Enable ADEM in Cloud Managed Prisma Access for Remote Networks

To enable Autonomous DEM for Remote Networks in Cloud Managed Prisma Access:
  1. In your Cloud Managed app, select
    Manage
    Remote Networks
    Manage
    .
  2. In
    Remote Networks Setup
    , under the
    Autonomous DEM
    column, to enable Remote Networks on a
    Compute Location
    , move its slider to the right until it turns blue.
  3. Make sure you have security policy rules required to allow the GlobalProtect app to connect to the ADEM service and run the synthetic tests.
    The following screen shows you an example of what fields you need to configure.
    You must add the ADEM URLs to make the endpoints register to the ADEM portal.
    1. Add a security profile for your endpoint agent registration. You will need to create a security policy for it.
      Click
      Allow All Traffic for ADEM clients
      .
      The
      Allow All Traffic for ADEM Clients
      page opens.
    2. Add the ADEM URLs.
      To do so, click the
      +
      icon under
      Destination
      Addresses
      ADEM URL
      .
    3. The
      Address Groups
      page opens. Click the
      +
      icon under
      Address Entities
      Address
      .
      Add the following URLs one by one by clicking the
      +
      icon:
      • agents.dem.prismaaccess.com
      • agents.jp1.ap-northeast-1.dem.prismaaccess.com
      • agents.sg1.ap-southeast-1.dem.prismaaccess.com
      • agents.au1.ap-southeast-2.dem.prismaaccess.com
      • agents.ca1.ca-central-1.dem.prismaaccess.com
      • agents.eu1.eu-central-1.dem.prismaaccess.com
      • agents.uk1.eu-west-2.dem.prismaaccess.com
      • agents.us1.us-east-2.dem.prismaaccess.com
    4. To enable the app to connect to the ADEM service and to run the application tests, you must have a policy rule to allow the remote sites to connect to applications over HTTPS.
    5. To enable the app to run network monitoring tests, you must have a policy rule to allow ICMP and TCP traffic.
    6. (
      Optional
      ) If you plan to run synthetic tests that use HTTP, you must also have a security policy rule to allow the remote sites to access applications over HTTP.

Recommended For You