Known Issues—Autonomous DEM

Review the open issues in Autonomous Digital Experience Management (DEM).
These are the issues we’re currently working on.
ID
Description
DEM-2048
When performing a new installation of GlobalProtect 5.2.10 or later on an M1 MacBook device that does not have Rosetta 2 installed, the Autonomous DEM agent does not get installed even though the message that GlobalProtect displays indicates that the agent installed successfully.
Workaround:
Manually install Rosetta 2 on the M1 MacBook device and then refresh the GlobalProtect connection to enable GlobalProtect to re-initiate the install of the Autonomous DEM agent.
DEM-1457
On a Windows operating system running GlobalProtect version 5.2.8, if the endpoint is in a Trusted network with VPN tunnel established to the internal gateway, the ADEM portal displays the GlobalProtect status as
Connected-Internal
and VPN status as
Disabled
. The trend line shows a blue background indicating that the test was run while VPN was disabled.
DEM-105
Autonomous DEM does not run network performance tests to the service connection, and hence the network performance metrics are not measured for service connections. The service connection is included when tracing the network path from the endpoint to the application.
DEM-137
The license usage count that displays on
Settings
License Details
displays the number of unique endpoints that are connected to the Autonomous DEM service, instead of unique users. The license count is incremented based on number of endpoint agents connected.
DEM-183
When you install GlobalProtect app 5.2.6 on macOS devices, the pop-up prompt appears, prompting end users for administrative privileges to modify system settings.
Workaround
: Select
OK
so that the pop-up prompt does not appear again.
DEM-191
Synthetic tests from Prisma Access location vantage points are performed on all Prisma Access locations within a given region, even if you have not deployed the infrastructure to that specific location. You may see additional locations on the
Prisma Access Locations
page.
DEM-198
Prisma Access Locations
Topology View
does not visually identify the hop details.
DEM-238
If you have enabled SSL Decryption on Prisma Access, the endpoint agent cannot register to the Autonomous DEM portal successfully. To enable the endpoint agent to successfully connect and communicate with the ADEM portal, you must add the FDQN to an allow list. Note that the allow list is required only for endpoint agent and ADEM connectivity and is not required for synthetic tests; synthetic tests comply with the SSL Decryption policy.
Workaround
: You must add a policy rule with no decrypt for the DEM Portal FQDNs listed below so that the endpoint agent can register with the portal.
  • agents.dem.prismaaccess.com
  • agents.jp1.ap-northeast-1.dem.prismaaccess.com
  • agents.sg1.ap-southeast-1.dem.prismaaccess.com
  • agents.au1.ap-southeast-2.dem.prismaaccess.com
  • agents.ca1.ca-central-1.dem.prismaaccess.com
  • agents.eu1.eu-central-1.dem.prismaaccess.com
  • agents.uk1.eu-west-2.dem.prismaaccess.com
  • agents.us1.us-east-2.dem.prismaaccess.com
DEM-253
For applications that are being split tunneled, the synthetic test does not perform a trace path to display a hop-by-hop detailed topology on the
User
User Details
page for the specific application. The telemetry from the application and network performance tests are collected and available on Autonomous DEM.
GPC-13015
Autonomous DEM is not supported with Config Selection Criteria for device checks in the GlobalProtect portal configuration.
Workaround
: Do not use a certificate profile for
Device Selection Criteria
in your GlobalProtect portal configuration, to use Autonomous DEM for user experience and application performance monitoring.

Recommended For You