AI-Powered ADEM Administrator’s Guide
    : Enable ADEM in Panorama Managed Prisma Access for Remote Sites
    Focus
    Download PDF
    Focus
    1. Home
    2. Autonomous DEM
    3. AI-Powered ADEM Administrator’s Guide
    4. Get Started with Autonomous DEM
    5. Enable ADEM for Your Remote Sites
    6. Enable ADEM in Panorama Managed Prisma Access for Remote Sites
    Download PDF

    AI-Powered ADEM Administrator’s Guide

    Enable ADEM in Panorama Managed Prisma Access for Remote Sites

    Table of Contents

    Enable ADEM in Panorama Managed
    Prisma Access
     for Remote Sites

    If you have purchased the Remote Networks license when purchasing ADEM, you can allocate your Remote Networks bandwidth licenses on
    Prisma Access
     for each compute location.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Strata Cloud Manager
    • Prisma Access
       license
    • ADEM Observability
       license
    • Remote Networks license
    Based on your capacity planning, you allocate your Remote Networks bandwidth licenses on
    Prisma Access
     for each compute location. The unit of measure for bandwidth licenses is Mbps.
    Below are some points to consider when allocating bandwidth for ADEM:
    • When enabling ADEM on a compute location, the amount of ADEM bandwidth allocated on a compute location will mandatorily be equal to the bandwidth that you had already allocated for Remote Networks (see
      Bandwidth Allocation (Mbps)
       column) on
      Prisma Access
       for that compute location.
      As soon as you enable ADEM on a compute location, the same amount of bandwidth allocated for Remote Network is automatically deducted from the overall ADEM pool of bandwidth licenses (shown by
      Autonomous DEM
       Allocated Total
      ).
    • The
      Autonomous DEM
       Allocated Total
       shows you how much bandwidth has already been consumed by ADEM and how much is remaining.
    • For any compute location, you can
      Enable
       ADEM only if you have enough ADEM bandwidth license available in the overall ADEM bandwidth pool (shown in
      Autonomous DEM
       Allocated Total
      ) matching the allocated Remote Networks bandwidth. For example, if you are trying to
      Enable
       ADEM on a compute location where 100 Mbps of Remote Networks bandwidth is allocated, if your ADEM pool of licenses does not have at least 100 Mbps bandwidth available, you won't be able to enable ADEM on that compute location unless you add more ADEM bandwidth license to overall pool.
    • Also, when ADEM is enabled on a particular compute location, if you increase or decrease the amount of Remote Networks
      Bandwidth Allocation (Mbps)
       on that compute location, it will correspondingly increase or decrease the overall bandwidth in the ADEM pool of licenses (
      Autonomous DEM
       Allocated Total
      ).
    • When you
      Enable
       ADEM on a compute location, all the sites that connect to the compute location get ADEM enabled and those
      Prisma SD-WAN
       sites can connect to the ADEM portal. Hence all those sites can be monitored.
    • After you have enabled ADEM on a compute location, if you would like to free up some ADEM bandwidth to allocate to some other compute location, you can deselect the
      Enable
       check box. Doing so will release that bandwidth back to the ADEM pool of licenses, but it will also disable ADEM on the compute location which results in synthetic test monitoring to be stopped on all sites connected to that compute location.
    To enable
    Autonomous DEM
     for the compute location, follow these steps:
    1. Open Panorama.
    2. In the left panel, expand
      Cloud Services
       and select
      Configuration
      Remote Networks
      .
    3. Edit the
      Aggregate Bandwidth and
      Autonomous DEM
       Settings
      .
    4. Enable
       the compute locations for which to allocate the bandwidth for ADEM.
      The
      Autonomous DEM
       Allocation
       column will be visible only if you have purchased the ADEM for Remote Networks license.
    5. Click
      OK
      .
    6. Add the following URLs to make the SD-WAN site register to the ADEM portal:
      1. In Panorama, go to
        Objects
        addresses
        . Click on
        Add
         and add the following ADEM Service Destination FQDNs.
        • agents.dem.prismaaccess.com
        • updates.dem.prismaaccess.com
        • agents-prod1-us-west2.dem.prismaaccess.com
        • agents-sg1-asia-southeast1.dem.prismaaccess.com
        • agents-au1-australia-southeast1.dem.prismaaccess.com
        • agents-jp1-asia-northeast1.dem.prismaaccess.com
        • agents-ca1-northamerica-northeast1.dem.prismaaccess.com
        • agents-eu1-europe-west4.dem.prismaaccess.com
        • agents-uk1-europe-west2.dem.prismaaccess.com
        • agents-in1-asia-south1.dem.prismaaccess.com
        • agents-de1-europe-west3.dem.prismaaccess.com
        • agents-stg1-us-west2.dem.prismaaccess.com
        • agents-stg2-us-west2.dem.prismaaccess.com
        • agents-ch1-europe-west6.dem.prismaaccess.com
        • agents-fr1-europe-west9.dem.prismaaccess.com
        • agents-es1-europe-southwest1.dem.prismaaccess.com
        • agents-pl1-europe-central2.dem.prismaaccess.com
      2. Create an address group to contain the addresses above by going to
        Objects
        Address Groups
        , clicking
        Add
         and providing a name for the address group.
      3. Add the address group you just created into the security policy. Go to
        Policies
        Security
        PreRules
        . Click
        Add
         and add the address group to the policy.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.