FedRAMP
Prisma SASE FedRAMP Moderate and High "In Process" FQDNs
Table of Contents
Prisma SASE FedRAMP Moderate and High "In Process" FQDNs
Learn which fully qualified domains (FQDNs) are supported for use in Prisma SASE
FedRAMP Moderate and High "In Process" environments.
Because Palo Alto Networks enforces strict incoming Security policy rules for Prisma SASE
FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of
fully qualified domains (FQDNs) for the administrative users who will be accessing your
environment. After you submit a support ticket with these FQDNs, customer services will
create an allow list for them, which will let users log in from these FQDNs and access
the environment.
Moderate FQDNs
The following are FedRAMP Moderate FQDNs.
Product | Domain |
|---|---|
ADEM |
|
API Gateway | https://api-usgov-mod.cloudmgmt.paloaltonetworks.com/ |
App Services (Hub & CIE) |
|
CASB (SaaS API / SSPM) |
|
CASB (SaaS Inline) |
|
Cloud Management |
|
Strata Logging Service |
|
DLP | https://gov.dlp.pubsec-cloud.paloaltonetworks.com |
Insights |
|
IoT |
|
Lumos V&R |
|
Prisma SASE Multitenant Portal |
|
Prisma SD-WAN | *.prismasasegov.com |
Panorama | Strata Logging Service -gov1.us1.cent1.gov.Strata Logging Service .paloaltonetworks.com*.api2-lc-prod-gov.gpcloudservice.com *.fei-lc-prod-gov.gpcloudservice.com Br-gov1.us1.cent1.gov. Strata Logging Service .paloaltonetworks.comLic.lc.prod.us.cs.paloaltonetworks.com api.us1.cent1.gov. Strata Logging Service .paloaltonetworks.comsdwanapps-pa-panorama-autofedramptf.hood.cloudgenix.com sdwanapps-pa-panorama.rogers.prismasasegov.com sdwanapps-pa-panorama.campbel.prismasasegov.com |
PanOS Cloud Component |
|
Wildfire |
|
High "In Process" FQDNs
The following are FedRAMP High "In Process" FQDNs.
Product | Domain |
|---|---|
ADEM | *.prismasasegov.com |
API Gateway | api-usgov.cloudmgmt.paloaltonetworks.com |
Strata Logging Service |
|
CIE/DSS | *.paloaltonetworks.us |
Cloud Management | [ul]admin.gov.panorama.paloaltonetworks.com
paas-1.gov.panorama.paloaltonetworks.com |
DLP | [ul]gov.dss.paloaltonetworks.comui-gov.dss.paloaltonetworks.comapi.dlp.paloaltonetworks.comvault-fh.dss.paloaltonetworks.commongoe-fh0.dss.paloaltonetworks.commongoe-fh1.dss.paloaltonetworks.commongoe-fh2.dss.paloaltonetworks.commongodb-fh-prod.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh0.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh1.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh2.dss.paloaltonetworks.com_mongodb._tcp.mongodb-fh-prod.dss.paloaltonetworks.com |
hub | fed.apps.paloaltonetworks.us |
Insights | *.prismasasegov.com |
IoT Security | https://fedramp-banff-pentest1.iot-gov.paloaltonetworks.com |
Prisma SASE Multitenant Portal | *.prismasasegov.com |
Panorama | Strata Logging Service -gov1.us1.cent1.gov.Strata Logging Service .paloaltonetworks.com*.api2-lc-prod-gov.gpcloudservice.com *.fei-lc-prod-gov.gpcloudservice.com Br-gov1.us1.cent1.gov. Strata Logging Service .paloaltonetworks.comLic.lc.prod.us.cs.paloaltonetworks.com api.us1.cent1.gov. Strata Logging Service .paloaltonetworks.com |
PanOS CC (Cloud Component) | [ul]dlp.gov-hawkeye.services-edge.paloaltonetworks.comurlcat.gov-hawkeye.services-edge.paloaltonetworks.comace.gov-hawkeye.services-edge.paloaltonetworks.comenforcer.gov-hawkeye.services-edge.paloaltonetworks.com
gov-hawkeye.services-edge.paloaltonetworks.com |
Prisma Access | *.prismasasegov.com |
SaaS | [ul]https://ingestion-prod-us.gov.adv-saas-vis.paloaltonetworks.com/https://api-prod-us.gov.adv-saas-vis.paloaltonetworks.com/
https://*.gov.saasprod.paloaltonetworks.com/enforcer.gov-iot.services-edge.paloaltonetworks.comgov-iot.services-edge.paloaltonetworks.com |
Sase Portal | fed.sase.paloaltonetworks.us |
Prisma SD-WAN | *.prismasasegov.com |
Wildfire | [ul]gov.wildfire.paloaltonetworks.usgvs.gov.wildfire.paloaltonetworks.us |