Common Services: License Activation, Subscription, & Tenant Management
    : Prisma SASE FedRAMP Moderate and High "In Process" FQDNs
    Focus
    Download PDF
    Focus
    1. Home
    2. Common Services
    3. Common Services: License Activation, Subscription, & Tenant Management
    4. Prisma SASE FedRAMP Moderate and High "In Process" Requirements and Activation
    5. Prisma SASE FedRAMP Moderate and High "In Process" FQDNs
    Download PDF

    Common Services: License Activation, Subscription, & Tenant Management

    Prisma SASE FedRAMP Moderate and High "In Process" FQDNs

    Table of Contents

    Prisma SASE FedRAMP Moderate and High "In Process" FQDNs

    Learn which fully qualified domains (FQDNs) are supported for use in Prisma SASE FedRAMP Moderate and High "In Process" environments.
    Because Palo Alto Networks enforces strict incoming Security policy rules for Prisma SASE FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of fully qualified domains (FQDNs) for the administrative users who will be accessing your environment. After you submit a support ticket with these FQDNs, customer services will create an allow list for them, which will let users log in from these FQDNs and access the environment.

    Moderate FQDNs

    The following are FedRAMP Moderate FQDNs.
    Product
    Domain
    ADEM (Panorama-managed only).
    Cloud-managed will have ADEM allow listed by default, so you don't need to configure it.
    • api-fed-mod-prod-1-us-central1.dem.prismaaccess.com
    • agents-fed-mod-prod-1-us-central1.dem.prismaaccess.com
    • probes-fed-mod-prod-1-us-central1.dem.prismaaccess.com
    • controller-fed-mod-prod-1-us-central1.dem.prismaaccess.com
    API Gateway
    https://api-usgov-mod.cloudmgmt.paloaltonetworks.com/
    App Services (Hub & CIE)
    • Hub
      apps.paloaltonetworks.com
    • Logging Service Portal
      logging-service.apps.paloaltonetworks.com
    • SASE Portal
      sase.paloaltonetworks.com
    • Auth Service
      auth.apps.paloaltonetworks.com
    • App Registry
      app-registry-service.apps.paloaltonetworks.com
    • Directory Sync Portal
      directory-sync.gov.apps.paloaltonetworks.com
    • Directory Sync API
      app-directory-sync.gov.apps.paloaltonetworks.com
    • Directory Sync Agent
      agent-directory-sync.gov.apps.paloaltonetworks.com
    • Cloud Auth
      cloud-auth.gov.apps.paloaltonetworks.com
    • Cloud Auth Service
      cloud-auth-service.gov.apps.paloaltonetworks.com
    • SCIM Sync Service
      scim-sync.gov.apps.paloaltonetworks.com
    CASB (SaaS API / SSPM)
    • https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
    • https://api.saas.pubsec-cloud.paloaltonetworks.com
    • https://app.saas.pubsec-cloud.paloaltonetworks.com
    • https://orchestrator-api.saas.pubsec-cloud.paloaltonetworks.com
    • https://authz.saas.pubsec-cloud.paloaltonetworks.com
    • https://filecache.saas.pubsec-cloud.paloaltonetworks.com
    CASB (SaaS Inline)
    • https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
    • https://api-prod-us.saas-inline.pubsec-cloud.paloaltonetworks.com
    Cloud Management
    • admin-mod-prod.gov.panorama.paloaltonetworks.com
    • paas-1-mod-prod.gov.panorama.paloaltonetworks.com
    • 35.232.6.182
    • 34.170.216.242
    Cortex Data Lake
    • Source IP Addresses for Log Forwarding
      34.67.50.64/28
    • Firewall Log Ingestion
      firewall-gov.gov.cdl.paloaltonetworks.com
      Port 3978
      *.in2-lc-prod-gov-us.gpcloudservice.com
      Port 3978
    • Enhanced Application Log Ingestion
      fei-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 443
    • *.fei-lc-prod-gov-us.gpcloudservice.com
      Port 444
    • Telemetry and GlobalProtect Troubleshooting Log Ingestion
      br-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 443
      storage.googleapis.com
      Port 443
    • Log Access from Panorama
      pcl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 444
      cdl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 443
      *.api2-lc-prod-gov-us.gpcloudservice.com
      Port 444
    DLP
    https://gov.dlp.pubsec-cloud.paloaltonetworks.com
    Insights
    • HTTPS: pa-usgov01.api.prismaaccess.com
    • MTLS: pa-service-api-usgov01.api.prismaaccess.com
    IoT
    • https://fedramp-banff-api-elb.iot-gov.paloaltonetworks.com
    • 34.208.130.221
    • 52.11.205.69
    • 44.236.140.29
    Lumos V&R
    • api.mod.prod.reporting.paloaltonetworks.com
    • 34.29.53.115
    Prisma SASE Multitenant Portal
    • https://pa-us01.api.prismasasegov.com/api/cloud/2.0/agg
    • https://api.paloaltonetworks.com/mt/monitor/v1/agg with x-panw-region header as gov
    Prisma SD-WAN
    *.prismasasegov.com
    Panorama
    Cortex Data Lake
    -gov1.us1.cent1.gov.
    Cortex Data Lake
    .paloaltonetworks.com
    *.api2-lc-prod-gov.gpcloudservice.com
    *.fei-lc-prod-gov.gpcloudservice.com
    Br-gov1.us1.cent1.gov.
    Cortex Data Lake
    .paloaltonetworks.com
    Lic.lc.prod.us.cs.paloaltonetworks.com
    api.us1.cent1.gov.
    Cortex Data Lake
    .paloaltonetworks.com
    sdwanapps-pa-panorama-autofedramptf.hood.cloudgenix.com
    sdwanapps-pa-panorama.rogers.prismasasegov.com
    sdwanapps-pa-panorama.campbel.prismasasegov.com
    PanOS Cloud Component
    • hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
    • enforcer.hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
    • iot.services-edge.pubsec-cloud.paloaltonetworks.com
    • enforcer.iot.services-edge.pubsec-cloud.paloaltonetworks.com
    Wildfire
    • http://pubsec-cloud.wildfire.paloaltonetworks.com/
    • 35.230.63.175

