easy to deploy and manage the
SD-WAN deployments.

User Coaching Notification Template

Where Can I Use This? What Do I Need?

• version 6.2.7 or later

license

Where Can I Use This? What Do I Need?

Mobile Users License
license
Or any of the following licenses that include
the license
CASB license
license

The End User Coaching Notification Template allows you to configure the notification displayed
to your users in the Access Experience User Interface (UI) when they generate an Enterprise Data
Loss Prevention (E-DLP) incident. An Enterprise DLP incident is generated when a file containing
sensitive data is downloaded or uploaded, or if non-file based traffic containing sensitive data is
posted in a web form.
To determine what is considered sensitive data, you add one or more Inline Data Loss Prevention
DLP rules or Endpoint Data Loss Prevention policy rules. DLP rules and Endpoint DLP policy
rules contain the traffic match criteria that defines what is considered sensitive data. The DLP rule
is derived from the Enterprise DLP data profile of the same name. Additionally, you can configure
custom messages for when a File Based or Non-File Based Enterprise DLP incident is generated.
After an Enterprise DLP incident is generated, the user who generated the incident can view the
Data Security notification for more information about the sensitive data uploaded, downloaded, or
posted.
Only one notification is displayed per incident in a 30 second period regardless of how many
times the user generates the same incident. For example, a user attempts to upload a file
containing sensitive data to the Box Web application and Enterprise DLP blocks the upload. The
user then immediately tries to upload the same file 5 more times but is blocked each time. In
this case only one Access Experience alert is generated even though the user was blocked from
uploading a file containing sensitive date to the Box Web app 6 total times.
• User Coaching Notification Template

Configure a User Coaching Notification Template

STEP 1 | Contact your Palo Alto Networks representative to enable End User Coaching on your
tenant.

STEP 2 | Install the GlobalProtect app version 6.2.7 or later on Windows or macOS.

STEP 3 | Log in to Strata Cloud Manager.

STEP 4 | Enable Autonomous DEM.

On Strata Cloud Manager, select Workflows > Prisma Access Setup > Access Agent >
Prisma Access Agent and Add Agent Settings. You must configure these required settings

to display notifications to your users in the Access Experience UI when they generate a DLP
incident.
• Access Experience—Select Install.
• Display ADEM Update Notification—Check Enable.

STEP 5 | (macOS only) In the Access Experience UI, select Settings > Notifications and enable Allow
notifications.
This setting must be enabled in the Access Experience UI for each user and is required to
display notifications on the user's desktop. Configure the rest of the Access Experience
notifications settings as needed.

STEP 6 | Configure Enterprise DLP.

1. Create a decryption profile and policy rule.
This is required for Enterprise DLP to decrypt and inspect traffic for sensitive data.
2. Create custom data patterns to define your match criteria.
Alternatively, you can use the predefined data patterns instead of creating custom data
patterns.
3. Create a data profile and add your data patterns.
Only custom data profiles are supported. By default, all predefined DLP rules' Action are
set to Alert. If you must clone the predefined data profile to edit the DLP rule Action.
4. Modify the DLP rule.
• When modifying the DLP rule, you must set the Action to Block. This is required to
generate alerts in the Access Experience UI. No alerts are displayed if the Action is
set to Alert.
• Add the DLP rule to a Profile Group and attach the Profile Group to a Security
policy rule. This is required for Enterprise DLP to generate a DLP incident that then
generates a notification in the Access Experience UI.

STEP 7 | Select Manage > Configuration > NGFW and Prisma Access > Global Settings > User
Coaching Notification Template > Notification Template and Add Notification Template.

STEP 8 | Configure the General Information.

1. Select the Product Name.
• Inline Data Loss Prevention—Generates end user notifications for all Enterprise Data
Loss Prevention (E-DLP) incidents excluding Endpoint DLP.
• Endpoint Data Loss Prevention—Generates end user notifications for Endpoint DLP
incidents only.
2. Select Enable Notification Template to enable the template after you save.
This setting is enabled by default.
3. Enter a descriptive Notification Template Name.
4. (Optional) Enter a Description for the Notification Template.
5. (Optional) Select High Confidence Detections Only to only generate Access Experience
alerts for high confidence traffic matches.
High confidence matches reflect how confident Enterprise DLP is when detecting
matched traffic. For regular expression (regex) patterns, this is based on the character
distance to the configured proximity keywords. For machine learning (ML) patterns, this
confidence level is calculated by the ML models.

STEP 9 | Add one or more Applied Rules to the notification template.

DLP rules must have the rule Action set to Block and be added to a Profile Group that is
attached to a Security policy rule to generate an Access Experience notification. Only add DLP
rules added to a Profile Group that is associated with a Security policy rule. This is required
for Enterprise DLP to generate a DLP incident that then generates a notification in the

Access Experience UI. A single DLP rule can be added to multiple User Coaching Notification
Templates.
All DLP rules added to the notification template generate the same Notification Message
when Enterprise DLP blocks sensitive data that match the data profiles associated with the
DLP rule.

You can View Details for each DLP rule you add to review the specific inspection details. This
includes the traffic inspection Direction, applicable File Type, Action, and whether the DLP
rule is inspecting for File Based Match Criteria, Non-File Based Match Criteria, or both.

STEP 10 | Define the Notification Message users receive when Enterprise DLP blocks sensitive data
that match the data profiles associated with the DLP rule.
The message templates are the Access Experience toast notifications users receive when
Enterprise DLP blocks sensitive data. You can use the following variables in your message
templates. You must include the brackets for each variable.
• [file name]—File name and extension containing sensitive data blocked by Enterprise
DLP.
• (File Based only) [direction]—Specifies whether Enterprise DLP blocked a file upload or
download.
• [app name]—Application user attempted to upload to, download from, or post non-file
based content.
• [action]—Action Enterprise DLP took when sensitive data was detected. This value is
always Blocked.
1. Define the Message Template for File based detections.
Skip this step if the DLP rule isn't configured for file based detections.
2. Define the Message Template for Non-File based detections.
Skip this step if the DLP rule isn't configured for non-file based detections.
3. Add a Support Link.
You can add links directly into the Access Experience toast notification that describe
your company policy for sharing or downloading sensitive data.

STEP 11 | Save.

STEP 12 | The user who generated the Enterprise DLP incident can view the Data Security notification
to see a snippet of the sensitive data that was uploaded, downloaded, or posted.

Manage: Operations
Where Can I Use This? What Do I Need?

• NGFW (Managed by Panorama or Strata AIOps for NGFW Premium license (use the
Cloud Manager) Strata Cloud Manager app)
• Including VM-Series → The features and capabilities available to
you in Strata Cloud Manager depend on which
license(s) you are using.

Troubleshooting
Troubleshoot your NGFWs from Strata Cloud Manager without having to move between various
firewall interfaces.

For more information on troubleshooting, click here.

The troubleshooting dashboard allows you to troubleshoot Network, Identity, and Policy issues
for your Strata Cloud Managed NGFWs. Using the troubleshooting dashboard, you can locate
anomalies and problematic configurations for the following areas:
DNS Proxy
NAT
User Groups
Dynamic Address Groups
Dynamic User Groups
User ID
Session Browser
To get started, go to Manage > Configuration > NGFW and Prisma Access > Operations > >
Troubleshooting > Session Browser.

Strata Cloud Manager Getting Started 460 ©2025 Palo Alto Networks, Inc.
Manage: IoT Policy
Recommendation
Where Can I Use This? What Do I Need?

• subscription
• NGFWs
(with or configuration management) Software NGFW Credits
(for VM-Series software NGFWs)

IoT Security provides Strata Cloud Manager with automatically generated Security policy rule
recommendations organized by device profile. There is one recommendation per application per
profile. Choose a profile, select the rule recommendations you want to use, and then the next-
generation firewalls or Prisma Access deployment types where you want to enforce them.

461
Manage: IoT Policy Recommendation

Get Started
Select Security policy rule recommendations and apply them to next-generation firewalls or
Prisma Access.
STEP 1 | Create folders or snippets for next-generation firewalls.

Skip this step if you want to use predefined folders or previously created folders or
snippets. Prisma Access folders are predefined.

Folders are essentially containers that hold various kinds of rules, security configurations,
and objects. For importing the policy rule recommendations that IoT Security generated, the
folders would hold next-generation firewalls or Prisma Access deployments.
Snippets are also a type of container that can be associated with multiple folders. With folders
and snippets, you can import policy rules into whichever groups of firewalls or deployments
you want.
For example, you might create a folder named California and put 60 firewalls in it and then
create another folder named Hawaii and put 15 firewalls in that. You then create a snippet
called CA-HI and apply it to the California and Hawaii folders. When you want to import
rule recommendations only to firewalls in California, you set the scope as Folder and select
the California folder. If you want to import the rule recommendations to both California and
Hawaii, set the scope as Snippet and select the CA-HI snippet.
Depending on the hierarchy of the folder structure, we might have a parent folder like US-
West above California and Hawaii. Then if you import rule recommendations while the scope
is set as Folder with US-West selected, then both of the children folders California and Hawaii
would inherit the imported rules. However, this wouldn't work if you only wanted to import
rules to California and Hawaii if they had sibling folders like Oregon, Alaska, Washington, and
Arizona under the US-West folder. Then you'd have to use the CA-HI snippet.

STEP 2 | Create Security policy rules.

1. Select Manage > Configuration > IoT Policy Recommendation.
2. Select a profile name.
IoT Security uses machine learning to automatically generate Security policy rule
recommendations based on the normal, acceptable network behaviors of IoT devices in
the same device profile. Strata Cloud Manager displays a list of these recommendations
organized by application. For each behavior, you can see the following:

Behavior Component Explanation

App Risk This is the level of risk that’s inherent in an

application as determined by various factors
on a scale of increasing risk from 1 to 5.

Security Policy Created When one or more names of folders or

snippets appear here, it indicates a Security
policy rule was previously created for this

Behavior Component Explanation

behavior. Clicking one of them opens a
side panel with the names of the profile,
application, and folder or snippet, and the
policy rule action. When No appears here, it
indicates a rule has not yet been created.

Discovered Location Internal indicates that the destination is on

the local network. External indicates that the
destination is outside the local network.

Locally Observed Yes indicates the behavior was observed

in your IoT Security tenant environment.
No indicates it was observed in multiple IoT
Security tenant environments but not in
yours.

App Usage Common indicates that an application has

been detected in multiple IoT Security tenant
environments. Unique indicates that it has
been observed in your environment but not in
those of other tenants that also have devices
in the same profile.

Destination Address & FQDN This is the destination for a recommended

policy rule. It can be Any, an IP address, or an
FQDN.

Destination Profile A profile is shown when the destination

is internal and the device profile of the
destination is identified.

Last Seen For locally observed behaviors, this is the

timestamp when it was last observed. For
common behaviors not observed locally, a
dash is shown.

3. Select one or more behaviors and then Create Security Policy.

4. Review the Security policy rules that will be created and then select the config scope for
where Strata Cloud Manager will apply them.
To apply the rules to one or more next-generation firewalls or Prisma Access deployments
in a folder, select Folders and then choose the folder from Scope Selection.
To apply the rules to one or more next-generation firewalls or Prisma Access deployments
in a snippet, select Snippets and then choose the snippet from Scope Selection.
5. Create Security Policy.

STEP 3 | Push the configuration to next-generation firewalls and Prisma Access deployments.
1. Select Manage > Operations > Push Config.
2. Select the folders with the configuration changes, Push Config, Push, and then Push again.
Strata Cloud Manager displays an ID number in the Job ID column for the selected folders
and the status of the configuration push in the Push Status column.
When the Push Status changes from Pending to Success, you know the pushed
configuration has started running.
3. To see the status of a push job, select Manage > Operations > Push Status. There you can
see the status of the parent job and also the status of the children jobs, one for each firewall
or deployment.

Strata Cloud Manager Getting Started 464 ©2025 Palo Alto Networks, Inc.
Manage: Enterprise DLP
Where Can I Use This? What Do I Need?

• • license
(with or configuration management)
• —Support and device management
• NGFWs
licenses
(with or configuration management) • — license
• — license
• —Support and licenses
Or any of the following licenses that include
the license
• CASB license
• license
• license

Enterprise Data Loss Prevention (E-DLP) protects sensitive information against unauthorized
access, misuse, extraction, or sharing. Enterprise DLP on Strata Cloud Manager enables you to
enforce your organization’s data security standards and prevent the loss of sensitive data across
your NGFWs, and your Prisma Access mobile users and remote networks.

465
Manage: Enterprise DLP

Feature Highlights
The Enterprise Data Loss Prevention (E-DLP) Dashboard
Go to Manage > Configuration > Data Loss Prevention to configure and manage Enterprise
DLP.
Your Enterprise DLP configuration is shared across the products where you’re using Enterprise
DLP. So you might see settings here that were configured elsewhere, and some settings you
can configure here can also be leveraged in other products.
Predefined + Custom Enterprise DLP Settings
Enterprise DLP includes built-in settings that you can use to quickly start protecting your most
sensitive content:
• Predefined regex and ML-based data pattern specify common types of sensitive information
(like credit cards and social security numbers) that you might want to scan for and protect
• Predefined data profiles group together data patterns that commonly require the same type
of enforcement
You can also create custom data patterns and profiles directly on Strata Cloud Manager.
Investigation for DLP Incidents
A DLP incident is generated when traffic matches a DLP data profile attached to a security
policy rule on Strata Cloud Manager. On the DLP Incidents dashboard, you can view details
for the traffic that triggered the incident, such as matched data patterns, the source and
destination of the traffic, the file and file type.
Scanning for Images in Supported File Formats
Strengthen your security posture to further prevent accidental data misuse, loss, or theft with
Optical Character Recognition (OCR). OCR allows the DLP cloud service to scan supported file
types with images containing sensitive information that match your Enterprise DLP filtering
profiles.
Exact Data Matching (EDM)
EDM is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use
EDM to detect sensitive and personally identifiable information (PII) such as social security
numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a
structured data source such as databases, directory servers, or structured data files (CSV and
TSV), with high accuracy.
Custom Document Types
Upload your custom documents that contain intellectual property or sensitive information
to Enterprise Data Loss Prevention (E-DLP) to create custom document types. Your custom
document types are used as match criteria in advanced data profile to detect and prevent
exfiltration.
Email DLP
Email DLP prevents exfiltration of emails containing sensitive information with AI/ML powered
data detections. For example, Enterprise DLP can prevent exfiltration of sensitive data over an
outbound email sent from a salesperson within your organization to their personal email.

Role-Based Access for Enterprise DLP

You can enable role-based access to Enterprise DLP controls inside Strata Cloud Manager. This
allows you to control which users have read and write access privileges to different parts of
Enterprise DLP.

Get Started
STEP 1 | Enable Enterprise DLP on Strata Cloud Manager.
To set up Enterprise DLP, you need to create a decryption profile to allow the DLP cloud
service to inspect traffic. Select Manage > Configuration > Security Services > Decryption
and:
1. Select Manage > Configuration > NGFW and Prisma Access > Security Services >
Decryption and Add Rule.
The predefined decryption profile settings enable Enterprise DLP to inspect traffic.
Modifying the predefined decryption profile settings isn't required unless you need to
enable Strip ALPN (Advanced Settings > SSL Forward Proxy).
2. Add the decryption profile to an SSL Forward Proxy decryption rule.
• Here’s how to enable Enterprise DLP

STEP 2 | (Optional) Select Manage > Configuration > Data Loss Prevention > Detection Methods and
create a Data Pattern
You can create custom Enterprise DLP data patterns to specify what content is sensitive
and needs to be protected—this is the content you’re filtering. You can create a custom data
pattern based on regular expressions or a data pattern based on file properties.
• Here’s how to create a data pattern

STEP 3 | Create a Data Profile

Group data patterns that should be enforced the same way into a data profile. You can also
use data profiles to specify additional match criteria and confidence levels for matching.
• Here’s how to create a data profile

STEP 4 | Create a DLP Rule

Specify the traffic and file types you want Enterprise DLP to protect. Set the action for
Enterprise DLP to take when it detects a DLP incident.
• Here’s how to create a DLP rule

Strata Cloud Manager Getting Started 470 ©2025 Palo Alto Networks, Inc.
Workflows: SaaS Security
Where Can I Use This? What Do I Need?

• Either one of these licenses:

license
license or license

Identify cloud-based threats and risky user activity in sanctioned and unsanctioned apps with
SaaS Security Inline.
SaaS Security is an integrated CASB (Cloud Access Security Broker) solution that:
• Provides visibility and control over all your shadow IT risks.
• Secures SaaS apps from known and unknown cloud threats.
• Protects sensitive data and ensures compliance across all SaaS apps.
• Allows access to corporate apps only for legitimate users.
SaaS Security Inline is built-in to Prisma Access Managed by Strata Cloud Manager to give you a
centralized view of network and CASB security. It offers SaaS visibility—which includes advanced
analytics and reporting—so that your organization has the insights to understand the data security
risks of sanctioned and unsanctioned SaaS application usage on your network.
Cloud Access Security Broker (CASB) bundle includes Saas Security Inline, Enterprise Data Loss
Prevention (DLP) Inline, SaaS Security API, Data Loss Prevention (DLP) API, and SaaS Security
Posture Management (SSPM).
The Next-Generation Cloud Access Security Broker (CASB-X) license contains all the CASB
components such as SaaS Security Inline, SaaS Security API, SaaS Security Posture Management
(SSPM), and Enterprise DLP. It can be applied on Cloud-Managed Prisma Access, Panorama
Managed Prisma Access, and Panorama-Managed Next Generation Firewall (NGFW) devices in a
single tenant environment.

