Known Issues—Autonomous DEM

Review the open issues in Autonomous Digital Experience Management (DEM).
These are the issues we’re currently working on.
ID
Description
DEM-3139
If a user belongs to multiple user groups, then The
Mobile Users Group
filter on the
Applications
page returns applications assigned to all groups that the user belongs to, not just the selected group in the filter.
DEM-3129
When custom apps are deleted from Prisma Access, they still display in the Autonomous DEM portal.
DEM-3094
Occasionally, when you update an existing Mobile User group on the firewall by adding or removing users to the group, your update does not display in Panorama.
DEM-3066
When ADEM is accessed from the Prisma Access App, only those security groups currently used in one or more security policies are displayed. On Panorama LDAP, all user groups are displayed.
DEM-2815
The application score that is displayed on the "Global Distribution of Application Experience Scores for Remote Sites" does not match the score on the Remote Sites page. The first score is an average score filtered by location. The second score (Remote Sites) is an average of the average score for each remote site.
DEM-2813
Results from traceroute tests that take more than 5 minutes to process may not be visible in the UI for the polling interval. The results should appear in the UI for the subsequent polling interval. This is most likely to occur when you have many tests configured.
DEM-2812
If you upgrade your ADEM agent either via auto-upgrade from the ADEM portal or by pushing the agent using MDM, and then switch to an ADEM disabled GP portal, the ADEM agent is uninstalled as expected. However, if you then switch back to an ADEM enabled GP portal, the upgraded ADEM agent is not reinstalled. Instead, the older, pre-upgrade, ADEM agent is installed.
DEM-2777
Any ADEM license changes for Remote Networks (For example, SPN bandwidth allocations) can take between 1 to 4 hours to reflect in the UI.
DEM-2762
If you navigate to the
Users List
page by clicking the link for a user on the
Application
details page, the User list table displays all the users regardless of the filters applied. If you apply the same filters on the
Users List
page directly (without navigating to the page from the
Application
details page), the table gets updated correctly.
Workaround:
Apply the same filters on the
Users List
page directly (without navigating to the page from the
Application
details page).
DEM-2760
If you apply a filter on a details page (for example,
User
details page), that filter is retained when you navigate to another page (for example, the
Summary
page) from the left navigation menu. Even though the data on the navigated page shows a filtered view, the filter option itself does not indicate that a filter has been applied. It gives you the impression that the data displayed is unfiltered data.
DEM-2717
When logging into ADEM as a Data Security Manager, the page fails to load displaying the following error:“Maximum update depth exceeded. This can happen when a component repeatedly calls setState inside componentWillUpdate or componentDidUpdate. React limits the number of nested updates to prevent infinite loops.”
DEM-2596
When you have 200K ADEM agents or more, the
Settings
page in ADEM fails to load. This is an intermittent issue and is typically observed when multiple users are trying to access the
Summary
page in parallel.
Workaround:
Refresh the page or try re-logging into ADEM.
DEM-2477
After selecting Application filter, the Location Details page fails to load the performance trends and path visualization tabs data.
DEM-2048
When performing a new installation of GlobalProtect 5.2.10 or later on an M1 MacBook device that does not have Rosetta 2 installed, the Autonomous DEM agent does not get installed even though the message that GlobalProtect displays indicates that the agent installed successfully.
Workaround:
Manually install Rosetta 2 on the M1 MacBook device and then refresh the GlobalProtect connection to enable GlobalProtect to re-initiate the install of the Autonomous DEM agent.
DEM-1457
On a Windows operating system running GlobalProtect version 5.2.8, if the endpoint is in a Trusted network with VPN tunnel established to the internal gateway, the ADEM portal displays the GlobalProtect status as
Connected-Internal
and VPN status as
Disabled
. The trend line shows a blue background indicating that the test was run while VPN was disabled.
DEM-105
Autonomous DEM does not run network performance tests to the service connection, and hence the network performance metrics are not measured for service connections. The service connection is included when tracing the network path from the endpoint to the application.
DEM-137
The license usage count that displays on
Settings
License Details
displays the number of unique endpoints that are connected to the Autonomous DEM service, instead of unique users. The license count is incremented based on number of endpoint agents connected.
DEM-183
When you install GlobalProtect app 5.2.6 on macOS devices, the pop-up prompt appears, prompting end users for administrative privileges to modify system settings.
Workaround
: Select
OK
so that the pop-up prompt does not appear again.
DEM-191
Synthetic tests from Prisma Access location vantage points are performed on all Prisma Access locations within a given region, even if you have not deployed the infrastructure to that specific location. You may see additional locations on the
Prisma Access Locations
page.
DEM-198
Prisma Access Locations
Topology View
does not visually identify the hop details.
DEM-238
If you have enabled SSL Decryption on Prisma Access, the endpoint agent cannot register to the Autonomous DEM portal successfully. To enable the endpoint agent to successfully connect and communicate with the ADEM portal, you must add the FDQN to an allow list. Note that the allow list is required only for endpoint agent and ADEM connectivity and is not required for synthetic tests; synthetic tests comply with the SSL Decryption policy.
Workaround
: You must add a policy rule with no decrypt for the DEM Portal FQDNs listed below so that the endpoint agent can register with the portal.
  • agents.dem.prismaaccess.com
  • agents.jp1.ap-northeast-1.dem.prismaaccess.com
  • agents.sg1.ap-southeast-1.dem.prismaaccess.com
  • agents.au1.ap-southeast-2.dem.prismaaccess.com
  • agents.ca1.ca-central-1.dem.prismaaccess.com
  • agents.eu1.eu-central-1.dem.prismaaccess.com
  • agents.uk1.eu-west-2.dem.prismaaccess.com
  • agents.us1.us-east-2.dem.prismaaccess.com
  • /etc/sudoers.d/‘palo_alto_networks_dem.tmp
  • updates.dem.prismaaccess.com
  • agents.in1.ap-south-1.dem.prismaaccess.com
DEM-253
For applications that are being split tunneled, the synthetic test does not perform a trace path to display a hop-by-hop detailed topology on the
User
User Details
page for the specific application. The telemetry from the application and network performance tests are collected and available on Autonomous DEM.

Recommended For You