Enable ADEM in Cloud Managed Prisma Access for Remote Sites
Focus
Focus
FedRAMP

Enable ADEM in Cloud Managed Prisma Access for Remote Sites

Table of Contents

Enable ADEM in Cloud Managed Prisma Access for Remote Sites

To enable Autonomous DEM for Remote Networks in Cloud Managed Prisma Access:
  1. In your Cloud Managed app, select ManageRemote NetworksManage.
  2. In Remote Networks Setup, under the Autonomous DEM column, to enable Remote Networks on a Compute Location, move its slider to the right until it turns blue.
  3. Make sure you have security policy rules required to allow the GlobalProtect app to connect to the ADEM service and run the synthetic tests.
    The following screen shows you an example of what fields you need to configure.
    You must add the ADEM URLs to make the endpoints register to the ADEM portal.
    1. Add a security profile for your endpoint agent registration. You will need to create a security policy for it.
      Click Allow All Traffic for ADEM clients.
      The Allow All Traffic for ADEM Clients page opens.
    2. Add the ADEM URLs.
      To do so, click the + icon under DestinationAddressesADEM URL.
    3. The Address Groups page opens. Click the + icon under Address EntitiesAddress.
      Add the following URLs one by one by clicking the + icon:
      • FedRAMP High:
        • updates.dem.prismasasegov.com
        • agents.dem.prismasasegov.com
        • features.dem.prismasasegov.com
        • agents-il4-prod-us-central1.dem.prismasasegov.com
      • FedRAMP Moderate:
        • agents-fed-mod-prod-1-us-central1.dem.prismaaccess.com
        • updates-fed-mod-prod-1-us-central1.dem.prismaaccess.com
        • features-fed-mod-prod-1-us-central1.dem.prismaaccess.com
    4. To enable the app to connect to the ADEM service and to run the application tests, you must have a policy rule to allow the remote sites to connect to applications over HTTPS.
    5. To enable the app to run network monitoring tests, you must have a policy rule to allow ICMP and TCP traffic.
    6. (Optional) If you plan to run synthetic tests that use HTTP, you must also have a security policy rule to allow the remote sites to access applications over HTTP.