Here’s everything you need to know to use SaaS Security on Strata Cloud Manager.

471
Workflows: SaaS Security

Get Started
Here’s how to get up and running with SaaS Security Inline on Prisma Access Managed by Strata
Cloud Manager:

Confirm that the SaaS Security add-on license is included with your Prisma Access
subscription.
Go to Manage > Configuration > Overview to check what's available with your license.

If you haven’t already, activate the SaaS Security Inline app on the hub.
After activation, SaaS Security Inline automatically discovers all SaaS applications and users
and analyzes users’ SaaS activity and usage data from your Prisma Access logs that are stored
in Strata Logging Service.

Review and manage administrator roles and access.

Go to Settings > Identity and Access to provide role-based access to SaaS Security controls in
Prisma Access Managed by Strata Cloud Manager.

To comprehensively manage SaaS Security, users must also be an administrator for the
SaaS Security Inline app. Jump directly from the Prisma Access Cloud Management
dashboard to the SaaS Security Console to add SaaS Security Inline administrators.

Explore the SaaS Security dashboard in Prisma Access Managed by Strata Cloud Manager.
Go to Manage > Configuration > Security Services > SaaS Security.
All dashboard views are supported directly in Prisma Access Managed by Strata Cloud
Manager. Examine these views to identify risky SaaS applications and users and SaaS Security
Posture Management. SaaS Security Posture Management (SSPM) helps detect and remediate
misconfigured settings in sanctioned SaaS applications through continuous monitoring.

Review and share the SaaS Security report.

SaaS Security Inline includes a SaaS Security report that provides a snapshot of application
usage with advanced aggregated data and views. This report serves as a communication tool
between your SaaS security team and executive management. You can share this on-demand
PDF report with your SaaS security team for a periodic check-in, or email the report to your
executives to highlight the SaaS applications in use in your organization and the security risks
they pose.
• Here’s more on the SaaS Security report
• Here’s how to generate the SaaS Security report in the SaaS Security Inline app

See what else you can do with SaaS Security and Prisma Access Managed by Strata Cloud
Manager.

SaaS Policy Recommendations

To gain visibility into and control of SaaS applications, SaaS Security admins create SaaS rule
recommendations with specific SaaS App-IDs provided by the App-ID Cloud Engine (ACE).
In Prisma Access Managed by Strata Cloud Manager, you can now review and choose to accept
the rules that SaaS Security admins recommend. SaaS rule recommendations are added to your
web access policy—you must have Web Security enabled to leverage SaaS rule recommendations.
Here’s how you can get started — review the workflow to review and accept SaaS policy
recommendations here:
1. SaaS Security admins create SaaS rule recommendations in the SaaS Security Inline app or
directly in Prisma Access Managed by Strata Cloud Manager.
➡ In Prisma Access Managed by Strata Cloud Manager, go to Manage > Configuration >
Security Services > SaaS Security

2. You can review and import SaaS rule recommendations.

➡ Go to Manage > Web Security > Web Access Policy

3. The SaaS rule recommendations you’ve imported are labeled so you can easily identify them.

Strata Cloud Manager Getting Started 474 ©2025 Palo Alto Networks, Inc.
Manage: Prisma SD-WAN
Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

Prisma SD-WAN provides a software-defined, wide area network (SD-WAN) solution that
transforms legacy wide area networks (WANs) into a radically simplified, secure, application fabric
(AppFabric), virtualizing heterogeneous underlying transports into a unified hybrid WAN. At the
core of the system is the application performance engine.
You can view granular application-driven analytics, build a robust policy, and performance-based
traffic management of the WAN. Through Instant-On Network (ION) devices, Prisma SD-WAN
simplifies how WANs are designed, built, and managed, securely extending data center-class
security to the network edge.
Prisma SD-WAN supports stacked policies for flow forwarding operations. Using centrally-defined
policies, each ION device performs actions such as automatic path selection, traffic shaping, or
active-active load balancing between links, while the Prisma SD-WAN controller provides full
visibility into application performance and response times across all WAN links.
Prisma SD-WAN controls network application performance based on application-performance
service level agreements (SLAs) and business priorities. You can configure policies, resources,
CloudBlades, and system settings for Prisma SD-WAN using Strata Cloud Manager.
Select Manage > Prisma SD-WAN to manage configurations for:
• Policies
• Resources
• CloudBlades
• System

475
Manage: Prisma SD-WAN

Manage: Policies for Prisma SD-WAN

Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

Prisma SD-WAN supports stacked and original policies. Using centrally-defined policies, each
ION device performs actions such as automatic path selection, traffic shaping, or active-active
load balancing between links, while the Prisma SD-WAN controller provides full visibility into
application performance and response times across all WAN links.
Configure policies in Prisma SD-WAN using Strata Cloud Manager.
STEP 1 | Select Manage > Prisma SD-WAN > Policies.
You can configure the following types of policies in Prisma SD-WAN:
• Path
Configure stacked path policies for flow forwarding and traffic shaping operations.
• Performance
Configure performance policies to measure application performance and App SLAs.
• QoS
Configure stacked QoS policies for specifying business priorities.
• Security
Configure stacked security policies to define rules that determine application access within
a branch.
• NAT
Configure stacked NAT policies to ensure privacy of internal networks connected to public
or private networks.
• Security (Original)
These are legacy security policies. If you are a new user starting with ION device software
version 6.0.1, you can configure only stacked security policies. If you have configured
original or legacy policies, you have to convert these legacy policies to stacked policies
before you can upgrade your device to Release 6.0.1.
• Network (Original)
These are legacy network policies. If you are a new user starting with ION device software
version 6.0.1, you can configure only stacked network policies. If you have configured
original or legacy policies, you have to convert these legacy policies to stacked policies
before you can upgrade your device to Release 6.0.1.

STEP 2 | Select Bindings to bind policy stacks to a site.

In order for policy rules in Path, QoS, Security, and NAT stacks to be effective, you must bind
the policy stacks to a site. You can bind only a single path, QoS, Security, and NAT stack to a
site at a time.

Manage: Resource Types for Prisma SD-WAN

Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

You can manage different types of resources in Prisma SD-WAN.

Manage resources in Prisma SD-WAN using Strata Cloud Manager.
Select Manage > Prisma SD-WAN > Resources.
You can manage the following types of resources in Prisma SD-WAN:
• Applications
Applications are at the core of the Prisma SD-WAN solution. ION devices deployed in the
network actively analyze each application flow to ensure that policies for performance,
compliance, and security are maintained, and optimum network connections are used for
each flow. The ION device uses application definitions and fingerprinting technologies for
path selection, QoS, and firewall policies.
System applications are available by default, whereas you can configure custom applications
for your enterprise requirements.
• Circuit Categories
Circuit categories are a logical grouping of various kinds of circuits and connectivity that
may be present in the network. This grouping allows for simplified and reusable network
policy rules for the entire network. For example, internet cable broadband, metered internet
LTE links, satellite internet links, internet DSL, or private MPLS.
• Network Contexts
Network context segments network traffic for the purpose of applying different network
policy rules for the same application. A rule with a network context always takes
precedence over a rule without a network context. You may create one or more network
contexts, but an individual LAN network can belong to only one network context. You must
attach the network contexts to the appropriate LAN segments to be effective.
• Service & DC Groups
Use Service & DC Groups to map third-party endpoints to groups to allow flexibility when
creating network policy rules to account for uniqueness across sites. The intent is that the
policy rules remain the same regardless of the site location.
• Security Zones
Security Zones specify enforcement boundaries where traffic is subject to inspection
and filtering. Each security zone maps to networks attached to physical interfaces, logical
interfaces, or sub-interfaces of a device. These zone-level interfaces serve as a proxy for
physical circuits and virtual circuits, such as VLAN, Layer 3 VPN, and Layer 2 VPN circuits.

• Site Templates
Site configuration template helps you to create tailored site templates that cater to your
deployment requirements, allowing you to efficiently deploy branches and data centers at
scale with ease. Using this template, you can deploy multiple sites. You can use an existing
template, edit an existing one or create a new template to deploy multiple sites.
• Prefix Filters
A prefix is a group of one or more individual IP addresses or IP address subnets. Prefixes are
used with Path Set Policies and Priority Policies. They can be either global or local in scope.
• Configuration Profiles
Use configuration profiles to configure settings for different types of resources.
• IPsec
Create an IPsec profile to configure IPsec VPN connections between branch devices and
cloud security service endpoints.
• IPFIX
An IPFIX profile is a global IPFIX configuration object which identifies collector
configuration, filter configuration, the template for exporting flow information elements,
and flow sampler configuration.
• APN
Create an Access Point Name (APN) profile to define the network path for cellular data
connectivity. APN information is required to connect to a cellular network.
• DNS
Configure a Domain Name System (DNS) Profile to specify configuration parameters
for the DNS service. Commonly configured parameters include DNS Servers, Domain
to Address Mapping, Cache Configuration, and DNSSEC Configuration. After the DNS
service profile is created, it is bound to a device.
• NTP Templates
Use Network Time Protocol (NTP) configuration templates to add or edit NTP servers.
• Multicast
Create a WAN multicast configuration profile and associate it with a branch site to
enable multicast WAN multicast routing for the branch site.
• VRF
Create and associate the Global (default) Virtual Routing and Forwarding tables (VRF)
profile and assign it to all branch and data centers sites.
• IoT Discovery
Use IoT device visibility to identify devices in your network. Prisma SD-WAN branch
ION devices inspect packets, extract information, and generate messages to send to
Strata Logging Service in a specific format.

Manage: CloudBlades for Prisma SD-WAN

Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

CloudBlade license for the respective
CloudBlade

Use Prisma SD-WAN CloudBlades to securely access ION devices to automate web interface
workflows with customized templates for reducing operational complexity.
Configure CloudBlades in Prisma SD-WAN using Strata Cloud Manager.
Select Manage > Prisma SD-WAN > CloudBlades.
You will be able to view the CloudBlades that you have subscribed for in Prisma SD-WAN. Use
the steps in the relevant CloudBlade Integration to configure your CloudBlade.

Manage: System Resources for Prisma SD-WAN

Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

Manage and monitor users and permissions in Prisma SD-WAN using the resources available
under the System tab.
Select Manage > Prisma SD-WAN > System.
You can configure the following types of system resources in Prisma SD-WAN:
• License Management
Use License Management to generate authorization tokens for virtual ION. This provides a
set of controls to prevent unauthorized addition of virtual devices to an environment.
• Audit Logs
Use Audit Logs to view the configuration change records in a system. You can use these
logs for compliance and troubleshooting purposes. Audit logs provide information such as
changes made, owner of the change, time of change, and the scope of the change at a site,
system, or a subset of sites.
• Enterprise Prefixes
Use Enterprise Prefixes to allow Prisma SD-WAN data center sites to easily advertise routes
and reachability to branch sites.
• Access Management
• User Access
• User Management
Add a new user with a system role as per the requirements of your enterprise.
System roles are a pre-defined set of permissions for each role. These roles include
a collection of one or more system permissions. Available system roles include

Root, Super administrator, IAM administrator, Network administrator, Security

administrator, and View-only User.
• Custom Roles
You can build custom roles by combining existing system roles and permissions in
different ways. You can create them by assembling a set of system permissions or by
adding or removing permissions from system roles.
• Password Requirements
Set the character and security requirements for passwords. You can also set the
frequency for re-using old passwords and refreshing passwords.
• Device Access
• Device Toolkit User Access
• Device Offline Access Policy
• Tenant Access
• Auth Tokens
Configure Auth Tokens to access Prisma SD-WAN APIs. Once a token is generated
for a user, it can be used to make repeated API calls eliminating unnecessary logins to
access APIs.
A user with access to an Auth token can access all the permissions assigned to the
token.
Select Manage > System > Tenant Access > Auth Tokens > Create Auth Token to
create an Auth Token.
• Identity Management
• Cloud Identity Engine

Strata Cloud Manager Getting Started 482 ©2025 Palo Alto Networks, Inc.
Manage: Prisma Access Browser
Where Can I Use This? What Do I Need?

• license
(with or configuration management)

From Strata Cloud Manager, select Manage > Configuration > Prisma Access Browser.

483
Manage: Prisma Access Browser

Prisma Access Secure Enterprise Browser (Prisma Access Browser) is the only solution that
secures both managed and unmanaged devices, through a natively integrated enterprise browser
that extends protection to unmanaged devices. See What is the Prisma Access Browser?

Home
Home is the landing page when you access Prisma Access Browser from Strata Cloud Manager.
From the home page, you can use the Prisma Access Browser Dashboards to derive meaningful
insights from the analysis of user behavior and browsing data. There are a variety of dashboards
for specific use cases you might want to monitor, such as user behavior, data leak prevention, web
security, and policy. Each dashboard contains a collection of widgets and some of the widgets
appear in multiple dashboards.

Analytics
The Prisma Access Browser Events screen is the key visibility tool for investigating every activity
within your Enterprise Browser deployment to verify that policies and rules are working as they
should. This is where you investigate Prisma Access Browser Events.

Directory
• The Users directory serves as a central location for information regarding the users and their
Prisma Access Browser connected devices, membership in user groups, and related policy
rules. Manage Prisma Access Browser Users
• The device directory provides a roster of your Prisma Access Browser devices and device
groups. Manage Prisma Access Browser Devices
• The Prisma Access Browser comes equipped with a preexisting list of Verified applications. The
Verified applications list references the Palo Alto Networks App-ID™ catalog of applications,
and is regularly synced with the cloud database. You can also create custom and private
applications. Manage Prisma Access Browser Applications
• The Prisma Access Browser maintains an Extension directory that includes extensions installed
by end-users on the browser. This information allows you to maintain proper corporate policy
management, manage visibility and risk analysis.Manage Prisma Access Browser Extensions

Policy
• You can use Rules to specify the Users, User Groups, and Device Groups that will be impacted
by the various policies. These rules govern access to web applications, security policies, and
customization options. By utilizing rules, you can precisely control user access to organizational
tools and components.Manage Prisma Access Browser Policy Rules
• The Controls for the Prisma Access Browser rules can be configured within the body of the
individual rule. Profiles (external controls) can be used when you want to save reusable (legacy)
profiles and add them to the rules later. Manage Prisma Access Browser Policy Profiles
• Use sign-in rules to determine which users and devices have access to Prisma Access Browser.
Manage Prisma Access Browser Sign-in Rules
• After you define the bypass conditions within the policy rules, when users attempt to perform
and action or visit a site blocked by the corresponding rule, they can submit a bypass request.
To set bypass conditions, you configure the prompt action to enable permission requests.
Manage Prisma Access Browser Requests to Bypass Policy Rules.

Administration
Manage integrations for additional functionality with the following:
• Microsoft 365
• Microsoft Information Protection
• Google Workspace
• Votiro
• CrowdStrike Falcon Intelligence
• OPSWAT MetaDefender
• YazamTech SelectorIT
• Symantec DLP

Strata Cloud Manager Getting Started 490 ©2025 Palo Alto Networks, Inc.
Manage: Operations
Where Can I Use This? What Do I Need?

• At least one of these licenses is needed to

(with or configuration management)
manage your configuration with ; for unified
• , including those funded by Software NGFW management of NGFWs and Prisma Access,
Credits you'll need both:
license

→ The features and capabilities available to you

in depend on which license(s) you are using.

Use the Strata Cloud Manager operations to push configuration changes, review past
configuration pushes, and manage your configuration versions snapshots to load or revert them to
a previous configuration version.
• Push your configuration changes
• Review the status of a configuration push
• See how you can clean up your configuration

491
Manage: Operations

Manage: Push Config

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• , including those funded by Software
NGFW Credits or

A role that has permission to view the

dashboard

After you make configuration changes and are ready to activate them, you must push the changes
to your firewalls. You have the option to push all configuration changes or to select specific
administrators to include in the push. Pushing changes from all administrators is required for your
first configuration push. You can choose which configuration changes you want to push to Prisma
Access:
• Mobile Users — GlobalProtect
Push Global Protect updates to Prisma Access.
• Mobile Users — Explicit Proxy
Push Explicit Proxy updates to Prisma Access.
• Remote Networks
Push Remote Networks updates to Prisma Access.
• Service Connections
Push Service Connection updates to Prisma Access.
You can push a configuration while another configuration push is taking place. Prisma Access
applies configuration changes in the order you submit them.
In the event a configuration is pushed in error, or a change causes network or security disruption,
you can revert the Prisma Access configuration to the most recent running Prisma Access
configuration. This allows you to revert the Prisma Access configuration back to a running
configuration you know is functional and does not compromise your network security. You do not
have the option to select a specific running configuration. Prisma Access automatically selects the
last known running configuration and reverts to it.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Make configuration changes as needed.

STEP 3 | Push Config and Push your configuration changes.

Alternatively, you can select Manage > Operations > Push Config To Devices.

