Enable ADEM in Cloud Managed Prisma Access for Remote Sites

In your Cloud Managed app, select
Manage
Remote Networks
Manage
.
In
Remote Networks Setup
, under the
Autonomous DEM
column, to enable Remote Networks on a
Compute Location
, move its slider to the right until it turns blue.
Make sure you have security policy rules required to allow the GlobalProtect app to connect to the ADEM service and run the synthetic tests.
The following screen shows you an example of what fields you need to configure.

You must add the ADEM URLs to make the endpoints register to the ADEM portal.
Add a security profile for your endpoint agent registration. You will need to create a security policy for it.
Click
Allow All Traffic for ADEM clients
.

The
Allow All Traffic for ADEM Clients
page opens.
Add the ADEM URLs.
To do so, click the
+
icon under
Destination
Addresses
ADEM URL
.

The
Address Groups
page opens. Click the
+
icon under
Address Entities
Address
.

Add the following URLs one by one by clicking the
+
icon:
agents.dem.prismaaccess.com
agents.jp1.ap-northeast-1.dem.prismaaccess.com
agents.sg1.ap-southeast-1.dem.prismaaccess.com
agents.au1.ap-southeast-2.dem.prismaaccess.com
agents.ca1.ca-central-1.dem.prismaaccess.com
agents.eu1.eu-central-1.dem.prismaaccess.com
agents.uk1.eu-west-2.dem.prismaaccess.com
agents.us1.us-east-2.dem.prismaaccess.com
updates.dem.prismaaccess.com
agents.in1.ap-south-1.dem.prismaaccess.com
To enable the app to connect to the ADEM service and to run the application tests, you must have a policy rule to allow the remote sites to connect to applications over HTTPS.
To enable the app to run network monitoring tests, you must have a policy rule to allow ICMP and TCP traffic.
(
Optional
) If you plan to run synthetic tests that use HTTP, you must also have a security policy rule to allow the remote sites to access applications over HTTP.