Known Issues—Autonomous DEM

Review the open issues in Autonomous Digital Experience Management (DEM).
These are the issues we’re currently working on.
If a user belongs to multiple user groups, then The
Mobile Users Group
filter on the
page returns applications assigned to all groups that the user belongs to, not just the selected group in the filter.
When custom apps are deleted from Prisma Access, they still display in the Autonomous DEM portal.
Occasionally, when you update an existing Mobile User group on the firewall by adding or removing users to the group, your update does not display in Panorama.
When ADEM is accessed from the Prisma Access App, only those security groups currently used in one or more security policies are displayed. On Panorama LDAP, all user groups are displayed.
The application score that is displayed on the "Global Distribution of Application Experience Scores for Remote Sites" does not match the score on the Remote Sites page. The first score is an average score filtered by location. The second score (Remote Sites) is an average of the average score for each remote site.
Results from traceroute tests that take more than 5 minutes to process may not be visible in the UI for the polling interval. The results should appear in the UI for the subsequent polling interval. This is most likely to occur when you have many tests configured.
If you upgrade your ADEM agent either via auto-upgrade from the ADEM portal or by pushing the agent using MDM, and then switch to an ADEM disabled GP portal, the ADEM agent is uninstalled as expected. However, if you then switch back to an ADEM enabled GP portal, the upgraded ADEM agent is not reinstalled. Instead, the older, pre-upgrade, ADEM agent is installed.
Any ADEM license changes for Remote Networks (For example, SPN bandwidth allocations) can take between 1 to 4 hours to reflect in the UI.
If you navigate to the
Users List
page by clicking the link for a user on the
details page, the User list table displays all the users regardless of the filters applied. If you apply the same filters on the
Users List
page directly (without navigating to the page from the
details page), the table gets updated correctly.
Apply the same filters on the
Users List
page directly (without navigating to the page from the
details page).
If you apply a filter on a details page (for example,
details page), that filter is retained when you navigate to another page (for example, the
page) from the left navigation menu. Even though the data on the navigated page shows a filtered view, the filter option itself does not indicate that a filter has been applied. It gives you the impression that the data displayed is unfiltered data.
When logging into ADEM as a Data Security Manager, the page fails to load displaying the following error:“Maximum update depth exceeded. This can happen when a component repeatedly calls setState inside componentWillUpdate or componentDidUpdate. React limits the number of nested updates to prevent infinite loops.”
When you have 200K ADEM agents or more, the
page in ADEM fails to load. This is an intermittent issue and is typically observed when multiple users are trying to access the
page in parallel.
Refresh the page or try re-logging into ADEM.
After selecting Application filter, the Location Details page fails to load the performance trends and path visualization tabs data.
When performing a new installation of GlobalProtect 5.2.10 or later on an M1 MacBook device that does not have Rosetta 2 installed, the Autonomous DEM agent does not get installed even though the message that GlobalProtect displays indicates that the agent installed successfully.
Manually install Rosetta 2 on the M1 MacBook device and then refresh the GlobalProtect connection to enable GlobalProtect to re-initiate the install of the Autonomous DEM agent.
On a Windows operating system running GlobalProtect version 5.2.8, if the endpoint is in a Trusted network with VPN tunnel established to the internal gateway, the ADEM portal displays the GlobalProtect status as
and VPN status as
. The trend line shows a blue background indicating that the test was run while VPN was disabled.
Autonomous DEM does not run network performance tests to the service connection, and hence the network performance metrics are not measured for service connections. The service connection is included when tracing the network path from the endpoint to the application.
The license usage count that displays on
License Details
displays the number of unique endpoints that are connected to the Autonomous DEM service, instead of unique users. The license count is incremented based on number of endpoint agents connected.
When you install GlobalProtect app 5.2.6 on macOS devices, the pop-up prompt appears, prompting end users for administrative privileges to modify system settings.
: Select
so that the pop-up prompt does not appear again.
Synthetic tests from Prisma Access location vantage points are performed on all Prisma Access locations within a given region, even if you have not deployed the infrastructure to that specific location. You may see additional locations on the
Prisma Access Locations
Prisma Access Locations
Topology View
does not visually identify the hop details.
If you have enabled SSL Decryption on Prisma Access, the endpoint agent cannot register to the Autonomous DEM portal successfully. To enable the endpoint agent to successfully connect and communicate with the ADEM portal, you must add the FDQN to an allow list. Note that the allow list is required only for endpoint agent and ADEM connectivity and is not required for synthetic tests; synthetic tests comply with the SSL Decryption policy.
: You must add a policy rule with no decrypt for the DEM Portal FQDNs listed below so that the endpoint agent can register with the portal.
  • /etc/sudoers.d/‘palo_alto_networks_dem.tmp
For applications that are being split tunneled, the synthetic test does not perform a trace path to display a hop-by-hop detailed topology on the
User Details
page for the specific application. The telemetry from the application and network performance tests are collected and available on Autonomous DEM.

Recommended For You