In the Push Config dialog box, you can Ignore Security Check Failures. This feature allows you
to continue with push operations even when certain checks would block the process. If you
leave the check box unchecked (the default setting), and a best practice check with a “block”
action fails, Strata Cloud Manager stops the push.

You can Ignore Security Check Failures only if your role includes the Override Security
Check Block Action permission.

STEP 4 | (Optional) Add New Filter.

You can filter the devices displayed in the push scope by applying filters. Applying filters
impacts only which firewalls or Prisma Access deployments are displayed in the push scope
and has no impact on which devices you push to.

STEP 5 | Edit the Push Scope.

Editing the push scope allows you to push targeted configuration changes to some or all of
your firewalls or Prisma Access deployments.

Performing a partial configuration push is not supported and you must push the entire
Strata Cloud Manager configuration if you:
• Configure a new tenant and this is your first configuration push.
• Onboard a firewall to Strata Cloud Manager.
• Onboard a Prisma Access mobile users and remote users.
• Rename or move a folder so that it’s nested under a different folder.
• Move a firewall to a different folder.
• Rename, associate, or disassociate a snippet.
• Load a configuration.
• Revert the configuration to the last pushed configuration or to a previous
configuration version snapshot.

• Admin Scope — Select which administrator configuration changes to include in the push. By
default, admin scope selects the current user, and changes made by that user are pushed to
the selected firewalls or Prisma Access deployments. Selecting changes Changes from all
admins includes all configuration changes made by all administrators.
Editing the admin scope to select specific administrators includes all the configuration
changes made by the selected administrators. This option can't be used when performing
your first config push. Selecting specific configuration changes to include in the push is not
supported.
• Push Scope — Select the deployment types or folders you want to push to. When you
select a deployment or folder, the configuration changes are pushed to all firewalls or
deployments.
When you select a folder that contains child folders, all child folders and the associated
firewalls or Prisma Access deployments are included in the push. Selecting a specific firewall
or a Prisma Access deployment automatically selects the folder it’s associated with.

STEP 6 | Push Config and Push.

Review the push targets and Push.

STEP 7 | Review configuration push status.

In the event a configuration is pushed in error, or a change causes network or security disruption,
you can revert your Prisma Access configuration.
➡ Restore, load, and compare configuration versions

View Prisma Access Jobs

You can view the Jobs history on Prisma Access to display details about operations that admins
initiated, as well as automatic content and license updates. This includes any configuration
commits, pushes and reverts. You can use the Jobs view to troubleshoot failed operations,
investigate warnings associated with completed commits, or cancel pending commits.
STEP 1 | Launch Prisma Access.

STEP 2 | On the top menu bar, select Push Config and view the Prisma Access Jobs.

STEP 3 | Perform any of the following tasks:

• Investigate warnings or failures—Read the entries in the Summary column for warning or
failure details.
• View a commit description—If an administrator entered a commit description, you can refer
to the Description column to understand the purpose of the commit.
• Check the position of an operation in the queue—View the operation position and status to
determine the position of the operation.

Manage: Push Status

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• , including those funded by Software
NGFW Credits or

A role that has permission to view the

dashboard

Review the push status for your past configuration pushes to your firewalls to review details such
as the push operation result, the admin that initiated the push, and the target firewalls.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Push your configuration changes.

STEP 3 | Select Manage > Operation > Push StatusConfiguration > Operation > Push Status and
locate the configuration push operation you want to review.

STEP 4 | Expand the Job ID for the configuration push you want to review.
A configuration Validation job is always performed before any configuration push occurs.
When you push to multiple firewalls, each configuration push has a unique Job ID with push
details.

STEP 5 | Review details about the configuration push status.

For example, review the push Result, the Admin who initiated the configuration push, the
configuration push Summary, and the End Time and Start Time of the configuration push.
The configuration push Result can be either OK if the push was successfully or FAIL if the
configuration push failed.

STEP 6 | Click the unique Job ID for a configuration push to a firewall to review the Job Details.
The Job Details provide detailed information about Warnings and Errors encountered
when performing the configuration push. For example, if a push to a firewall failed you can
review the Job Details to understand what caused the configuration push to fail.

Manage: Config Version Snapshots

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Configuration snapshots give you a view into your Strata Cloud Manager configuration history.
When a configuration push has unintended security implications or an unexpected impact on
traffic, you can recover by reverting to an earlier version. You can also compare configurations to
see what’s changed across versions.

Config Snapshot Overview

The Config Snapshot Version screen is the place to review pushed configurations, compare config
snapshots with your configuration candidate, and load or restore older configurations.
Select Manage > Operations > Config Version Snapshots to find configuration snapshots and
restore, load, or compare versions.

1. Add New Filter—Choose filters to sort and filter config versions by column.
2. Version—The version number of the configuration that was pushed.
The Candidate allows you to compare the currently pending configuration changes to Strata
Cloud Manager with a previous configuration version.

The configuration version number is incremental. For example, if you have 10

versions and restore configuration version 2, the configuration version will change
from 10 to 11 (it won’t show as 2).

3. Date—Date and time the config was pushed.

4. Pushed By—Administrator who pushed the changes.
5. Edited By—Administrator who made the configuration changes before they were pushed.
6. Object Changes—See how many objects were added, removed, or modified when the
config was pushed.
7. Target Devices—Devices that were targeted in the scope of the configuration push
snapshot.
When performing a Restore action, you can choose which of the devices to perform the
operation on.
8. Impacted Devices—Devices that have been modified since the previous configuration push.
Devices are only considered to be impacted to the previous configuration push snapshot.

Impacted and Target Devices

If you have two devices, A and B, and only push to device A, A becomes the Target
and Impacted device.
If you then push again to device A and B, A and B are both targeted devices, but
only B is an Impacted device.

When performing a Load action, the listed devices will be impacted.

9. Description—Review any information provided at the time the config was pushed.
10.Refresh—Update the information in the snapshot table.
11.Reset Filters—Clear all the filters to display all config versions.
12.Compare—See what has changed from version to version.
You can compare only two versions at a time.
13.Actions— You can Restore or Load a config version.
• Restore – Restore an earlier configuration version.
Restoring a configuration version directly updates the running configuration on the
deployments within the scope of the original push and does not require you to Push
Config.
Restore all the devices or deployments in the original scope of the configuration push or
select specific devices or deployments to restore. You can’t expand the configuration to
include devices or deployments outside of the original scope.
Restoring a config version does not delete or modify the candidate configuration. The
configuration in progress will be saved. Restoring a configuration just updates the

running configuration version. Deployments may appear out of sync when the restore
action is used.
• Load – Load an earlier version as your candidate configuration in Strata Cloud Manager.
Your current candidate configuration will be lost when an older configuration is loaded.
Make updates to the new candidate configuration or apply the configuration to new
devices and deployments outside of the original configuration snapshot, and, when
you’re ready, Push Config.
• Save – Save the candidate configuration as a named snapshot to use as a known
configuration. Having a known configuration allows you to easily bring your deployments
to a known and workable state. You can switch back and forth between your Named
Snapshots and the automatically logged configuration pushes in Version Snapshots.

Strata Cloud Manager will save up to 6 months of snapshots or 200 individual

snapshots.

Save a Named Snapshot

Save the current configuration candidate as a named snapshot. You can't save a partial
configuration as a named snapshot. Saving a named snapshot allows you to load a known
configuration state without having to keep track of individual snapshots that will eventually be
cycled out of the Config Versions Snapshot table.
STEP 1 | Log into Strata Cloud Manager.

STEP 2 | Select Manage > Operations > Config Version Snapshots.

STEP 3 | Select the Candidate.

STEP 4 | Click Save.

STEP 5 | Enter a Name up to 64 characters.

The Name for the snapshot will default to config_year-month-day-timestamp.

STEP 6 | Save your snapshot.

When you save a Named Snapshot, it will replace the current candidate configuration.

STEP 7 | (Optional) Verify that your snapshot was saved by navigating to the Named Snapshots in the
Config Version Snapshot table.

Managing Named Snapshots

Administrators can delete their own Named Snapshots. Superusers can delete all
Named Snapshots.

Restore a Snapshot
Restore a previously pushed configuration. Restoring an older configuration updates the
configuration running on the deployments and devices. These changes are not reflected in the
Strata Cloud Manager, so deployments and devices may appear out of sync.
Only configured devices that were within the scope of the original configuration push can be
restored to a selected version.
STEP 1 | Log into Strata Cloud Manager.

STEP 2 | Select Manage > Operations > Config Version Snapshots.

STEP 3 | Select the config version you want to restore.

1. (Optional) Select the version number to review the changes made by the config
snapshot.

STEP 4 | Restore the version.

1. (Optional) Select the devices you would like to target with the restore action.
2. Restore.

STEP 5 | (Optional) Select Manage > Configuration > Operations > Push Config to validate the
configuration was restored.

Load a Snapshot
Load an earlier configuration snapshot to use as your candidate configuration.
Once the configuration has been loaded, you can continue to make modifications to it before
pushing.
STEP 1 | Log into Strata Cloud Manager.

STEP 2 | Select Manage > Operations > Config Version Snapshots.

STEP 3 | Select the config version you want to load.

1. (Optional) Select the version number to review the changes made by the config
snapshot.

STEP 4 | Load the version.

For published snippets, you can:

• Keep Current: This loads the version you selected.
• Revert All: This reverts changes made by published snippets. On the subscriber tenant,
if you selected Do not delete from subscriber tenant, snippets will not be deleted even
without association.

STEP 5 | (Optional) Modify the loaded configuration candidate as needed.

STEP 6 | Push Config.

Strata Cloud Manager Getting Started 502 ©2025 Palo Alto Networks, Inc.
Manage:Security Posture
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Use these tools to improve your security posture and verify that you're protected against threats
by following security policy best practices.
• Customize security posture checks for your deployment to maximize relevant
recommendations in Manage: Security Posture Settings
• Use Config Cleanup to identify and remove unused configuration objects and policy rules.
• Configure Compliance Checks to hone and optimize overly permissive security rules so that
they only allow applications that are actually in use in your network.
• Create your own Manage: Security Posture Settings – Customize existing best practice checks
and create and manage special exemptions to better align to your organization’s business
requirements.
• Use Policy Analyzer to quickly ensure that updates you make to your security policy rules meet
your requirements and do not introduce errors or misconfigurations (such as changes that
result in duplicate or conflicting rules).

503
Manage:Security Posture

Manage: Policy Analyzer

Where Can I Use This? What Do I Need?

• , including those funded by Software At least one of these licenses is needed:

NGFW Credits
•

Panorama Cloud Connector Plugin for

Panorama managed deployments

Updates to your Security policy rules are often time-sensitive and require you to act quickly.
However, you want to ensure that any update you make to your security policy rulebase meets
your requirements and does not introduce errors or misconfigurations (such as changes that result
in duplicate or conflicting rules).
To achieve this, Policy Analyzer in Strata Cloud Manager enables you to optimize time and
resources when implementing a change request. Policy Analyzer not only analyzes and provides
suggestions for possible consolidation or removal of specific rules to meet your intent but
also checks for anomalies, such as Shadows, Redundancies, Generalizations, Correlations, and
Consolidations in your rulebase.
Use Policy Analyzer to add or optimize your Security policy rulebase.
• Before adding a new rule—Check to see if new rules need to be added. Policy Analyzer
recommends how best to change your existing Security policy rules to meet your requirements
without adding another rule, if possible.
• Streamline and optimize your existing rulebase—See where you can update your rules to
minimize bloat and eliminate conflicts and also to ensure that traffic enforcement aligns with
the intent of your Security policy rulebase.
Analyze your Security policy rules both before and after you commit your changes.
• Pre-Change Policy Analysis—Enables you to evaluate the impact of a new rule and analyze the
intent of the new rules against the rules that already exist to recommend how to best meet the
intent.
• Post-Change Policy Analysis—Enables you to clean the existing rulebase by identifying
Shadows, Redundancies, and other anomalies that have accumulated over time.
Policy Analyzer supports both Strata Cloud Manager and Panorama deployments. See Policy
Analyzer to learn more.

Manage: Policy Optimizer

Where Can I Use This? What Do I Need?

• , including those funded by Software NGFW One of these:

Credits (Managed by Strata Cloud Manager)
• (Managed by Strata Cloud Manager)

→ The features and capabilities available to you

in depend on which license(s) you are using.

Try out Policy Optimizer while it’s available for early access. If you’re interested in
continuing to use this future beyond the early access period, check in with your account
team.

Rules that are too broad introduce security gaps because they allow traffic that isn't in use in your
network. Policy Optimizer enables you to convert these overly permissive rules to more specific,
focused rules that only allow the applications you’re actually using.

Policy Optimizer supports only deployments managed by Strata Cloud Manager, including
NGFW and Prisma® Access configurations.

Strata Cloud Manager analyzes log data and flags rules as overly permissive if they are at least
15 days old and have "any" specified in the source address, destination address, source user, or
application fields.
For rules identified as overly permissive, Strata Cloud Manager auto generates recommendations
you can accept to optimize the rule. The new, recommended rules are more specific and targeted
than the original rule; they explicitly allow only the applications that have been detected in your
network in the last 90 days.
Select an overly permissive rule to review, adjust, and accept optimization recommendations.
Replacing these rules with the more specific, recommended rules strengthens your security
posture.
Accepting recommendations to optimize a rule does not remove the original rule. The original rule
remains listed below the new rules in your Security policy so you can monitor the rule and remove
it when there is zero traffic hit on the original rule. Policy Optimizer process runs daily and you
can see the timestamp of the last successful process run at the top-right corner of the Policy
Optimizer page. Both the original rule and optimized rules are tagged so you can easily identify
them in your Security policy.

Policy Optimizer analyzes rules that are at least 15 days old for optimization. You can customize
the policy rule analysis lookback period between 15 and 90 days in the Policy Optimizer settings
to align with your security posture requirements. To adjust the lookback period, go to Policy
Optimizer, open the Policy Optimizer Settings at the top-right corner of the page, and enter a
value between the default 15 days and the maximum 90 days.

You can view the below information in Policy Optimizer:

• Ready for Optimization: Rules available for optimization.
• Removed from Optimization: Rules excluded from optimization.
• Optimization Failed: Rules with failed optimization attempts.

Guidelines and Limitations for Policy Optimizer

• You can create address groups only when the recommendations contain IP addresses.

• Policy Optimizer does not support address group creation if the recommendations include:
• A combination of IP addresses and existing address or address group objects.
• Existing address objects.
• Both IPv4 and IPv6 addresses.
• The check box for creating address groups in the side panel isn’t selected by default for rules in
the global scope.
• When you perform multiple actions such as deleting users, user groups, applications, or
application groups on the same optimized rule where you created an address group, Policy
Optimizer might reset or remove the address group. To avoid this, make all edit changes before
you add the address group.
• A validation error doesn’t appear if the address group name is a duplicate or if an address
object with the same name already exists.
• User or user groups are supported only if the user or user groups data in CIE is approximately
50,000 user-ids/user groups or fewer.
• Policy Optimizer does not consider security policy rules based on snippets for optimization.

Optimize a Rule
STEP 1 | Go to Manage > Security Posture > Policy Optimizer.
The Ready for Optimization tab lists all overly permissive rules for which recommendations are
available. These rules are sorted by traffic volume, with the highest-hit rules appearing first.
Review the overly permissive rules and select one to view its optimization recommendations.
If multiple such rules exist, prioritize optimizing those with the highest traffic impact to achieve
the most significant improvements in your security posture. You can remove a rule from
optimization to prevent the Policy Optimizer from processing it. The rule settings remain as is.

STEP 2 | Select a rule to see the optimization recommendations.

You can see how much of the original rule’s traffic that each new rule will cover. Note the
specific applications that each new rule enforces.
You can view the optimized security rules by selecting one of the following parameters:
• View by Overall Traffic
• View by Session Count
• View by Number of Unique Users

All the rule recommendations suggested by Policy Optimizer are prepended by optrule and
appended by an integer.

STEP 3 | Accept some or all the rule recommendations.

Accepting the new, optimized rules adds the rules to your rulebase. They won't be active yet;
that will happen in the next step when you Push Config.
Accept All accepts the recommended rules as they are. You can also make changes before
accepting the optimized rules:
• If you want to accept only specific rules, then you need to disable the remaining rules and
Accept All the remaining rules. Disabling an optimized rule means that you're not accepting
it, and it won’t be added to the rulebase.
• Delete individual applications, application groups, or both in the Applications sidecar.
• Remove any users or user groups from the Source User sidecar. To investigate traffic
matching the original rule where the Source User is listed as Unknown, click Unknown User
to open Log Viewer and view additional context.
• Remove a rule from optimization. Add this rule to a list of rules that you want to exclude
from optimization (this time and moving forward).
• Disable an optimized rule to indicate that you’re not accepting it. The rule won't be added
to the rulebase and will be moved out of the recommendation rule list. Disable an optimized
rule.
• Revert any changes you’ve made. This undoes any edits you’ve made and reverts the rules
back to the recommendations.
• Merge rules. You might decide to do this if you find any of the recommended rules to be
similar. Note that with the merging of rules, negated and unnegated addresses cannot be
merged.
• Create address groups within policy rule recommendations, addressing challenges in
efficiently managing firewall policies at scale. You can create source and destination address

groups within recommended rules, allowing you to adjust and preview suggested groups
before accepting recommendations.

