If you have enabled SSL Decryption on Prisma
Access, the endpoint agent cannot register to the Autonomous DEM
portal successfully. To enable the endpoint agent to successfully
connect and communicate with the ADEM portal, you must add the FDQN
to an allow list. Note that the allow list is required only for
endpoint agent and ADEM connectivity and is not required for synthetic tests;
synthetic tests comply with the SSL Decryption policy. You
must add a policy rule with no decrypt for the DEM Portal FQDNs
listed below so that the endpoint agent can register with the portal. - agents.dem.prismaaccess.com
- agents.jp1.ap-northeast-1.dem.prismaaccess.com
- agents.sg1.ap-southeast-1.dem.prismaaccess.com
- agents.au1.ap-southeast-2.dem.prismaaccess.com
- agents.ca1.ca-central-1.dem.prismaaccess.com
- agents.eu1.eu-central-1.dem.prismaaccess.com
- agents.uk1.eu-west-2.dem.prismaaccess.com
- agents.us1.us-east-2.dem.prismaaccess.com
- /etc/sudoers.d/‘palo_alto_networks_dem.tmp
- updates.dem.prismaaccess.com
- agents.in1.ap-south-1.dem.prismaaccess.com
|