The Autonomous Digital Experience Monitoring (ADEM) for Remote Networks agent is delivered natively from the Prisma SD-WAN 5.6.1 device. The ADEM for RN agent provides visibility into cloud infrastructure performance, application performance and user traffic monitoring. Analytics are viewed from the Prisma Access ADEM portal.

Prisma SD-WAN introduces the next generation ION 1200 series with integrated 5G and 4G cellular interfaces. The base platform includes 4 LAN/WAN ethernet interfaces. For more information, visit the Prisma SD-WAN.

Prisma SD-WAN introduces a new site summary dashboard which provides an information-rich display of branch related metrics. These include new metrics such as network health as well as existing network device and application metrics. Use the following new widgets to view branch related metrics:

Prisma SD-WAN supports a new event correlation alarm for standard VPNs. The ION devices raise the DEVICEHW_INTERFACE_DOWN alarm for service endpoint level issues which occur when a service link to a single endpoint goes down.

Starting with Release 5.6.1, when the ION device raises the DEVICEHW_INTERFACE_DOWN alarm for at least two standard VPN interfaces to the same service endpoint IP address, the controller raises the NETWORK_STANDARD_VPN_ENDPOINT_DOWN summary alarm while suppressing the contributing alarms.

Prisma SD-WAN supports Link Quality Monitoring (LQM) based path selection for all path types. The ION device aggregates the overlay LQM values between branches and data centers to compute the final LQM value for the internet underlay circuit or other required paths.

Configure the internet underlay link quality aggregation for link quality monitoring of one or more data centers.

Prisma SD-WAN supports stacked security policies to translate business security requirements into configurable security policy rules that determine connectivity and secure access. In addition to existing match criteria supported in Original Security Policies, stacked security policies will also include in-rule port and protocol match without the need to create an application definition.

To enhance the visibility of rule effectiveness both global and site level time series hit counters are available per-rule. To facilitate seamless migration from Original Security Policies, a clone function is available which will also include the prefix filters if applicable.

Prisma SD-WAN supports exporting of data via syslog over TLS. You can use the same syslog profile configuration across multiple ION devices. Create a syslog profile from the Prisma SD-WAN web interface to forward the collector logs as syslog messages to a syslog server.

Prisma SD-WAN provides enhanced device to controller connection visibility via the following:

Prisma SD-WAN branch ION devices support multicast routing for LAN interfaces. A branch ION device supports multicast on a maximum of 31 PIM interfaces, including VLAN sub-interfaces.

Configure multicast routing from Select the deviceRoutingMulticast.

Prisma SD-WAN supports telemetry and statistics for cellular ION devices. The Activity screen now includes the Cellular tab which displays statistical information on signal strength and statistics, traffic volume, technology and bandwidth usage, packet information, GPS location, and cellular tower switch information for cellular devices.

View the cellular module telemetry on the Prisma SD-WAN web interface to understand the cellular signal strength.

Starting with Prisma SD-WAN Release 5.6.1, you can toggle between non-FIPS to FIPS mode for the supported ION devices from the Prisma SD-WAN web interface (controller). When you enable FIPS mode, all cryptographic security parameters (CSPs), including the CIC certificate, are cleared and the device is rebooted. After reboot, the device comes up in FIPS approved mode of operation with a new CIC provisioned by the controller and FIPS functionality enabled on the device.

The ION device maintains minimal configurations and reboots when changing the mode:

Enable the FIPS mode on the Prisma SD-WAN web interface as shown in the image.

Supported devices in Release 5.6.1 are ION 1200, ION 1200-C-NA/ROW, and ION 1200-C5G-WW.