The address group retains the original configuration scope. You can change it to the
global configuration scope by checking the check box.

After you accept the optimized rules, you’ll be prompted to Update Rulebase. When you
agree, the optimized rules are added to your Security policy. However, they’re not yet
enforcing traffic.
When multiple uncovered public networks remain, Policy Optimizer uses negated RFC-1918
ranges. To make recommendations that are clear and manageable, it identifies existing address
objects, groups, or standard subnets to suggest in the address fields. For example, instead of
recommending 1,000 individual source IP addresses seen in traffic, Policy Optimizer suggests
an address object like “user-addresses” (e.g., 10.5.0.0/16) if it matches, or a standard private
subnet like RFC-1918 10.0.0.0/8. For public IPs, however, matching objects or groups are
less likely to be defined in the configuration. If Policy Optimizer encounters a wide variety
of public IPs and can't suggest a small set of public subnets, it defaults to recommending all
public IPs, represented by negation of RFC-1918, where the three standard private subnets
are 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

After optimizing a security rule, Policy Optimizer will not reselect it for further
optimization for the next 90 days. This prevents redundant recommendations
on the same traffic, which may no longer be applicable after implementing other
recommended rules. Policy Optimizer waits 90 days because the 90 days period
corresponds to the maximum look back period for log analysis.

STEP 4 | Push Config to send the configuration updates and start enforcing the optimized rules.

STEP 5 | Monitor the original rule until you’re confident that you don't need it.
The original, overly permissive rules remain in your Security policy; it’s listed below the
optimized rules in your rulebase and is tagged so you can easily identify it. The tag name
appends _original to the rule name (for example, security-rule-name_original).

User to Application Optimization

When you integrate Cloud Identity Engine (CIE) with Strata Cloud Manager, Policy Optimizer can
optimize overly permissive policies to include recommendations for source user along with source
address, destination address, and application fields. This enhancement uses the user ID and user
group information from CIE to optimize the source user field in the security rules.
If CIE user data isn’t available, Policy Optimizer skips optimization for the source user field and
recommendations will include optimizations only for source address, destination address and
application fields. The source user field will remain the same as that of the original rule. For
example, if the rule includes the source user “any”, the recommendation will also use “any”.

Source User Optimization

Policy Optimizer analyzes traffic logs to detect and recommend specific users or user groups
for the Source User field. You can review these recommendations and delete any users or user
groups before accepting the recommended rules.
Policy Optimizer follows these rules when generating source user recommendations:
• If Policy Optimizer can’t identify a relevant set of users, groups, or both within the defined
threshold (10 by default), it recommends the predefined keyword known-user for known users.

• If the traffic logs don’t contain the source user data, Policy Optimizer recommends unknown
for the Source User field.
If the original rule specified certain users, Policy Optimizer makes sure that the new optimized
rule will not allow additional users than the original rule. It will only refine the rule to be more
specific.
• If there are too many individual users in the source user field, Policy Optimizer may
recommend known-users to simplify the rule while maintaining least-privilege access.
• A minimum threshold of 75% is required to associate individual users with a user group. This
means that at least 75% of the user group's resolved user IDs must be present in the log data
for the user group to be considered in the recommendations.
You can click Users to view the list of users in a side car panel.

Policy Optimizer provides contextual logs to offer insights into the traffic triggering the rule with
an unknown user. For recommendations where the source user is unknown, click Unknown User
to open Log Viewer.

Manually Select a Rule for Optimization

You can add the predefined Enable-AIOps-Optimization tag to a rule to optimize it if it wasn't
automatically selected by Strata Cloud Manager. Consider the scenario where a rule's source,
destination, and application fields may still be more permissive than necessary. In this case, adding
the Enable-AIOps-Optimization tag prompts Policy Optimizer to attempt further optimization of
these fields. Or if the rules are not automatically selected if the zone fields are any, adding the tag
could help to get recommendations on these fields as well.

Remove a Rule from Optimization

Move a rule to the Removed from Optimization list, and Policy Optimizer won’t optimize it. The
rule settings remain as is.

Make sure to Push Config after moving a rule to the exclusion list; after pushing the configuration,
it can take up to 24 hours for the rule to display on the list. You can always choose to add the rule
back to the optimization list later.
Under Optimization Failed, you can also view the rules that failed optimization and check the
reason for failure.

Track Optimization Results

Policy Optimizer shows a history of the security rules you have optimized. Historical data includes
the optimization results: compare the original rule’s traffic coverage against optimized rules. You
can also view how many days have passed since you accepted a rule for optimization.
If an original rule (a rule you optimized) gets no hits, Policy Optimizer removes it from the Policy
Optimizer history and is classified instead as a zero-hit policy rule.

Manage: Config Cleanup

Where Can I Use This? What Do I Need?

• , including those funded by Software NGFW One of these:

Credits (Managed by Strata Cloud Manager)
• (Managed by Strata Cloud Manager)

→ The features and capabilities available to you

in depend on which license(s) you are using.

To streamline your configuration, use the Config Cleanup feature, which helps you to identify and
remove unused configuration objects and policy rules. It also detects objects within security policy
rules that have not matched any traffic.
By reducing configuration clutter, Config Cleanup ensures that only essential configuration
objects are retained, improving the overall efficiency and maintainability of your security policies.
Role-based access control (RBAC) governs access to Config Cleanup operations. Your assigned
role determines the actions you can perform:
• Administrators can delete unused objects, disable or delete policy rules that have not matched
any traffic, and delete objects within rules that have not seen traffic matches.
• Users may see a limited view and can perform only the actions allowed by their RBAC
permissions.

Config Cleanup supports only deployments managed by Strata Cloud Manager, including
NGFW and Prisma Access configurations.

In Config Cleanup, you can view the following information:

• Unused Objects exist in the configuration but are not referenced by any active configurations,
such as policy rules or group objects. These objects may become orphaned when their parent
objects are deleted or may have been created without ever being used. Regardless of how they

were introduced, unused objects increase configuration size and can lead to longer commit
times. Regularly review and delete these objects to maintain a clean and efficient configuration.

• Zero Hit Objects are objects within security policy rules that have not matched any traffic.
Their presence can make rules overly permissive and increase the attack surface, even if the
same objects are used in other policies. Removing zero-hit objects from specific rules helps

harden the policy rule and improve overall security posture. You can view a list of all rules
containing zero-hit objects under Zero Hit Objects.

Config cleanup calculates zero-hit objects based on traffic logs sent to Strata Logging
Service. If the firewall does not send logs to Strata Logging Service or if logging is
disabled for a rule, the computation may be incomplete or inaccurate.

To see all objects with zero hits in a specific rule, select the rule to open its side panel. Within
the side panel, you can select and delete any objects that have zero hits.

• Zero Hit Policy Rules are security policy rules that have not matched any traffic for at least one
day. A rule may stop matching traffic due to modifications, the addition of new rules that take
precedence, or changes in the traffic patterns. Regularly review zero-hit rules to determine

whether to remove them or reposition them within the policy. This recommended practice
helps maintain a clean and efficient security policy configuration.

Use filters and other controls to refine your view and target specific unused objects and policy
rules.
• Unused Objects – Filter unused objects by:
• Name – Search for and select a specific configuration object by name.
• Object Type – Select the type of configuration object.
• Days Unused – Choose from predefined time ranges (30+ days, 60+ days, 90+ days) or use
the customizable More than option for more granular filtering.
• Zero Hit Objects – Filter policy rules based on:
• Days with Zero Hits – Select from predefined ranges (30+ days, 60+ days, 90+ days) or use
the More than option to identify objects within rules that haven't matched traffic within the
specified timeframe. Use this filter to locate and remove objects that no longer meet traffic
thresholds.
• You can also apply filters to additional columns, such as source zone, destination zone/
address, source user, or URL category, to further refine your search for rules.

• Zero Hit Policy Rules – Filter, enable, disable, or delete zero-hit policy rules using any available
column as a filter.

Manage: Security Posture Settings

Where Can I Use This? What Do I Need?

• , including those funded by Software • One of these licenses that includes access
NGFW Credits to Strata Cloud Manager:
• Prisma Access
•

• A role with permission to view or manage

the Security Checks and Security Check
Exceptions.
→ The features and capabilities available to
you in depend on which license(s) you are
using.

Strata Cloud Manager leverages a set of predefined Best Practice Checks that align with industry-
specific standard cybersecurity controls, such as CIS (Center for Internet Security), and NIST
(National Institute of Standards and Technology) and custom checks you create based on the
specific needs of your organization. These checks evaluate configurations and settings within the
cloud infrastructure, identifying deviations from best practices or compliance requirements.
The security posture checks in Strata Cloud Manager encompass a range of security domains,
including network security, data protection, and identity and access management. These
checks assess firewall rules, encryption, authentication mechanisms, and the overall integrity of
configurations.
When your configuration detects deviations, Strata Cloud Manager provides actionable insights
and remediation recommendations, and can even automate some parts of the process for
correcting misconfigurations and noncompliant settings to help you maintain a secure and
compliant cloud environment with minimal manual intervention.
Security posture settings bring together the functionality of both the AIOps and Strata Cloud
Manager security check settings pages.
Select Manage > Security Posture > Settings to view, manage, and customize security posture
checks for your deployment to maximize relevant recommendations.

• Security Checks – List of the best practice checks that are used to evaluate your configuration.
Your configuration is compared against these checks to assess the security posture of your
devices and to generate security alerts. You can perform the following actions to manage these
checks based on your environment:
1. Set the severity level for your custom checks to identify the checks that are the most critical
to your deployment.

You can change the severity level for your custom checks, but the severity levels for
Palo Alto Networks Best Practice Checks are fixed and can't be changed.
2. Create and delete your own custom checks, clone and edit existing checks to create new
ones, and make special exceptions for checks that you don't want applied to portions of
your deployment.

As part of the initial rollout of these checks, you can clone checks that are in the
custom check framework.
3. Set the response when a check fails.
• Alert (default)—Raises an alert for the failed check.
• Block—Stop potential misconfigurations before they enter your deployment. Block can
mean any of the following depending on how you manage it:
• Inline Checks on Strata Cloud Manager—Prevents you from committing or pushing
a noncompliant configuration, but won't prevent you from saving your configuration
locally.
• Real-Time* Inline Checks on Strata Cloud Manager—Prevents you from even saving a
noncompliant configuration.
• Panorama Managed**—Prevents you from committing a noncompliant configuration
to Panorama but won't prevent you from saving it to the Panorama candidate
configuration.
• PAN-OS Web Interface, API, or CLI management—Block has no enforcement effect
on configurations that are not either managed by Strata Cloud Manager or Panorama.

• *Due to their logical complexity, some inline checks are run asynchronously
on a fixed schedule but not in real time. A failure of a real-time check in your
configuration will prevent you from saving that configuration, even locally.
• **The Panorama CloudConnector Plugin is required to enforce the block
commit action on Panorama.

• Security Check Exceptions

Turn off individual checks for devices or groups of devices you specify.
• Zone to Role Mapping
Map the zones in NGFWs to roles to get customized recommendations.
• Role-to-Security Service Mapping
Manage the security services needed for traffic between zones and roles in all NGFWs.

Create a Custom Check

Create your own custom check from an existing check. Alternatively, skip to step ➡4 to create a
custom check from scratch.

STEP 1 | Select Manage > Security Posture > Settings.

STEP 2 | Identify the check you want to clone and Clone.

STEP 3 | Edit the check you cloned and skip to step ➡5 to make your changes.

STEP 4 | Go to Manage > Security Posture > Settings, and select Create Custom Check.

STEP 5 | Specify the General Information for your check. Your custom check must have a Name and
a Description, but you should also add a Recommendation and a Rationale for your check to
help others understand the intent of and best practice for your custom check.

STEP 6 | Optional Select an Object Type– the section of your configuration for which you're creating
a check that determines which Rule Properties to Match you can choose when creating your
check.

STEP 7 | Use the Logic Builder for your custom check.

1. Add Expression–A single line of logic that describes the match criteria for a
configuration.

Rule Properties to Match Match Operator Specific Criteria

• General–Name, • Is [Text field]

Description, Position, and • Is not
Schedule
• Is empty
• Sources–Zones, addresses,
Users • Is not empty
• Destinations–Zones and • Starts with
addresses • Ends with
• Applications, Services, and • Contains
URLs
• Greater than
• Actions and Advanced
• In
Inspection
• Is equal or greater than
• Is equal or less than
• Less than
• Equal
• Not equal
• Does not contain
• All of
• Some of

• None of

2. Add Condition–Use logical operators (such as AND, OR, IF, THEN, ELSE, and ELSE IF) to
connect or combine expressions, additional conditions, and groups.
3. Add Group–Create a set of expressions, conditions, or both. This group, taken together,
results in a True or False condition.

• Adds a new expression or condition

• Clones an expression or condition
• Removes an expression or condition

The expression in this example issues a warning when it sees policy rules that allow Okta
traffic to and from Russian IP addresses. The example simply illustrates how the logic
builder works, and isn't intended to be a recommendation.

STEP 8 | Save your check.

Manage Your Checks

You can perform any of the following Actions on your security checks:
• Clone*–Creates a copy of a check.
• Edit**–Make changes to an existing custom check.
• Delete**–Removes a custom check you created.
Select the checks you want to take action on and select the appropriate action.

• *You can clone only one check at a time.

• **You can edit or delete custom checks only.
• You may need to get permission from an administrator to edit a custom check.

Create an Exception for a Check

Where needed, you can restrict where checks are applied in your deployment.
STEP 1 | Select Manage > Security Posture > Settings > Security Check Exceptions and Create
Security Check Exception.
Alternatively, Select Manage > Security Posture > Settings, and identify the check you want to
exclude and select it (Exceptions column).

STEP 2 | Specify the information needed to Create Exception Rule for your check. Provide a name, a
reason, and conditions for your exception.

The Security Check Exception feature is currently only applicable to alerts, and the
Best Practices and Security Posture Insights dashboards.

STEP 3 | Optional Add a Ticket Number or a Description for your exception to help others
understand the intent and history behind for your exception.

STEP 4 | Save your exception.

Your Checks at Work

Field-level checks show you where your configuration does not align with a best practice or
custom check. The checks provide best practice guidance inline, so that you can immediately take
action.
You can also view and manage security checks right where you are.

• Create and manage your policy rules–Security policy rules allow you to enforce rules and take
action, and can be as general or specific as needed. (Manage > Configuration > NGFW and
Prisma Access > Security Services > Security Policy)

• Setup Devices–Configure service route, connection settings, allowed services, and

administrative access settings for the management and auxiliary interfaces for your firewalls.
(Manage > Configuration > NGFW and Prisma Access > Device Settings > Device Setup)

If the configuration you're trying to save does not pass your criteria to pass, you will have the
option to remediate the issue, or override* the warning and save your changes anyway.

• *Override permission is governed by role-based access controls (RBAC) and must be

enabled for your role for this option to appear. Actions pertaining to overrides, custom
checks, and exceptions, are logged in Audit Logs:Incidents and Alerts > Log Viewer >
Audit (log type).
• Everything you do with custom checks, overrides, and exceptions is logged in Audit:
Incidents and Alerts > Log Viewer > Audit (log type).

Strata Cloud Manager Getting Started 530 ©2025 Palo Alto Networks, Inc.
Manage: Access Control
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Role-based access control (RBAC) enables you to define the privileges and responsibilities of
administrative users (administrators). Every administrator must have a user account that specifies
a role and authentication method. Prisma Access Managed by Strata Cloud Manager implements
custom RBAC, to enable you to manage roles or specific permissions, and assign access rights to
administrative users. Using RBAC, you can manage users and their access to various resources
within Managed by Strata Cloud Manager.

RBAC is not supported for SaaS Security Inline and Behavior Threats. All tabs under
Discovered Apps and Behavior Threats are visible to all users, regardless of their assigned
roles.

MORE RBAC RESOURCES

• Who Can Use Common Services: Identity & Access: Cloud-Managed
Prisma Access
• What is the General Flow for Common Services: Identity & Access
• About Roles and Permissions Through Common Services

531
Manage: Access Control

Administrator Roles
Your role determines your access and permissions on the service. When you assign a role, you
define the permission group and account groups the administrator can manage. Prisma Access
includes the following built-in permission groups for administrators.
• App Administrator—Has full access to the given app, including all instances added to the app
in the future. App Administrators can assign roles for app instances, and they can also activate
app instances specific to that app.
• Instance Administrator—Has full access to the app instance for which this role is assigned.
The Instance Administrator can also make other users an Instance Administrator for the app
instance. If the app has predefined or custom roles, the Instance Administrator can assign those
roles to other users.
• Super Reader—Can view all config elements, logs, and settings. Super Readers can’t make
changes to other settings.
• Audit Admin—Can view and manage logs and log settings only. Audit Admins can’t make
changes to other settings.
• Crypto Admin—Can view logs, and manage cryptographic settings such as IKE, IPSec, master
key management, and certificate configuration. Crypto Admins can’t view or make changes to
other settings.
• Security Admin—Can view logs and manage all settings except the cryptographic settings that
are available to the Crypto Admin role.
• Web Security Admin—Can view configuration elements related to Web Security only.
• Data Loss Prevention Admin—Can access Enterprise DLP settings but cannot push
configuration changes to Prisma Access.
• Data Security Admin—Can access Enterprise DLP and SaaS Security controls, but cannot push
configuration changes to Prisma Access.
• SaaS Admin—Can access SaaS Security settings but cannot push configuration changes to
Prisma Access.

