>
    Strata Copilot
    Enable ADEM to Monitor SD-WAN for Remote Sites
    Focus
    Download PDF
    Focus
    1. Home
    2. Autonomous DEM
    3. Enable ADEM to Monitor SD-WAN for Remote Sites
    Download PDF
    Autonomous DEM

    Enable ADEM to Monitor SD-WAN for Remote Sites

    Table of Contents

    Enable ADEM to Monitor SD-WAN for Remote Sites

    Learn about the steps to enable ADEM monitoring for SD-WAN for NGFW remote sites.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • ADEM or Strata Cloud Manager Pro license
    • Prisma Access license
    • NGFW running:
      • PAN-OS 11.1.9 or a later version
      • PAN-OS 11.2.6 or a later version
    For holistic visibility into the application experience of users working from remote sites, Autonomous Digital Experience Management (ADEM) can monitor end-to-end application performance on next-generation firewalls (NGFWs) configured as PAN-OS SD-WAN branches, in addition to Prisma Access remote sites.
    If you've configured an NGFW as an SD-WAN branch, you can use ADEM to monitor the application experience of users connecting from the branch.

    Enable ADEM to Monitor SD-WAN for NGFW Remote Sites

    Learn about enabling ADEM monitoring for NGFW Remote Sites.
    1. Associate the NGFW with the same tenant as ADEM.
    2. Retrieve the license key on the firewall.
      1. Log in to the firewall.
      2. Select DevicesLicensesRetrieve license keys from license server.
        Once the license is present, the ADEM plugin should be automatically downloaded and installed on the device.
    3. Validate that the ADEM Agent on your NGFW is connected to the correct portal.
      1. Select MonitorLogs.
      2. Select the most recent log.
    4. Verify that ADEM registers the NGFW as a remote site.
      1. Launch Strata Cloud Manager.
      2. Select System SettingsAccess Experience ManagementRemote Site Experience Management.
      3. Check that the site appears and shows up as Online.
    5. Now you are ready to View Application Experience for NGFW Remote Sites.

    Enable ADEM to Monitor SD-WAN for Prisma Access Remote Sites

    Learn about ADEM monitoring for NGFW remote sites.
    Based on the application forwarding policies configured on the NGFW for SD-WAN, ADEM will monitor all available paths for individual applications. The different paths available are:
    • Direct Access Path
    • Private WAN Path
    • Prisma Access Path
    Prerequisites before you can get started:
    For more details about Remote Networks and Sites with Prisma Access, see here.
    1. Associate the NGFW with the same tenant as ADEM.
    2. Retrieve the license key on the firewall.
      1. Log in to the firewall.
      2. Select DevicesLicensesRetrieve license keys from license server.
        Once the license is present, the ADEM plugin should be automatically downloaded and installed on the device.
    3. Validate that the ADEM Agent on your NGFW is connected to the correct portal.
      1. Select MonitorLogs.
      2. Select the most recent log.
    4. Verify that ADEM registers the NGFW as a remote site.
      1. Launch Strata Cloud Manager.
      2. Select System SettingsAccess Experience ManagementRemote Site Experience Management.
      3. Check that the site appears and shows up as Online.
    5. In Strata Cloud Manager, select ConfigurationNGFW and Prisma Access.
    6. From Configuration Scope, select Remote Networks and click Remote Networks from Prisma Access Infrastructure Setup.
    7. In Remote Networks Setup, under the Autonomous DEM column, to enable Remote Networks on a Compute Location, move its slider to the right until it turns blue.
    8. Now you are ready to View Application Experience for NGFW Remote Sites.

    © 2026 Palo Alto Networks, Inc. All rights reserved.