    High "In Process" FQDNs

    The following are FedRAMP High "In Process" FQDNs.
    Product
    Domain
    ADEM
    *.prismasasegov.com
    API Gateway
    api-usgov.cloudmgmt.paloaltonetworks.com
    Cortex Data Lake
    • United States Government (High) Source IP Addresses for Log Forwarding
      34.132.154.128/28
    • Firewall Log Ingestion
      Firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 3978
      *.in2-lc-prod-gov-us.gpcloudservice.com
      Port 3978
    • Enhanced Application Log Ingestion
      Fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.fei-lc-prod-gov-us.gpcloudservice.com
      Port 444
    • Telemetry and GlobalProtect Troubleshooting Log Ingestion
      br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • Storage.googleapis.com
      Port 443
    • Log Access from Panorama
      Pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 444
    • Cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.api2-lc-prod-gov-us.gpcloudservice.com
      Port 444
    • License and Tenant Mapping Check
      lic.lc.prod.us.cs.paloaltonetworks.com
      Port 444
      registry.highgov.cdl.paloaltonetworks.com
      Port 443
    • Firewall Log Ingestion
      firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 3978
    • *.in2-lc-prod-gov-us.gpcloudservice.com
      Port 3978
    • Enhanced Application Log Ingestion
      fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.fei-lc-prod-gov-us.gpcloudservice.com Port 444
    • Telemetry and GlobalProtect Troubleshooting Log Ingestion
      br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • storage.googleapis.com
      Port 443
    • Log Access from Panorama
      pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 444
    • cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.api2-lc-prod-gov-us.gpcloudservice.com
      Port 444
    CIE/DSS
    *.paloaltonetworks.us
    Cloud Management
    [ul]admin.gov.panorama.paloaltonetworks.com paas-1.gov.panorama.paloaltonetworks.com
    DLP
    [ul]gov.dss.paloaltonetworks.comui-gov.dss.paloaltonetworks.comapi.dlp.paloaltonetworks.comvault-fh.dss.paloaltonetworks.commongoe-fh0.dss.paloaltonetworks.commongoe-fh1.dss.paloaltonetworks.commongoe-fh2.dss.paloaltonetworks.commongodb-fh-prod.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh0.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh1.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh2.dss.paloaltonetworks.com_mongodb._tcp.mongodb-fh-prod.dss.paloaltonetworks.com
    hub
    fed.apps.paloaltonetworks.us
    Insights
    *.prismasasegov.com
    IoT Security
    https://fedramp-banff-pentest1.iot-gov.paloaltonetworks.com
    Panorama
    Cortex Data Lake
    -gov1.us1.cent1.gov.
    Cortex Data Lake
    .paloaltonetworks.com
    *.api2-lc-prod-gov.gpcloudservice.com
    *.fei-lc-prod-gov.gpcloudservice.com
    Br-gov1.us1.cent1.gov.
    Cortex Data Lake
    .paloaltonetworks.com
    Lic.lc.prod.us.cs.paloaltonetworks.com
    api.us1.cent1.gov.
    Cortex Data Lake
    .paloaltonetworks.com
    sdwanapps-pa-panorama-autofedramptf.hood.cloudgenix.com
    sdwanapps-pa-panorama.rogers.prismasasegov.com
    sdwanapps-pa-panorama.campbel.prismasasegov.com
    PanOS CC (Cloud Component)
    [ul]dlp.gov-hawkeye.services-edge.paloaltonetworks.comurlcat.gov-hawkeye.services-edge.paloaltonetworks.comace.gov-hawkeye.services-edge.paloaltonetworks.comenforcer.gov-hawkeye.services-edge.paloaltonetworks.com gov-hawkeye.services-edge.paloaltonetworks.com
    Prisma Access
    *.prismasasegov.com
    Prisma SASE Multitenant Portal
    *.prismasasegov.com
    Prisma SD-WAN
    *.prismasasegov.com
    SaaS
    [ul]https://ingestion-prod-us.gov.adv-saas-vis.paloaltonetworks.com/https://api-prod-us.gov.adv-saas-vis.paloaltonetworks.com/ https://*.gov.saasprod.paloaltonetworks.com/enforcer.gov-iot.services-edge.paloaltonetworks.comgov-iot.services-edge.paloaltonetworks.com
    Sase Portal
    fed.sase.paloaltonetworks.us
    Prisma SD-WAN
    *.prismasasegov.com
    Wildfire
    [ul]gov.wildfire.paloaltonetworks.usgvs.gov.wildfire.paloaltonetworks.us

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.