Custom Role-Based Access Control — Setup

Here’s how to use a predefined role or create a custom role, assign a role to a user, and manage
the user scope when you access the Prisma Access application.
STEP 1 | Add a Custom Role Through Common Services
If you require more granular access control than the predefined roles provide, you can add
custom roles to define which permissions are enforced for your users. Similar to predefined
roles, custom roles are a set of permissions and permission sets. Unlike predefined roles, each
custom role is assignable only to the users in the hierarchy under the Tenant Service Group
(TSG) where it is defined. This avoids name conflicts between similarly named custom roles
defined by different customers.
If you add a custom role at the top level (parent level) of the hierarchy, that role is assigned to
the tenants nested below so that the parent tenant can manage the child tenants.

STEP 2 | Add User Access Through Common Services

The Common Services: Access and Identity enables you to add user access to the platform as
well as to the tenants you created.

STEP 3 | Assign a Predefined Role to a Tenant User or Service Account Through Common Services
If you already added users and want to add additional roles, you can also assign a batch of
predefined roles. Review additional information about roles and permissions.

STEP 4 | Create a New Scope in the Prisma Access Managed by Strata Cloud Manager UI
Prisma Access Managed by Strata Cloud Manager enables you (as an administrator) to assign
a management scope to other Strata Cloud Manager users (non-administrator) to associate
permissions based on scopes such as folders and snippets.
The permissions are actions that are allowed in the system. Permissions represent a specific
set of application programming interface (API) calls that you use to read, write, and delete
objects within the systems. All permissions are grouped into roles.

Manage: Scope Management

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Configure scope management to enforce custom role-based access control. This allows
you to specify which Strata Cloud Manager administrators can access and modify specific
folders, firewalls, Prisma Access deployments, and snippet configurations. Defining the scope
management for your cloud admins ensures they aren’t overprovisioned and defines the read
and writing access privileges for the selected folders, firewalls, Prisma Accessdeployments, and
snippet configurations. The Common Services Multiple Platform and Enterprise Roles are used to
define the read and write access privileges for a Strata Cloud Manager admin.
The Scope management configuration is defined across your entire Strata Cloud Manager tenant.
Scope management can’t be defined for a specific folder, Prisma Access, or firewall Configuration
Scope.

Only a Strata Cloud Manager administrator with a Superuser, Multitenant Superuser, IAM
Administrator, Multitenant IAM Administrator, or Business Administrator role can create a
scope object. The Scope Management widget is not available for users with other roles.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Manage > Access Control > Scope Management.

STEP 3 | Create New Scope.

STEP 4 | Define the Scope Management configuration.

Scope Management configurations are labeled as a scope object.
1. Enter a descriptive Name.
2. Select Folders and check (enable) the folders, firewalls, and Prisma Access deployments
you want to include in the scope.

Selecting a firewall also includes the folder that the selected firewall is
associated with in the scope management configuration. Only the immediately
associated folder is included, and not the parent folder.
3. Select Snippets and check (enable) the snippets you want to include.
4. Add the scope object.

STEP 5 | Apply the scope management configuration to Strata Cloud Manager admins.
1. Assign Users to the Scope Object you created in the previous step.

2. Select a Role for the Strata Cloud Manager admin. For example, you can select MSP
Superuser for a user who needs access to all functions for all tenants.
Default is None. See the Common Services Multiple Platform and Enterprise Roles for
more information about the read and write access privileges for each available Role.

Select a specific Strata Cloud Manager admin and Clear Role to remove the
currently assigned Common Services role. This applies the default None role to
the admin.
3. To modify an existing scope to edit the name, and to add or remove folders, select the
scope object, modify the scope as needed, and Update the scope.
4. To modify the assigned users, to add more users or change the users, click Assigned
Users and modify as needed, and Close the window.

Strata Cloud Manager Getting Started 536 ©2025 Palo Alto Networks, Inc.
Workflows: Strata Cloud Manager
Where Can I Use This? What Do I Need?

One or more of these licenses, depending on

the workflow:
license
license is required for logging
license

Remote Browser Isolation license

When you first navigate to your workflows, the Discovery dashboard surfaces critical and
recommended actions you can take to improve security posture or optimize your configuration
management, as soon as they're available to you. Continue on here to set up and onboard NGFWs
and Prisma Access mobile users and remote networks, and plan software upgrades for NGFWs.
• Discover Onboarding Tasks
• Set Up Prisma Access
• Set Up NGFWs
• Set Up Prisma SD-WAN
• Software Upgrades (NGFW)
• Software Upgrades (Prisma Access)

537
Workflows: Strata Cloud Manager

Workflows: Discovery
Where Can I Use This? What Do I Need?

• license or license
•
•

Discovery is where you can start critical and recommended tasks as soon they become available.
There may be guided workflows or tasks you can complete on your own. In this topic, we’ll show
you how to use the guided workflow to create your folder structure and assign devices to them,
effortlessly and intuitively.

Follow these steps to create folders for your firewalls:

STEP 1 | Go to Workflows > Discovery and select Get Started.

STEP 2 | Choose how you want to share your policy rules and configurations.
• By Functions of Firewall – Does your organization have different policies for data centers,
branches, and internet gateways? This might be the option for you.
• By Region – Does your organization span regions that have different rules or comply with
different laws? Consider this option.
• Mix of Functions & Regions – Does your cross-region organization want to separate
policies for different data centers, branches, and internet gateways? Give this option a try.
• I have my own way – If none of the above examples are suitable for your use case, you can
also build a device architecture according to your own situation.
For this example, we'll choose the I have my own way option.

Turn on Show Tips to see help tips to help you make an informed decision.

STEP 3 | Select Next to build your folder structure.

STEP 4 | Use the following actions to build your folder structure based on the template you selected
in step 1. You can:
• Add a new Folder – Hover your cursor over a folder to show the option to add a new
folder. Click , and then name your new folder.
• Delete Folder – Hover your cursor over a folder to show the option to delete the folder.
Select to delete the folder.
• Rename Folder – Double-click on a folder to type a new for the folder. Press the enter key
or click outside of the text field for your new name to take effect.
• Expand or Collapse folder nodes that have children.

• Folder trees can have a maximum of four levels.

• Top-level folders can’t be deleted or renamed.
• Check the Tips for hints about certain folder actions.
• We’ll save your work, you can Exit anytime and come back later.

STEP 5 | Select Next to assign your firewalls to folders.

STEP 6 | Select one or more firewalls from this list.

STEP 7 | Select Assign To, choose a folder you want to assign your firewalls to, and then select Apply.
Cloud management is enabled for firewalls you assign to a Cloud Managed folder.

STEP 8 | Confirm your assignments and select Done.

You'll see the folders you created and the firewalls you assigned on the main Discovery page,
as well as under the NGFW Setup > Folder Management tab.

Workflows: NGFW Setup

Where Can I Use This? What Do I Need?

• license is required for Cloud Management

for NGFWs
license is required for logging
If you have a license, you can use Folder
Management to view your predefined
folders and enable Web Security for a
folder

As part of setting up your NGFWs, you will need to Onboard your Next-Generation firewalls
to Strata Cloud Manager. Onboarding includes setting up folders and Device Labels to group
firewalls that require similar settings. Learn more about Workflows: Folder Management, and use
the Device Management page to view details for all devices that are in your folder hierarchy.
STEP 1 | Activate Strata Logging Service and AIOps for NGFW Premium licenses.
The Strata Logging Service license is required for logging and the AIOps for NGFW Premium
license is required for cloud management of NGFW.

STEP 2 | Create one or more folders.

Folders are used to logically group your firewalls or deployment types for simplified
configuration management.

STEP 3 | Onboard a firewall to Strata Cloud Manager.

To onboard a firewall to Strata Cloud Manager, you must configure the local Panorama
settings on the firewall and associate the firewall with your Strata Cloud Manager tenant. After
you're onboard, you can continue to configure the firewall general and session settings.

STEP 4 | (HA only) Configure your managed firewalls in a high availability (HA) configuration if
needed.

STEP 5 | Create one or more snippets.

Snippets are used to group configurations objects that are applied to folders, deployments,
or individual firewalls. This eases and expedites the onboarding process by allowing you to
standardize common base configurations that can be quickly applied and pushed.

STEP 6 | Create your configuration objects.

Configuration objects are building blocks for your network and policy rule configurations.

STEP 7 | Create and configure the network and policy rule configuration.

STEP 8 | Push configuration changes from Strata Cloud Manager to your managed firewall.

Workflows: Device Management

Where Can I Use This? What Do I Need?

A Palo Alto Networks NGFW that is managed by Strata Cloud Manager is called a Cloud Managed
Device. Strata Cloud Manager can manage firewalls running PAN-OS 10.2.3 or newer.
For more information about prerequisites for Strata Cloud Manager, click here.
With the Device Management dashboard (Workflows > NGFW Setup > Device Management)
you can review important device and version details about all your managed devices and select
which devices to move to cloud management.

See All Cloud Managed NGFWs Details

The Cloud Managed Devices tab (Workflows > NGFW Setup > Device Management > Cloud
Managed Devices) displays all of your SCM onboarded firewalls, the folders they are assigned to,
and important details about them.

Device Information Description

Name The name of the NGFW and the folder(s) it is organized

under.

Labels Any labels attached to the NGFW.

Config Sync Status The synchronization status of the NGFW:

• Synced
• Out of Sync

HA Status The HA Status of the onboarded NGFW:

• Active—Normal traffic-handling operational state.
• Passive—Normal backup state.
• Initiating—The firewall is in this state for up to 60
seconds after bootup.
• Non-functional—Error state.
• Suspended—An administrator disabled the firewall.
• Tentative—For a link or path monitoring event in an
active/active configuration.

Serial Number The serial number of the onboarded NGFW.

Model The model number of the onboarded NGFW.

Device Information Description

Type They type of the onboarded NGFW:

• VM
• PA

Address The IP Address of the onboarded NGFW.

License The license information for the onboarded NGFW

• Matched
• Mismatched

Software Version | App and Displays the software and content versions that are
Threat | Antivirus | URL Filtering currently installed on the firewall. For details, see Firewall
Software and Content Updates.

Device Dictionary A file for firewalls to import. The dictionary file provides
the Strata Cloud Manager and firewall administrator with
a list of device attributes for selection when importing
recommended security policy rules.

Actions The actions for the onboarded firewall:

• Fetch License Info
• Reboot
• Change Routing Mode
• Local Config Management
• Force Boot Strap

Remove an NGFW from the Cloud Managed Devices

The Available Devices tab displays all of your NGFWs available to onboard to SCM and NGFWs
already managed by Strata Cloud Manager.

For more information about the onboarding process for Strata Cloud Manager, click here.

You can use the available devices tab to move devices in and out of Strata Cloud Manager.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Workflows > NGFW Setup > Device Management > Available Devices.
1. Select Back to Available Devices to move a firewall out of Strata Cloud Manager.

Restore a Local Configuration Version Snapshot on the Firewall

Follow these steps to restore any version of the local configuration on your firewall and download
the configuration details in XML format.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Workflows > NGFW Setup > Device Management, then select Local Configuration
Management from the available Actions.

STEP 3 | Load the version to restore the local configuration.

STEP 4 | Click Yes to replace the current local configuration on the firewall with the selected version
You can use the Jobs view to troubleshoot failed operations, investigate warnings associated
with completed commits, or cancel pending commits.

STEP 5 | Download configuration details for the selected version.

Replace an RMA Firewall

To minimize the effort required to restore the configuration on a cloud managed NGFW involving
a Return Merchandise Authorization (RMA), you can now trigger an RMA workflow through
Device Management.
The new RMA workflow will automatically restore the configuration of the original NGFW to your
replacement NGFW. By importing the state of your original NGFW, you can quickly resume using
Strata Cloud Manager to manage your network.
Before you trigger the RMA process, complete the following prerequisites:
The RMA request has been placed in the Customer Support Portal.
Replacement device should be of the same hardware model.
Replacement device is registered in the CSP and associated with the correct tenant.
Replacement device is found in Available Devices(Workflows > NGFW Setup > Device
Management > Available Devices).

VM-Series devices are not supported for this RMA process.

STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Workflows > NGFW Setup > Device Management > Cloud Managed Devices.

STEP 3 | Locate the faulty device in the table.

STEP 4 | Start the RMA process.

1. Select Actions.
2. Start RMA.
3. Select the replacement device that will replace your old NGFW.
4. Start RMA.
The old device is removed from Cloud Managed Devices.

STEP 5 | Remove the old device from your support portal account.

Workflows: Folder Management

Where Can I Use This? What Do I Need?

• license
• license

Folders are used to logically group your firewalls or deployment types (Prisma Access mobile
users, remote networks, or service connections) for simplified configuration management. You
can create a folder that contains multiple nested folders to group firewalls and deployments that
require similar configurations. Folders that are already nested can have multiple nested folders as
well.
Folders for Prisma Access and your NGFWs are separate; you can't group NGFWs in a folder with
Prisma Access deployments. However, you can easily apply shared settings globally across all
folders or use Manage: Snippets to easily apply standard settings and policy requirements across
multiple folders.

• NGFW
• Prisma Access

Folder Management (NGFWs)

To help manage folders and firewalls, you can apply labels to filter and target specific groups
of firewalls for configuration changes. Additionally, each folder displays the currently installed
software version, dynamic content release versions, and GlobalProtect app Version of the
firewalls associated with the folder.
For firewall folders, Strata Cloud Manager supports up to four nested folders within any given
folder hierarchy, with the default All Firewalls folder always being the top-most level of
any folder hierarchy. For example, consider the below when designing your folder hierarchy.
In the example below Folder1, Folder2, Folder3, and Folder4 are nested under the All
Firewalls folder and you can’t best any additional folders to this particular folder hierarchy.
Additionally, Folder2.1 and Folder2.2 are nested under Folder2 and you can’t add any nest
any additional folders either.

Create a Folder
Create a folder to logically group your firewalls for simplified configuration management. You can
create a folder under the default Firewalls folder or under another existing folder.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Workflows > NGFW Setup > Folder Management and Add Folder.

STEP 3 | Give the folder a descriptive Name.

STEP 4 | (Optional) Enter a Description for the folder.

STEP 5 | (Optional) Assign one or more Labels.

You can select an existing label or create a new label by typing the label you wanted to create.

STEP 6 | Specify where to create the folder In.

Select All Firewalls or select an existing folder to nest the folder under it.

STEP 7 | Create the folder.

Modify a Folder
Modify an existing folder to edit the name, description, and to add or change the labels.
Additionally, you can move or delete the folder as needed.
STEP 1 | Log in to Strata Cloud Manager.

STEP 2 | Select Workflows > NGFW Setup > Folder Management and expand the Actions menu.

STEP 3 | Modify the folder as needed.

• Edit the folder
1. Edit the folder Name.
2. (Optional) edit the folder Description.
3. Select or create Labels.
You can assign entirely different labels to the folder or add additional labels.
4. Save.
• Move the folder and select the Destination.
You can move a folder in the following ways.
• You can move a folder to nest it under a different folder.
• You can move a nested folder under the Firewalls folder.
• You can move a nested folder from one folder to another.
Move the folder after you select the folder destination.
• Delete Folder and click OK to confirm.
You can only delete a folder that has no firewalls associated with it and no folders nested
under it.

Folder Management (Prisma Access)

Prisma Access folders are predefined; you can use them to specify configuration scope and ensure
that Prisma Access deployment types – mobile users, remote networks, and service connections –
receive all global settings and then settings that are required or specific for each type.
The configurations defined under a folder are inherited by all folders nested under that folder
hierarchy. For example, you can configure settings that are common across GlobalProtect, Explicit
Proxy, Remote Networks, and Service Connections under the Prisma Access folder. Similarly, you
can configure settings that are common across GlobalProtect and Explicit Proxy under the Mobile
Users Container and so on.
You cannot edit the folder hierarchy for Prisma Access.
At the folder level, you can also enable web security for the Prisma Access mobile user, remote
network, or service connection deployment.

Workflows: Prisma SD-WAN Setup

Where Can I Use This? What Do I Need?

• Prisma SD-WAN Prisma SD-WAN license

You can set up branch sites, data center sites, and ION devices in Prisma SD-WAN using Strata
Cloud Manager.
Select Workflows > Prisma SD-WAN Setup.
You can set up workflows for:
• Branch Sites
Set up branch sites in your network using the Branch Sites tab. An enterprise can have one
or more branches within a network. When you create a branch, you can select a default
domain and set of policy rules and configure WAN networks, circuit categories, circuit
labels, and circuit specifications.
• Data Centers
Set up data center sites in your network using the Data Centers tab. Data center sites are
connected to branch sites and you can host enterprise applications and services in a data
center.
• Devices
Set up ION devices in your network using the Devices tab. ION devices can be deployed
at a branch site or a data center site. These are available in both hardware and software
form factors that meet the needs of any location and any deployment scenario. You have to
connect, claim, assign, and configure the ION devices for your branch and data center sites.

Workflows: Prisma Access Setup

Where Can I Use This? What Do I Need?

