: Prisma SASE FedRAMP Moderate and High "In Process" FQDNs
Focus
Focus

Prisma SASE FedRAMP Moderate and High "In Process" FQDNs

Table of Contents

Prisma SASE FedRAMP Moderate and High "In Process" FQDNs

Learn which fully qualified domains (FQDNs) are supported for use in Prisma SASE FedRAMP Moderate and High "In Process" environments.
Because Palo Alto Networks enforces strict incoming Security policy rules for Prisma SASE FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of fully qualified domains (FQDNs) for the administrative users who will be accessing your environment. After you submit a support ticket with these FQDNs, customer services will create an allow list for them, which will let users log in from these FQDNs and access the environment.

Moderate FQDNs

The following are FedRAMP Moderate FQDNs.

High "In Process" FQDNs

The following are FedRAMP High "In Process" FQDNs.
Product
Domain
ADEM
*.prismasasegov.com
API Gateway
api-usgov.cloudmgmt.paloaltonetworks.com
Cortex Data Lake
  • United States Government (High) Source IP Addresses for Log Forwarding
    34.132.154.128/28
  • Firewall Log Ingestion
    Firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 3978
    *.in2-lc-prod-gov-us.gpcloudservice.com
    Port 3978
  • Enhanced Application Log Ingestion
    Fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.fei-lc-prod-gov-us.gpcloudservice.com
    Port 444
  • Telemetry and GlobalProtect Troubleshooting Log Ingestion
    br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • Storage.googleapis.com
    Port 443
  • Log Access from Panorama
    Pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 444
  • Cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.api2-lc-prod-gov-us.gpcloudservice.com
    Port 444
  • License and Tenant Mapping Check
    lic.lc.prod.us.cs.paloaltonetworks.com
    Port 444
    registry.highgov.cdl.paloaltonetworks.com
    Port 443
  • Firewall Log Ingestion
    firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 3978
  • *.in2-lc-prod-gov-us.gpcloudservice.com
    Port 3978
  • Enhanced Application Log Ingestion
    fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.fei-lc-prod-gov-us.gpcloudservice.com Port 444
  • Telemetry and GlobalProtect Troubleshooting Log Ingestion
    br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • storage.googleapis.com
    Port 443
  • Log Access from Panorama
    pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 444
  • cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.api2-lc-prod-gov-us.gpcloudservice.com
    Port 444
CIE/DSS
*.paloaltonetworks.us
Cloud Management
[ul]admin.gov.panorama.paloaltonetworks.com paas-1.gov.panorama.paloaltonetworks.com
DLP
[ul]gov.dss.paloaltonetworks.comui-gov.dss.paloaltonetworks.comapi.dlp.paloaltonetworks.comvault-fh.dss.paloaltonetworks.commongoe-fh0.dss.paloaltonetworks.commongoe-fh1.dss.paloaltonetworks.commongoe-fh2.dss.paloaltonetworks.commongodb-fh-prod.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh0.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh1.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh2.dss.paloaltonetworks.com_mongodb._tcp.mongodb-fh-prod.dss.paloaltonetworks.com
hub
fed.apps.paloaltonetworks.us
Insights
*.prismasasegov.com
IoT Security
https://fedramp-banff-pentest1.iot-gov.paloaltonetworks.com
Strata Multitenant Cloud Manager
*.prismasasegov.com
Panorama
Cortex Data Lake
-gov1.us1.cent1.gov.
Cortex Data Lake
.paloaltonetworks.com
*.api2-lc-prod-gov.gpcloudservice.com
*.fei-lc-prod-gov.gpcloudservice.com
Br-gov1.us1.cent1.gov.
Cortex Data Lake
.paloaltonetworks.com
Lic.lc.prod.us.cs.paloaltonetworks.com
api.us1.cent1.gov.
Cortex Data Lake
.paloaltonetworks.com
PanOS CC (Cloud Component)
[ul]dlp.gov-hawkeye.services-edge.paloaltonetworks.comurlcat.gov-hawkeye.services-edge.paloaltonetworks.comace.gov-hawkeye.services-edge.paloaltonetworks.comenforcer.gov-hawkeye.services-edge.paloaltonetworks.com gov-hawkeye.services-edge.paloaltonetworks.com
Prisma Access
*.prismasasegov.com
SaaS
[ul]https://ingestion-prod-us.gov.adv-saas-vis.paloaltonetworks.com/https://api-prod-us.gov.adv-saas-vis.paloaltonetworks.com/ https://*.gov.saasprod.paloaltonetworks.com/enforcer.gov-iot.services-edge.paloaltonetworks.comgov-iot.services-edge.paloaltonetworks.com
Sase Portal
fed.sase.paloaltonetworks.us
Prisma SD-WAN
*.prismasasegov.com
Wildfire
[ul]gov.wildfire.paloaltonetworks.usgvs.gov.wildfire.paloaltonetworks.us

Recommended For You