• license

Select Workflows > Prisma Access Setup to start setting up your Prisma Access.
• Set up the service infrastructure to enable communication between your remote network
locations, mobile users, and the HQ or data centers that you plan on connecting to
Prisma Access over service connections. A service connection provides connectivity to the data
center.
• Onboard mobile users and determine how you're connecting them to Prisma Access.
• Onboard remote networks to secure remote network locations, such as branches, and users in
those branches. A next-generation firewall or a third-party, IPSec-compliant device including
SD-WAN that can establish an IPSec tunnel to the service is required at the remote site.
• Add service connections to enable both mobile users and users at your branch networks to
access resources in your headquarters (HQ) or data center (DC). Beyond providing access to
corporate resources, service connections allow your mobile users to reach branch locations.

Workflows: Prisma Access

Where Can I Use This? What Do I Need?

• license

Before you can use Prisma Access to secure your remote networks and mobile users, you must
configure an infrastructure subnet.
Prisma Access uses the subnet to create the network backbone for communication between your
branch networks, mobile users, and the Prisma Access security infrastructure, as well as with the
HQ and data center networks you plan to connect to Prisma Access over service connections.
If you use dynamic routing for your remote networks or service connections, you must also
configure an RFC 6696-compliant BGP Private AS number.
Use the following recommendations and requirements when you add an infrastructure subnet for
Prisma Access.
• Use an RFC 1918-compliant subnet. While Prisma Access supports the use of non-RFC 1918-
compliant (public) IP addresses, it's not recommended due to possible conflicts with the
internet public IP address space.
• Don't specify any subnets that overlap with 169.254.169.253, 169.254.169.254, and the
100.64.0.0/10 subnet range because Prisma Access reserves those IP addresses and subnets
for its internal use. This subnetwork is an extension to your existing network and therefore
can't overlap with any IP subnets that you use within your corporate network or with the IP
address pools that you assign for Prisma Access for Users or Prisma Access for Networks.

Because the service infrastructure requires a large number of IP addresses, you must designate
a /24 subnetwork (for example, 172.16.55.0/24).
• Enter an Infrastructure subnet that Prisma Access can use to enable communication between
your remote network locations, mobile users, and the HQ or data centers that you plan on
connecting to Prisma Access over service connections. Use an RFC 1918-compliant subnet for
the infrastructure subnet.
See Prisma Access Setup for more information.

Set up the DNS for Infrastructure

Prisma Access allows you to specify Domain Name System (DNS) servers to resolve both domains
that are internal to your organization and external domains. Prisma Access proxies the DNS
request based on the configuration of your DNS servers.
Setting up the infrastructure DNS will provide access to services on your corporate network—like
LDAP and DNS servers— especially if you plan to set up service connections to provide access to
these type of resources at HQ or in data centers. DNS queries for domains in the Internal Domain
List are sent to your local DNS servers to ensure that resources are available to Prisma Access
remote network users and mobile users.
This will set up internal domain lists that apply to all traffic. If preferred, you can view the
Admin Guide to see how to create internal domain lists that apply only to specific mobile user
deployments or remote network sites.
The benefits of setting up DNS for the infrastructure are:
• Enable Prisma Access to resolve your internal domains
• Set up DNS to resolve both internal and external domains
• Use a wildcard (*) before the domains in the domain list, for example, *.acme.local or
*.acme.com
See DNS for Prisma Access for more information.

Workflows: Mobile Users

Where Can I Use This? What Do I Need?

• license
license

Before configuring mobile users, ensure that you have the required licenses (Prisma Access
license for mobile users and a Strata Logging Service license with proper firewall storage space).
If mobile users will be connecting to other connected networks, you will need either the Zero
Trust Network Access (ZTNA) or Enterprise Edition Prisma Access license that will provide the
corporate access node (CAN) necessary to connect.
You will first choose your connection type, or you may use both GlobalProtect, explicit proxy, or
both. For both connection types, there are only a few required settings that you need to fill out
initially to enable Prisma Access to provision your mobile users' environment.

1. Connect to Prisma Access.

Determine how mobile users in the location you’re setting up should connect to Prisma Access.
You can divide your mobile user license between GlobalProtect and explicit proxy connections;
some users can connect through GlobalProtect and others through explicit proxy.
The GlobalProtect app installed on mobile user devices sends traffic to Prisma Access.
2. Set up the infrastructure.
Set up basic infrastructure settings and then configure the infrastructure settings that are
specific to your connection type (GlobalProtect or Explicit Proxy).
A proxy auto-config (PAC) file on mobile user devices redirects browser traffic to Prisma
Access.
3. Choose the Prisma Access Location.
The map displays the global regions where you can deploy Prisma Access for Users: North
America, South America, Europe, Africa, Middle East, Asia, Japan, and ANZ (Australia and New
Zealand). In addition, Prisma Access provides multiple locations within each region to ensure
that your users can connect to a location that provides a user experience tailored to the users’
locale. For the best performance, Select All. Alternatively, select the specific locations within
each selected region where your users will need access. By limiting your deployment to a single
region, you can have more granular control over your deployed regions and exclude regions
required by your policy or industry regulations.
4. Add the Prisma Access Locations.
Configure the settings to add the Prisma Access locations you want to support your users.
5. Authenticate Mobile Users.
Set up User Authentication so that only legitimate users have access to your services and
applications. To test your setup, you can add users that Prisma Access authenticates locally, or
you can go straight to setting up enterprise-level authentication.
After you push your initial configuration to Prisma Access, Prisma Access begins provisioning your
mobile user environment. This can take up to 15 minutes. When your mobile-user locations are up
and running, you’ll be able to verify them on the Mobile Users setup page, the Summary Overview
page, and within Prisma Access Insights.
See Prisma Access Mobile Users for more information.

Workflows: Remote Networks

Where Can I Use This? What Do I Need?

• license

As you prepare to connect remote networks to Prisma Access, you will need to know how many
sites you will onboard. This information will help you determine connectivity requirements
such as how to route traffic through Prisma Access. As you're planning your remote network
deployment, you will need to know which applications will pass through Prisma Access in order to
appropriately configure the best Security policy rules. Equally important is establishing your threat

profile configuration. Additionally, you will want to consider having consistent threat, URL, and
WildFire scanning applied to all rules for a consistent threat mitigation strategy.
For more information, see Prisma Access Remote Networks.

Workflows: Service Connections

Where Can I Use This? What Do I Need?

• license

Service connections enable both mobile users and users at your branch networks to access
resources in your headquarters (HQ) or data center (DC). Beyond providing access to corporate
resources, service connections allow your mobile users to reach branch locations.
Select Workflows > Prisma Access Setup > Service Connections, to add a service connection.
The first tunnel you create is the primary tunnel for the service connection. Repeat this workflow
to optionally set up a secondary tunnel. When both tunnels are up, the primary tunnel takes
priority over the secondary tunnel. If the primary service connection tunnel goes down, the
connection falls back to the secondary tunnel until the primary tunnel returns. Based on the IPSec
device you use to establish the tunnel, Prisma Access provides built-in, recommended IKE and
IPSec security settings. You can use the recommended settings to get started or customize them
as needed for your environment.
For more information, see Prisma Access Service Connections.

Workflows: Remote Browser Isolation

Where Can I Use This? What Do I Need?

5.0 Innovation
Prisma Access license with the Mobile
Users or Remote Networks license
subscription
Remote Browser Isolation license

Remote Browser Isolation (RBI) by Palo Alto Networks is a solution that isolates and transfers all
browsing activity away from your user's managed devices and corporate networks to an outside
entity such as Prisma Access, which secures and isolates potentially malicious code and content
within their platform.
Natively integrated with Prisma Access, RBI allows you to apply isolation profiles easily to existing
security policies. All traffic in isolation undergoes analysis and threat prevention provided by
Cloud-Delivered Security Services (CDSS) such as Advanced Threat Prevention, Advanced
WildFire, Advanced URL Filtering, DNS Security, and SaaS Security.
As you prepare to onboard your users to RBI, consider what URL categories you want to enable
for isolated browsing by your users. Think about what browser actions you want to prohibit your

users from performing, such as copy and paste functions, keyboard inputs, and sharing options
like uploading, downloading, and printing files.
For more information, see Remote Browser Isolation.

Workflows: Software Upgrades

Where Can I Use This? What Do I Need?

• • At least one of these licenses is needed

• to manage your configuration with ; for
unified management of NGFWs and Prisma
Access, you'll need both NGFW and Prisma
Access licenses:
license

Use Strata Cloud Manager to plan and manage your software upgrades for NGFW and Prisma
Access. Here are the workflows that you can perform:
• Upgrade Recommendations: Create upgrade recommendations to determine the best software
version for your devices that can be upgraded. Software Upgrade Recommendations analyzes
the features enabled on firewalls and provides a customized recommendation.
• Prisma Access Upgrade Dashboard: Choose a preferred time window for certain Prisma Access
upgrades.
• NGFW - Scheduler: Schedule a PAN-OS software update to upgrade or downgrade your
firewalls to a target PAN-OS version at a date and time of your choosing.
• NGFW
• Prisma Access

Software Upgrades (NGFW)

Select Workflows > Software Upgrades > Upgrade Recommendations to plan the upgrade of
your devices by analyzing them and creating upgrade recommendations.

Upgrade Recommendations
In Workflows > Software Upgrades > Upgrade Recommendations, you can create
recommendations to determine the best software version for your devices that can be upgraded.
Software Upgrade Recommendations analyzes the features enabled on firewalls and provides a
customized recommendation that includes:
• Best software version for your devices that you can upgrade.
• Information about new features, changes to behavior, vulnerabilities and software issues in
each recommended software version.
The types of upgrade recommendations are:
• System-generated recommendations that are generated every week and contain the suggested
upgrade options.

• User-generated custom recommendations that are generated based on the selected devices for
specific CVEs in Security Advisory Summary.
• User-generated recommendations that are generated based on the upload of a Tech Support
File (TSF) of a firewall.

For every plan in Upgrade Recommendations, you can:

• view the number of devices that require an upgrade and the must fix vulnerabilities.
• edit the name of a recommendation report to differentiate custom reports.
• filter the recommendation reports by Creation Date, Plan Name, and Recommendations
Generated By.
• delete an upgrade recommendation that is failed or no longer required.
Click a recommendation report to view the detailed report with the upgrade options for the
devices. Select an upgrade option to view further details about New Features, PAN-OS Known
Vulnerabilities, Changes of Behavior and PAN-OS Known Issues. For a known issue under
PAN-OS Known Issues, the value under Associated Case Count is obtained by the number of
customers that have reported this issue.
Click Export to download this report in a CSV format.

Generate On-Demand Software Upgrade Recommendations

1. Navigate to Workflows > Software Upgrades > Upgrade Recommendations.
2. Generate New Upgrade Recommendations.

3. Select a Tech Support File (TSF) and Upload.

• You can upload TSF of only one device at a time and it must be TSF in the .tgz file
format.
• Software Upgrade Recommendations supports TSF from devices with the PAN-OS
version 9.1 or above for report generation.

4. View the software upgrade recommendations after the status is displayed as Ready. You can
also check the Status column to see if there are any errors related to the upload, file format, or
processing of the TSF file.

Software Upgrades (Prisma Access)

Select Workflows > Software Upgrades > Prisma Access to view information about the Prisma
Access dataplane upgrade process.

You can:
• Understand the Prisma Access dataplane upgrade process.
• Choose your upgrade preferences:

Select a tenant name to choose your upgrade preferences. For more information, see Choose a
Preferred Window for Certain Prisma Access Upgrades.

Workflows: Prisma Access Browser

Where Can I Use This? What Do I Need?

• with bundle license

Superuser or role

Select Workflows > Prisma Access Setup > Prisma Access Browser to start onboarding your
Prisma Access Browser.
Prisma Access Secure Enterprise Browser (Prisma Access Browser) is the only solution that
secures both managed and unmanaged devices, through a natively integrated enterprise browser
that extends protection to unmanaged devices. See What is the Prisma Access Browser?
Onboarding is a series of steps where you'll configure the following items:
• User authentication and groups
• Prisma Access Integration
• Routing
• Enforce SSO Applications
• Download and Distribute
• Browser Policy
Onboard Prisma Access Browser on the Strata Cloud Manager.

Strata Cloud Manager Getting Started 564 ©2025 Palo Alto Networks, Inc.
Reports: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

(with or configuration management)
• NGFWs
(with or configuration management)
•

Software NGFW Credits

(for VM-Series software NGFWs)
WAN Clarity Report license
A role that has permission to download, share,
and schedule reports.

Get reports on the network traffic patterns, bandwidth utilization, and your security subscription
data in Strata Cloud Manager. Reports provide actionable insight into your network that you can
use for planning and monitoring purposes.
Reports are supported on certain Prisma Access and NGFW dashboards, Activity Insights
overview, and Prisma SD-WAN. Prisma Access and NGFW users who have full access to use the
dashboard, can download dashboard data as PDFs, share the report within their organization, and
schedule reports to get delivered to their email inbox at regular intervals. Reports are a licensed
subscription service in Prisma SD-WAN. You can download and view reports from controllers,
across sites, and circuits in Prisma SD-WAN.
View these reports in Strata Cloud Manager:
• Prisma Access and NGFW - You can generate reports from the Prisma Access and NGFW
dashboards and Activity Insights. These icons in the top right of the dashboard indicate
that reports are supported for this dashboard. You can also generate, download, share, and
schedule reports directly from the Reports menu.
• Prisma SD-WAN - View the following WAN Clarity reports:
• WAN Clarity Branch Reports
• WAN Clarity Data Center Reports
• Aggregate Bandwidth Usage Reports
• SaaS Risk Assessment Report - Use the SaaS Risk Assessment Report to proactively identify
problems with how assets are stored and shared across all applications secured by Data
Security and take action to reduce exposure.
• GDPR Report - The GDPR Report summarizes evidence related to the data privacy regulations
for your sanctioned SaaS applications on Data Security.

565
Reports: Strata Cloud Manager

The SaaS Risk Assessment and GDPR reports have been migrated from SaaS Security >
Data Security > Reports to Strata Cloud Manager > Reports.

• Prisma Access and NGFW

• Prisma SD-WAN
• SaaS Risk Assessment
• GDPR

Reports (Prisma Access and NGFW)

The dashboards and Activity Insights summary can be shared within your organization as PDF
reports, and you also schedule reports so that they’re delivered to your email inbox—and your
colleagues’ inboxes—at regular intervals (daily, weekly, or monthly).
So that you can easily share reports with people in your organization, set up Cloud Identity
Engine (Directory Sync) for this app. Cloud Identity Engine gives apps read-only access to your
Active Directory information. With Cloud Identity Engine set up, you can easily add recipients
to a scheduled report. Your report recipients are checked against Cloud Identity Engine, and if it
doesn’t find a match, it performs an extra validation step by checking the email address domain
against the email address domains associated with your support account. These checks ensure
that reports are not sent outside of your organization.
You can download, share, or schedule the reports directly from the Reports menu or from the
individual Dashboard page and Insights > > Activity Insights > Overview page. Reports are
shared and downloaded as PDFs.
To download, share, or schedule a report:
STEP 1 | Click any of these icons, on the Dashboard page or from the Insights > > Activity
Insights > Overview page.

Or
Click Strata Cloud Manager > Reports > Generate Reports/Overview and select any of these
icons from the list of report formats. By default, reports are generated with the last
24 hours data or 30 days data based on the type of dashboard for which you are generating
report. You can customize the time period for which you want to gather data in the report
when scheduling the report.

STEP 2 | If you’re scheduling a report, you’ll need to continue to define the report parameters
including:
• the Time Period for which to gather data
• the Recurrence, which is the frequency at which you’d like the report to be delivered (daily,
weekly, or monthly)

You can view, edit, or delete all the scheduled reports from the Strata Cloud Manager >
Reports > Scheduled Reports tab.

History shows all the reports downloaded in the past 30 days.

GDPR Report
The GDPR Report summarizes evidence related to the data privacy regulations for your
sanctioned SaaS applications on Data Security. Access to the report depends on your team and
your administrator role permissions:
• GDPR link is hidden if you do not have Report permissions.
• GDPR report only includes cloud apps for which you have Team permissions.
The report provides actionable intelligence around sensitive data exposure, user activities, your
security posture, and the personal data that resides on your applications; however, the report
does not provide a verdict for compliance.
You can export the report to help your GDPR regulator review how you collect, use, and share PII
data across your SaaS applications. For example, you can generate a report to view the number
of records transferred to a third country or an international organization, or to learn which
sanctioned applications are sharing data externally.
STEP 1 | To download, share, or schedule a report, select Strata Cloud Manager > Reports > Report
Templates > GDPR and choose the required action.
View the report and review evidence identified and possible compliance issues.

STEP 2 | Expand each section to review the report’s contents.

• Regulation—Summary of regulation.
• Article—Verbatim text of articles from the regulation.
• Evidence—Verdict and link to supporting cloud assets (folder icon), configurations (gear
icon), and actions (lightning bolt icon).
• Validation—Method used to determine compliance with the regulation.
• Cloud Apps—Applications with assets that pertain to this regulation.

STEP 3 | Select the Scheduled Reports tab to view the reports that have been scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 4 | Select the History tab to view the list of reports generated in the past.

SaaS Risk Assessment Report

Use the SaaS Risk Assessment Report to proactively identify problems with how assets are stored
and shared across all applications secured by Data Security and take action to reduce exposure.
You can share this on-demand PDF report with your information security team for a periodic
check-in, or email it to your executives to highlight SaaS applications usage on your network and
how your security posture for SaaS data and applications compares against competitors in your
industry.
The SaaS Risk Assessment Report summarizes the following information across managed cloud
applications:
• key findings
• policy violations
• exposure of sensitive content
• top domains with which your users are sharing files
• users with the most incidents
• most popular file types
• incidents per file type
The contents of the report use the data available at the time you generate it, and it is a snapshot
of the findings up to the time you make the request: you can neither configure a time period nor
schedule this on-demand report.
STEP 1 | To download, share, or schedule a report, select Strata Cloud Manager > Reports > Report
Templates > SaaS Risk Assessment and choose the required action.

STEP 2 | Select the Scheduled Reports tab to view the reports that have been scheduled to generate.
You can choose to delete a scheduled report or edit the schedule.

STEP 3 | Select the History tab to view the list of reports generated in the past.

Reports (Prisma SD-WAN)

STEP 1 | Select Reports > Report Templates > Prisma SD-WAN.

STEP 2 | Click View Reports on WAN Clarity Reports.

The Prisma SD-WAN WAN Clarity reports include:
• WAN Clarity Branch Reports
• WAN Clarity Data Center Reports
• Aggregate Bandwidth Usage Reports

STEP 3 | Select a Time Range and select any of the following in the Report for field.
• Branch
• Data Center
• Aggregate Bandwidth Usage

Strata Cloud Manager Getting Started 572 ©2025 Palo Alto Networks, Inc.
Favorites: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Each of these licenses include access to

(with or configuration management)
:
• NGFWs
(with or configuration management)

Any Tenant or Tenant Service Group

(TSG) supported app
A role depending on your needs

The Favorites feature enables you to save items of interest and then quickly access them when
needed from any location in Strata Cloud Manager. You can personalize your favorite menu item
names in your own private list by organizing, editing, and deleting the content of your list.
Manage your favorites as follows:
• Add Favorites
• View Favorites
• Edit Favorites
• Delete Favorites

573
Favorites: Strata Cloud Manager

Add Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

Strata Cloud Manager:
(with Strata Cloud Manager or Panorama
configuration management) Prisma Access
• NGFWs AIOps for NGFW Premium license
(use the Strata Cloud Manager app)
(with Strata Cloud Manager or Panorama
configuration management) Strata Cloud Manager Essentials
Strata Cloud Manager Pro
Any Tenant or Tenant Service Group
(TSG) supported app
A role depending on your needs

If you have menu items or pages in Strata Cloud Manager where you repeatedly need to go, but
you no longer want to search for them or navigate to them, you can save these items to a list of
favorites.
STEP 1 | Navigate to the menu item or page that you want to save.

STEP 2 | Hover over the item to view the star icon.

STEP 3 | Select the star to add this item to your Favorites.

The very top level menu items cannot be added as favorites. Only sub-menus can be
added as favorites.

View Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

After you add favorites, you can view your favorites and their original locations.
STEP 1 | Select Favorites.

STEP 2 | Hover over the item to view the location icon.

STEP 3 | The path to the actual location and menu name is displayed.

Clicking the item in your favorites list takes you to its original location.

Edit Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

After you add favorites, you can edit your favorites to personalize them.
STEP 1 | Select Favorites.

STEP 2 | Hover over the item to view the edit icon.

STEP 3 | Rename the item.

Renaming the item in your favorites list does not rename the original item in its original
location.

Delete Favorites
Where Can I Use This? What Do I Need?

• Prisma Access Each of these licenses include access to

After you add favorites, you can delete favorites from your list.
STEP 1 | Select Favorites.

STEP 2 | Hover over the item to view the delete icon.

STEP 3 | Click the icon to delete the favorite from the list.

Deleting the item from your favorites list does not remove the original item from its
original location.

Strata Cloud Manager Getting Started 578 ©2025 Palo Alto Networks, Inc.
Settings: Strata Cloud Manager
Where Can I Use This? What Do I Need?

• Any Tenant or Tenant Service Group

(TSG) supported app
A role depending on your needs
to manage logs

From Settings, you can manage the processes that pertain to all services offered in Strata Cloud
Manager. These processes include:

Subscriptions
View the approved subscriptions for your product.
Manage Subscriptions.

Device Associations
Most often used in device and app onboarding, Device Associations enables you to:
• Associate new devices with a tenant
• Associate apps with your devices
• Manage device and app associations
Get started with Device Associations.

Products
If you have a single tenant environment, view, launch, and manage your products:
• Get product information
• Rename instance
• Manage sharing
• Add a tenant
Get started with Product Management.

Tenants
If you're a managed security service provider (MSSP) or distributed enterprise, you can create
and manage your hierarchy of business organizations and units, represented by tenants. From
Tenants, you can:
• Add a tenant
• Edit a tenant
• Manage tenant licenses

579
Settings: Strata Cloud Manager

• Delete a tenant
• Transition from a single tenant to a multitenant deployment
Get started with Tenant Management.

Identity & Access

Control authentication and authorization of user roles and permissions for all applications and
API-based access. Through Identity & Access, you can manage:
• User access
• Service accounts
• Roles
• Third-party identity provider integration
Get started with Identity & Access.

Audit Logs
View records of all actions initiated by users of Strata Cloud Manager
View Audit Logs.

ION License Management

Generate authorization tokens for virtual ION devices. This provides a set of controls to prevent
unauthorized addition of virtual devices to an environment.
Manage ION Licenses.

User Preferences
Customize your preferences to suit your needs. For example, choose your display mode.
Configure User Preferences.

Trusted IP List
Use Trusted IP Lists to restrict access to your applications by specifying IP addresses that are
allowed on a per tenant basis.
Configure a Trusted IP List.

Settings: Audit Logs

Where Can I Use This? What Do I Need?

• Each of these licenses include access to :

• , including those funded by Software
NGFW Credits

→ The features and capabilities available to

you in depend on which license(s) you are
using.

Under Settings > Audit Logs, you can see a list of actions initiated by users of
Strata Cloud Manager. It provides logs on changes made, the owner of the change, the date and
time of the change, and the description of the change. You can use these logs for compliance and
troubleshooting purposes. You can filter the audit logs by the date range with the capability, by a
user, category, and type of change.
d

Settings: Trusted IP List

Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

Cloud-delivered applications offer the convenience of accessibility from anywhere in the world.
However, this allows for exposure to risks such as access using stolen credentials, dictionary
attacks, and other forms of brute-force attacks to gain access to the applications.
While Identity and Access Management mitigates some of this risk, you can use Trusted IP Lists
to further restrict access to your applications by specifying IP addresses that are allowed on a per
tenant basis.
By default, during the creation of a new tenant, access is allowed to both the web interface and
the API from any IP address. The Trusted IP List is a list of trusted IP addresses that are allowed
to access a tenant. You can use a Trusted IP List to limit access to a single tenant, or you can use
it to limit access to a parent tenant and its children in a multitenant hierarchy. In a multitenant
hierarchy, you add the Trusted IP List on the parent tenant, the list gets inherited from the parent
tenant to its child tenants, and is enforced from the top-down.
To streamline IP address management, Strata Cloud Manager offers a bulk import feature for
trusted IP addresses. This functionality allows you to upload multiple IP addresses via a CSV file,
significantly reducing the time and effort required for manual entry. The default limit is set to 100
IP addresses per tenant security group (TSG), providing flexibility for managing larger sets of IP
addresses.

How to Manage a Trusted IP List from How to Manage a Trusted IP List from the hub
Strata Cloud Manager

To manage a Trusted IP List from To manage a Trusted IP List from the hub,
Strata Cloud Manager, select Settings > select tenant view of the hub > Common
Trusted IP List. Services > Trusted IP List.

You can manage Trusted IP Lists You can manage Trusted IP Lists from the
from Strata Cloud Manager and the hub, but the hub is exempt from the trusted
Strata Cloud Manager web interface and IP address enforcement, so your access to
API will allow access to only those trusted IP the hub is not restricted to the trusted IP
addresses. addresses. If your IP address gets blocked
from a tenant on Strata Cloud Manager that
you should have access to, you can go to the
hub and unlock your access if you have the
listed permissions.

Add Trusted IPs

Delete Trusted IPs

Unlock Access

Add Trusted IPs

Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

After you have activated your license, created your tenants, and managed user access to Strata
Cloud Manager, you can further restrict access to your tenants by adding trusted IP addresses to a
Trusted IP List. By default, any IP address is permitted to access Strata Cloud Manager.
You can add trusted IP addresses using two methods: adding a single IP address or importing
multiple IP addresses in bulk using a CSV file. When adding IP addresses, adhere to the following
guidelines:
• Use CIDR notation for IPv4 addresses only.
• For IP address pools (private address ranges), RFC 1918 and RFC 6598 compliant IP addresses
are recommended.
• Specify a single IP address (e.g., 192.168.1.1) or an IP address range with a subnet mask (e.g.,
10.0.0.0/24)
• Subnet addresses are not supported. Use IP addresses or ranges only.
• (Prisma Access only) Avoid overlapping with these reserved internal IP addresses:
• 169.254.169.253 and 169.254.169.254
• 100.64.0.0/10
• 169.254.201.0/24
• 169.254.202.0/24
When you add new IP addresses, Strata Cloud Manager automatically logs the user who
performed the action. For auditing and visibility purposes, you can easily track this information in
the Added By field field, which populates without any manual input.

Add a Single IP Address

STEP 1 | Select Settings > Trusted IP List .

STEP 2 | Search or scroll to find and select your tenant.

STEP 3 | Select Add New.

STEP 4 | Enter an IP Address that can access this tenant.

Strata Cloud Manager validates the specified value to ensure they meet the IP address
guidelines and displays any error.

STEP 5 | If there are no errors, Save.

The change takes effect immediately, so make sure that your IP address is correct or
you can lose access to the tenant.

Add IP Addresses in Bulk

STEP 1 | Select Settings > Trusted IP List.

STEP 2 | Search or scroll to find and select your tenant.

STEP 3 | Select Bulk Add.

STEP 4 | Upload the CSV file containing the list of IP addresses. If necessary, you can download a
sample CSV template.

STEP 5 | Select Add IPs.

Strata Cloud Manager validates the specified values to ensure it meets the IP address
guidelines and displays any errors.

You can also click See Details to download the list of IP addresses and the corresponding error
in CSV format.

STEP 6 | If there are no errors, Save.

The change takes effect immediately, so make sure that your IP address is correct or
you can lose access to the tenant.

Delete Trusted IPs

Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

After you add trusted IPs to a Trusted IP List for your tenant, you can return to unrestricted
access by deleting the trusted IP addresses.
Delete trusted IPs using Strata Cloud Manager.
STEP 1 | Select Settings > Trusted IP List.

STEP 2 | Search or scroll to find and select your tenant.

STEP 3 | Use one of the following options:

• Delete multiple IPs — select the IP Address check box to highlight all IP addresses at the
same time, then select the Delete button.

• Delete a single IP — select the individual check box of the IP, then delete from Actions >
Delete.

If you inherited a Trusted IP List from a parent tenant, you can't delete it from a child
tenant because those are inherited. You can only delete a Trusted IP List from a child
tenant if you added it directly at the child-level.

STEP 4 | Select OK at the prompt.

The change takes effect immediately. If you delete all the trusted IPs, then IP access goes back
to Any.

Unlock Access
Where Can I Use This? What Do I Need?

• IAM role of Superuser, Multitenant

Superuser, Multitenant IAM Admin, or any
custom role with the Trusted IP List
permission set

After you add trusted IPs to a Trusted IP List for your tenant, that access is enforced by
Strata Cloud Manager. If your IP address is not on the Trusted IP List for the tenant, then you see
an access denied message if you try to access it.

If your IP address gets blocked from a tenant that you should have access to, you can go to the
hub to unlock yourself if you have the listed permissions.

STEP 1 | From the hub, select tenant view of the hub > Common Services > Trusted IP List.

STEP 2 | Add your IP address to the Trusted IP address list.

Settings: User Preferences

Where Can I Use This? What Do I Need?

• , including those funded by Software One of the following licenses:

NGFW Credits
or

In Settings > User Preferences, you can customize Strata Cloud Manager to suit your specific
needs by modifying User Preferences. These settings include the following:
• Light/Dark/System Mode—Choose between dark and light display modes or choose to follow
your own system settings.

Settings: Strata Logging Service

Where Can I Use This? What Do I Need?

•
•
•
•

Strata Logging Service (formerly Cortex Data Lake) is a cloud-based logging system that stores
context-rich enhanced network logs generated by our security products, including our NGFWs,
Prisma Access, and Cloud NGFW for AWS. With Strata Logging Service, you can collect ever-
expanding volumes of data without needing to plan for local compute and storage, and it's ready
to scale from the start. Learn how to activate and deployStrata Logging Service in your product.

Additionally, you can also access and manage logs with Strata Logging Service app
available on the hub. The logging data is the same in both Strata Logging Service app and
Strata Cloud Manager, except for their web interface differences.

Use Strata Logging Service to:

• Check the status of a Strata Logging Service instance- click Strata Logging Service > Overview
• View and onboard firewalls, Cloud NGFW, Prisma Access, or Panorama appliances- click
Strata Logging Service > Inventory

• View the allocated log storage quota, the available storage space, and the number of days
the logs are retained based on your incoming log rate - click Strata Logging Service > Storage
Status
• Configure log storage quota- click Strata Logging Service > Configure Quota
• Search, filter, and export log data- click Incidents & Alerts > Log Viewer. Log Viewer has same
features as Explore in Strata Logging Service app.
• Forward log data to external servers for long-term storage, SOC, or internal audit- click
Strata Logging Service > Log Forwarding

Application Experience
Where Can I Use This? What Do I Need?

• Either one of these licenses:

license
license or license

Use the Application Experience page to manage your Autonomous DEM users and remote sites.
View the audit logs to see which administrators have authenticated to Prisma Access during the
selected Time Range.
Refer to the Manage Autonomous DEM Agent Upgrades to learn about the Upgrade Options.

Access Experience Agent Management

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

Use this tab to get details about all of your registered ADEM users, such as whether the user is
online (the user device is sending keep-alive messages to the ADEM service) or offline (the ADEM
service has not received a keep-alive message from the user device in the last ten minutes), when
the user device was last seen, the username, device type, and hostname of the ADEM user, and
what ADEM agent version they are running.
Each row in the table in this tab represents a unique user in a separate row. Every user/device
combination is considered as a unique user. For example, if 2 users are logged in to 3 devices
each, the number of unique users will be 6. Hence, a user name could be duplicated across
multiple rows depending on the number of devices they are logged in to.
In the title of the table in this widget, the number of Total Endpoint Agents denotes the total
number of devices monitored. The number of Users is the total users regardless of the number of
devices they are logged into. This is because the license consumption is based on the total number
of users regardless of how many devices each user is logged into.
Use the check boxes to the left of the Last logged in User to make bulk configuration by selecting
the row for the endpoints. Deleting an entry by selecting it from the Access Experience Agent
Management table will release the license entry.

Column Name Description

Last Logged in User A device can have multiple users logging into
it. This column lists the user ID of the most

Column Name Description

recent user who has logged into GlobalProtect
using this device.

Device The OS that is running on this device.

Hostname The host name of the device.

Last Seen The the last message sent from the device to
the DEM server.

First Seen The the first message received from this

device by the DEM server.

User Status Connection status of the current user.

Monitoring State Whether app tests are running on the device.

Endpoint Agent Version The version of the ADEM agent installed on

the device.

Remote Site Experience Management

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

This tab gives you details on the branch Prisma SD-WAN ION devices that are enabled for digital
experience management. Use this tab to get details about all of your registered ADEM remote
sites, such as the device model, hostname, site status, monitoring state (whether monitoring is
enabled for the site), hostname of the high availability server (if there is one), and the remote site
agent version.

Column Name Description

Remote Site Name Pisma SD-WAN branch site.

Device Model Prisma SD-WAN ION device model number.

Hostname Hostname of the ION device.

HA Peer Hostname Whether a high availability standby ION

device has been configured at that site.

Column Name Description

Last Seen The last message sent from the ION device to
the DEM server.

First Seen The first message received from the ION

device by the DEM server.

Site Status Connectivity status of the site ION device

with the DEM agent.

Monitoring State Whether the site is configured to run app

tests.

Remote Site Agent Version The version of the ADEM agent installed on
the ION device.

Health Score Profiles

Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

View the domain health score details in this tab.

Column Name Description

Domain Health Score Metric Lists the domains for which ADEM calculates health score
Name metrics. Click on a Domain name in this column to view
its metrics. These metrics include the lower and upper
thresholds and how much the numbers impact the total
experience score when they cross the thresholds. These
metrics are not editable.

Type Domain Type

Associated Use Case The dashboard or widget on which the calculated experience
score displays.

Audit Logs
Where Can I Use This? What Do I Need?

• license
(with or configuration management)
license
license

View the audit logs for all the events that are triggered due to API calls..

Column Name Description

Event Time The time when the event was triggered which caused
the log to be created.

Email Email address of the person who was notified when the
log was created.

Description The API call that caused the event to trigger thus
creating the log.

Strata Cloud Manager AIOps
No ratings yet
Strata Cloud Manager AIOps
94 pages
AI-Powered Network Security Solution
100% (1)
AI-Powered Network Security Solution
10 pages
CM 4.5 Enterprise Help Guide
No ratings yet
CM 4.5 Enterprise Help Guide
194 pages
Enterprise DLP Administration
No ratings yet
Enterprise DLP Administration
404 pages
Dobt
No ratings yet
Dobt
2 pages
Prisma Access Cloud Managed Admin
No ratings yet
Prisma Access Cloud Managed Admin
180 pages
Prisma SD Wan Administration
No ratings yet
Prisma SD Wan Administration
620 pages
Enterprise DLP Administration
No ratings yet
Enterprise DLP Administration
368 pages
Prisma SD Wan Admin
No ratings yet
Prisma SD Wan Admin
572 pages
SD Wan Admin
No ratings yet
SD Wan Admin
220 pages
Prisma Cloud Admin PDF
No ratings yet
Prisma Cloud Admin PDF
258 pages
Panorama Admin
No ratings yet
Panorama Admin
738 pages
SD Wan Admin
No ratings yet
SD Wan Admin
116 pages
Panorama Admin
No ratings yet
Panorama Admin
684 pages
Wildfire Appliance
No ratings yet
Wildfire Appliance
214 pages
Cloudera Administration
No ratings yet
Cloudera Administration
694 pages
Cloudera Manager Administration Guide
No ratings yet
Cloudera Manager Administration Guide
78 pages
Prisma Access Panorama Admin
No ratings yet
Prisma Access Panorama Admin
386 pages
Advantages and Disadvantages of Cloud Computing
No ratings yet
Advantages and Disadvantages of Cloud Computing
1 page
Panorama Adminguide
No ratings yet
Panorama Adminguide
320 pages
Panorama Admin
No ratings yet
Panorama Admin
632 pages
Panorama Admin
No ratings yet
Panorama Admin
596 pages
Prisma Cloud Release Notes
No ratings yet
Prisma Cloud Release Notes
726 pages
Troubleshooting Palo Alto Docs Guide
100% (2)
Troubleshooting Palo Alto Docs Guide
502 pages
Prisma SD Wan Admin PDF
No ratings yet
Prisma SD Wan Admin PDF
456 pages
Prisma Access Panorama Admin
No ratings yet
Prisma Access Panorama Admin
630 pages
Day 10 - Setting Up A Palo Alto Firewall - From Design To Deployment
No ratings yet
Day 10 - Setting Up A Palo Alto Firewall - From Design To Deployment
4 pages
Panorama Admin
100% (1)
Panorama Admin
478 pages
AltaVault Deployment Guide Updated PDF
No ratings yet
AltaVault Deployment Guide Updated PDF
58 pages
ClouderaManager ExerciseInstructions
No ratings yet
ClouderaManager ExerciseInstructions
25 pages
Palo Alto Firewall Pan-Os-Administration Guide v10.0 PDF
50% (2)
Palo Alto Firewall Pan-Os-Administration Guide v10.0 PDF
1,446 pages
Alibaba Cloud Whitepaper - Ack k8s
No ratings yet
Alibaba Cloud Whitepaper - Ack k8s
148 pages
STRM Administration Guide: Security Threat Response Manager
No ratings yet
STRM Administration Guide: Security Threat Response Manager
382 pages
Cloudera Administration PDF
No ratings yet
Cloudera Administration PDF
478 pages
FortiOS 6.4.7 Administration Guide
No ratings yet
FortiOS 6.4.7 Administration Guide
1,871 pages
StoneGate Management Center Installation Guide v5-1
No ratings yet
StoneGate Management Center Installation Guide v5-1
105 pages
FortiOS 7.2.9 Administration Guide
No ratings yet
FortiOS 7.2.9 Administration Guide
3,374 pages
FortiOS 7.0.10 Administration Guide
No ratings yet
FortiOS 7.0.10 Administration Guide
2,688 pages
FortiOS 6.4.2 Administration Guide
No ratings yet
FortiOS 6.4.2 Administration Guide
1,865 pages
Securing Data Center Public Cloud
No ratings yet
Securing Data Center Public Cloud
40 pages
SecOps Operationalization For Prisma Cloud-1
No ratings yet
SecOps Operationalization For Prisma Cloud-1
17 pages
Prisma SD Wan Release Notes
No ratings yet
Prisma SD Wan Release Notes
68 pages
En Pca 3 0 Latest Concept
No ratings yet
En Pca 3 0 Latest Concept
229 pages
Propalm Admin Guide
No ratings yet
Propalm Admin Guide
394 pages
CTERA Portal Global Administration Guide 5.0
No ratings yet
CTERA Portal Global Administration Guide 5.0
254 pages
Panorama Admin Guide Palo Alto Networks
100% (2)
Panorama Admin Guide Palo Alto Networks
414 pages
Panorama Admininistration
No ratings yet
Panorama Admininistration
446 pages
FortiOS Admin Guide for IT Pros
No ratings yet
FortiOS Admin Guide for IT Pros
1,807 pages
Cisco SBA DC NetAppStorageDeploymentGuide-Aug2012
No ratings yet
Cisco SBA DC NetAppStorageDeploymentGuide-Aug2012
35 pages
FortiOS 7.2.1 Admin Guide
100% (1)
FortiOS 7.2.1 Admin Guide
716 pages
FortiOS 7.4.3 Administration Guide
No ratings yet
FortiOS 7.4.3 Administration Guide
3,620 pages
AS350 B2 - CH 04 - Main Rotor
100% (4)
AS350 B2 - CH 04 - Main Rotor
54 pages
AS350 B2 - CH 0 - Overview
100% (3)
AS350 B2 - CH 0 - Overview
33 pages
AS350 Training Manual
86% (7)
AS350 Training Manual
644 pages
Manual KING AIR
100% (5)
Manual KING AIR
228 pages
AS350 Is
100% (1)
AS350 Is
8 pages
KA 350 Pilot Training Manual
100% (3)
KA 350 Pilot Training Manual
599 pages
IMC Exam Sample Questions & Answers
No ratings yet
IMC Exam Sample Questions & Answers
7 pages
Power Plant PW 1100g
96% (26)
Power Plant PW 1100g
366 pages
AS350 B2 - CH 03 - Main Rotor Drive System
100% (1)
AS350 B2 - CH 03 - Main Rotor Drive System
36 pages
350 B2 CHKLST PDF
100% (1)
350 B2 CHKLST PDF
15 pages
Memory Jogger A320
96% (54)
Memory Jogger A320
157 pages
Helicopter Flight Manual Update
No ratings yet
Helicopter Flight Manual Update
52 pages
SSE-Engineer Palo Alto Networks
No ratings yet
SSE-Engineer Palo Alto Networks
8 pages
AS350 B2 - CH 11 - Pitot Static Sys. - Inst.
No ratings yet
AS350 B2 - CH 11 - Pitot Static Sys. - Inst.
11 pages
Sikorsky S-76 Pilot Training Manual: Flightsafety
83% (6)
Sikorsky S-76 Pilot Training Manual: Flightsafety
553 pages
Flight Instructor Guide Whiteboard Layouts
100% (30)
Flight Instructor Guide Whiteboard Layouts
32 pages
C20B Training Manual
96% (81)
C20B Training Manual
284 pages
AS350B2 Flight Manual
100% (3)
AS350B2 Flight Manual
375 pages
KA 200 B200 Pilot Training Manual
100% (2)
KA 200 B200 Pilot Training Manual
382 pages
AS350 B2 - CH 01 - FLT Manual - General Limitations
100% (2)
AS350 B2 - CH 01 - FLT Manual - General Limitations
36 pages
How To Fly Ifr 2024
100% (10)
How To Fly Ifr 2024
325 pages
Flight Safety Beechcraft 1900 Airliner Pilot Training Manual PDF
100% (10)
Flight Safety Beechcraft 1900 Airliner Pilot Training Manual PDF
400 pages
AS350 B2 - CH 10 - Fuel System
100% (2)
AS350 B2 - CH 10 - Fuel System
32 pages
Manual Aw119 Koala
100% (2)
Manual Aw119 Koala
820 pages
412 B1.3 Bell Training Manual
100% (11)
412 B1.3 Bell Training Manual
276 pages
Jeppesen Private Pilot Textbook 2018
100% (60)
Jeppesen Private Pilot Textbook 2018
683 pages
AS350 B2 - CH 05 - Tail Rotor Drive System
100% (1)
AS350 B2 - CH 05 - Tail Rotor Drive System
21 pages
Training Notes Arrius 2b1-2b1a-2b2 l1 2013-04 Unlocked
100% (4)
Training Notes Arrius 2b1-2b1a-2b2 l1 2013-04 Unlocked
358 pages
As350-200m-1 Rev 10 1-14-21
100% (2)
As350-200m-1 Rev 10 1-14-21
63 pages
THM 350
100% (5)
THM 350
320 pages
Client Management PPSK One SSID
No ratings yet
Client Management PPSK One SSID
88 pages
Nessus 5.2 HTML5 User Guide
No ratings yet
Nessus 5.2 HTML5 User Guide
113 pages
OpenDirectoryIntegration-1 2
No ratings yet
OpenDirectoryIntegration-1 2
14 pages
Aerohive Whitepaper HIPAA Compliance
No ratings yet
Aerohive Whitepaper HIPAA Compliance
11 pages
Supplemental Materials Rev 4
No ratings yet
Supplemental Materials Rev 4
45 pages
Spanning Tree Overview
No ratings yet
Spanning Tree Overview
78 pages
Aerohive Whitepaper Service Level Assurance
No ratings yet
Aerohive Whitepaper Service Level Assurance
14 pages
Aerohive Whitepaper CDE12 Leveraging Mobility
No ratings yet
Aerohive Whitepaper CDE12 Leveraging Mobility
8 pages
SonicWALL SonicOS CLI Guide-1
No ratings yet
SonicWALL SonicOS CLI Guide-1
20 pages
Jsaer2024 11 5 282 286
No ratings yet
Jsaer2024 11 5 282 286
5 pages
Pravail APS 2.0 Configuration Training
No ratings yet
Pravail APS 2.0 Configuration Training
62 pages
MS Gpie
No ratings yet
MS Gpie
59 pages
Nokia Support Discussions - How To Format Nokia 5200 Phone Memory & Simcard Me... - Nokia Support Discussions
No ratings yet
Nokia Support Discussions - How To Format Nokia 5200 Phone Memory & Simcard Me... - Nokia Support Discussions
179 pages
Makita DC18RC Schematic Overview
No ratings yet
Makita DC18RC Schematic Overview
2 pages
Cinema - Problem Description
No ratings yet
Cinema - Problem Description
10 pages
Enhancing User Experience in Sales Cloud
No ratings yet
Enhancing User Experience in Sales Cloud
24 pages
1sem Web
No ratings yet
1sem Web
12 pages
Control or Iterative Structures
No ratings yet
Control or Iterative Structures
7 pages
Visitor Log Monitoring System Thesis Documentation PDF
100% (2)
Visitor Log Monitoring System Thesis Documentation PDF
2 pages
Mini-Link E: Traffic Node Concept Technical
100% (1)
Mini-Link E: Traffic Node Concept Technical
60 pages
Block Chain Technology-1 Paper Solution
No ratings yet
Block Chain Technology-1 Paper Solution
7 pages
Ioegc 10 032 100471
No ratings yet
Ioegc 10 032 100471
8 pages
HP License
No ratings yet
HP License
3 pages
Configuracion Basica de Un Switch y Un Router - Ird11
No ratings yet
Configuracion Basica de Un Switch y Un Router - Ird11
13 pages
17 Support and Training en
No ratings yet
17 Support and Training en
19 pages
Cs CA Project Details
No ratings yet
Cs CA Project Details
2 pages
Juniper Apstra Architecture White Paper
No ratings yet
Juniper Apstra Architecture White Paper
18 pages
3 AmadeusAlteaNDC SeatAvailability 18.1 ImplementationGuide 20230623
No ratings yet
3 AmadeusAlteaNDC SeatAvailability 18.1 ImplementationGuide 20230623
81 pages
Amiko miniHD
No ratings yet
Amiko miniHD
7 pages
MT Marathon 2018 Insights
No ratings yet
MT Marathon 2018 Insights
24 pages
AUTOSAR SWS Cryptography Pages 1
No ratings yet
AUTOSAR SWS Cryptography Pages 1
60 pages
Omnis Titration: Performance On A Whole New Level!
No ratings yet
Omnis Titration: Performance On A Whole New Level!
7 pages
Office Buildings: OF-UC1.0 Utility Closet
No ratings yet
Office Buildings: OF-UC1.0 Utility Closet
2 pages
Cisco ASA 5500 Series Release Notes 8.2
No ratings yet
Cisco ASA 5500 Series Release Notes 8.2
18 pages
Api Console
No ratings yet
Api Console
191 pages
White Paper: An Introduction To The Terminal Industry Committee 4.0 (TIC4.0)
No ratings yet
White Paper: An Introduction To The Terminal Industry Committee 4.0 (TIC4.0)
23 pages
Datasheet 48gll PDF
No ratings yet
Datasheet 48gll PDF
2 pages
Audio-Visual Setup for Live Performance
No ratings yet
Audio-Visual Setup for Live Performance
4 pages
Mock Interview Feedback for Akash Singh
No ratings yet
Mock Interview Feedback for Akash Singh
3 pages
Top 50 React Interview Questions 2024
No ratings yet
Top 50 React Interview Questions 2024
24 pages
HP Scanner
No ratings yet
HP Scanner
2 pages
Worksheet 8.1. Conditional Algorithms
No ratings yet
Worksheet 8.1. Conditional Algorithms
7 pages

Strata Cloud Manager Getting Started

Uploaded by

Strata Cloud Manager Getting Started

Uploaded by

Strata Cloud Manager Getting Started

About the Documentation

AI Canvas Best Practices.........................................................................................................93

Command Center: Strata Cloud Manager..................................................99

Insights: Activity Insights............................................................................ 119

Activity Insights: Users.......................................................................................................... 135

Dashboards: Strata Cloud Manager..........................................................159

Dashboard: DNS Security..................................................................................................... 192

SASE Health Dashboard: Current Mobile Users - Map View........................... 275

Monitor: Strata Cloud Manager.................................................................281

Incidents and Alerts: Strata Cloud Manager...........................................349

Incidents and Alerts: Prisma SD-WAN..............................................................................355

Manage: NGFW and Prisma Access......................................................... 359

Manage: IoT Policy Recommendation..................................................... 461

Manage: Enterprise DLP..............................................................................465

Workflows: SaaS Security........................................................................... 471

Manage: Prisma SD-WAN...........................................................................475

Manage: Prisma Access Browser.............................................................. 483

Manage: Operations..................................................................................... 491

Manage:Security Posture............................................................................ 503

Manage: Access Control.............................................................................. 531

Custom Role-Based Access Control — Setup.................................................................. 533

Workflows: Strata Cloud Manager........................................................... 537

Reports: Strata Cloud Manager................................................................. 565

Settings: Strata Cloud Manager.................................................................579

→ The features and capabilities available to

How Strata Cloud Manager Strengthens Security

How Strata Cloud Manager Predicts and Prevents

How Strata Cloud Manager Works Everywhere

Strata Cloud Manager Support

→ The features and capabilities available to

Strata Cloud Manager Essentials and

You can register your Cloud NGFW resources

• Contact your account team to enable Cloud

Use Strata Cloud Manager for complete onboarding,

• Strata Cloud Manager Dashboards

AI-Powered ADEM AI-Powered ADEM is a Prisma Access add-on license that

If you're using Panorama to manage Prisma Access,

First Look at Strata Cloud Manager

→ The features and capabilities available to

Command Your First Stop to Assess the Health,

Activity Unified Network Data, All in One Place

Dashboards See What Matters, Right Away

Incidents Actionable Data-Driven Insights

Monitor Proactive Network and Security

Manage Centralized Configuration

Workflows Strengthen Security Outcomes

Reports Comprehensive Visibility

Settings Onboarding and Activation Settings

Search Bar The search bar allows you to quickly

Command Your First Stop to Assess the Health,

Insights Unified Network Data, All in One Place

Reports Comprehensive Visibility

Incidents Actionable Data-Driven Insights

Log Viewer View and interact with your logs stored

Configuration Centralized Configuration

System Onboarding and Activation Settings

Launch Strata Cloud Manager

→ The features and capabilities available to

Launch Strata Cloud Manager for the First Time

Moving to Strata Cloud Manager from a Dedicated Product App

Your product app automatically redirects you to stratacloudmanager.paloaltonetworks.com.

Get Started with Strata Cloud Manager

→ The features and capabilities available to

Validate Your Licenses

Monitoring and Visibility with Strata Cloud Manager

Strata Cloud Manager Onboarding Settings

Shared Management for Prisma Access and NGFWs

Pushing Configuration Changes to NGFWs and Prisma Access

Built-In Best Practices in Strata Cloud Manager

→ The features and capabilities available to

Visibility into Best Practice Adoption and Compliance

Best Practice Tools to Strengthen Security Posture

Live, Inline Best Practice Configuration Checks

Looking for more on Palo Alto Networks best practices?

• Each of these licenses include access to :