>
    Setup Prerequisites for Enterprise DLP
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Setup Prerequisites for Enterprise DLP
    Download PDF
    Enterprise DLP

    Setup Prerequisites for Enterprise DLP

    Table of Contents

    Setup Prerequisites for Enterprise DLP

    Ports, Fully Qualified Domain Names, and IP addressed required to enable Enterprise Data Loss Prevention (E-DLP).
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    Below are the full qualified domain names (FQDN), network ports, and IP addresses that must be allowed. These tables describe the network settings required to forward traffic for inspection and verdict rendering Enterprise Data Loss Prevention (E-DLP), as well as required network settings for specific Enterprise DLP features.

    Prerequisite Ports and FQDNs for Enterprise DLP

    Allow access to the following IP addresses and open ports required to successfully forward traffic to Enterprise Data Loss Prevention (E-DLP).
    Firewalls managed by a Panorama™ management server or Strata Cloud Manager need to access the following FQDNs and ports open on the network to successfully forward traffic for inspection by the DLP cloud service.
    FQDNsPorts
    • http://ocsp.paloaltonetworks.com
    • http://crl.paloaltonetworks.com
    • http://ocsp.godaddy.com
    • http://crl.godaddy.com
    		TCP 80
    • https://api.paloaltonetworks.com
    • https://apitrusted.paloaltonetworks.com
    • certificatetrusted.paloaltonetworks.com
    • certificate.paloaltonetworks.com
    • hawkeye.services-edge.paloaltonetworks.com
    • dlp.hawkeye.services-edge.paloaltonetworks.com
    • ace.hawkeye.services-edge.paloaltonetworks.com
    • urlcat.hawkeye.services-edge.paloaltonetworks.com
    • enforcer.hawkeye.services-edge.paloaltonetworks.com
    		TCP 443

    Prerequisite IP Addresses for Enterprise DLP Evidence Storage

    Allow access to the IP addresses required to save evidence for investigative analysis with Enterprise Data Loss Prevention (E-DLP).
    Allow access to the following IP addressed on the hypervisor where you created the evidence storage bucket to automatically store files scanned by the DLP cloud service that match your Enterprise DLP data profile for firewalls managed by Panorama or Strata Cloud Manager.
    • You must allow the Default IP addresses to successfully connect your evidence storage bucket to Enterprise DLP.
    • To automatically store inspected files, the IP addresses you need to allow access for are dependent on region or zone where the file will be scanned by Enterprise DLP.
    • To download stored files from your evidence storage bucket, you may also need to allow the specific user IP addresses as well. If your organization uses a virtual private network (VPN), you must allow the subnets allowed to download files from your evidence storage bucket.
    Evidence Storage and Syslog Forwarding require you allow the same IP addresses on your network. You don't need to allow any region-specific IP addresses for Evidence Storage if already allowed for Syslog Forwarding.
    RegionIP Address
    Australia
    13.54.198.248
    52.63.9.154
    34.87.236.168
    Canada
    15.222.125.234
    99.79.19.33
    34.118.182.133
    France
    15.237.145.165
    13.36.207.215
    34.155.50.15
    Germany
    3.123.172.116
    52.59.186.42
    35.198.73.41
    India
    15.207.246.3
    3.108.103.214
    34.47.134.16
    Japan
    3.115.43.201
    35.72.148.77
    35.74.96.38
    52.68.52.77
    34.84.142.203
    Singapore
    13.228.151.58
    52.74.82.77
    34.142.217.106
    U.K
    13.43.141.10
    18.169.44.228
    35.177.5.4
    52.56.54.90
    (London, England) 35.197.230.50
    (Default) U.S.A
    3.230.176.219
    3.226.106.173
    18.190.146.204
    3.16.224.253
    34.223.123.78
    52.27.148.95
    34.118.182.133
    35.247.194.54
    34.135.174.89
    34.173.206.52
    34.172.74.250
    34.48.104.244
    35.197.73.227
    34.94.161.165
    34.66.246.164
    35.225.238.124
    35.223.231.169
    34.58.60.130
    35.238.28.62
    34.67.76.48
    104.154.217.19
    35.202.179.253
    34.123.101.142

    IP Addresses for Syslog Forwarding

    Allow the IP addresses required to forward DLP incident syslogs from Enterprise Data Loss Prevention (E-DLP) to manage and create workflows.
    Allow the following IP addresses on your network to successfully forward Enterprise Data Loss Prevention (E-DLP) incidents syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to effectively triage, review, and resolve data security risks that occur in your organization. To forward DLP incident syslogs, the IP addresses you need to allow access for are dependent on region or zone where the file will be scanned by Enterprise DLP.
    Evidence Storage and Syslog Forwarding require you allow the same IP addresses on your network. You don't need to allow any region-specific IP addresses for Syslog Forwarding if already allowed for Evidence Storage.
    RegionIP Address
    Australia
    13.54.198.248
    52.63.9.154
    34.87.236.168
    Canada
    15.222.125.234
    99.79.19.33
    34.118.182.133
    France
    15.237.145.165
    13.36.207.215
    34.155.50.15
    Germany
    3.123.172.116
    52.59.186.42
    35.198.73.41
    India
    15.207.246.3
    3.108.103.214
    34.47.134.16
    Japan
    3.115.43.201
    35.72.148.77
    35.74.96.38
    52.68.52.77
    34.84.142.203
    Singapore
    13.228.151.58
    52.74.82.77
    34.142.217.106
    U.K
    13.43.141.10
    18.169.44.228
    35.177.5.4
    52.56.54.90
    (London, England) 35.197.230.50
    (Default) U.S.A
    3.230.176.219
    3.226.106.173
    18.190.146.204
    3.16.224.253
    34.223.123.78
    52.27.148.95
    34.118.182.133
    35.247.194.54
    34.135.174.89
    34.173.206.52
    34.172.74.250
    34.48.104.244
    35.197.73.227
    34.94.161.165
    34.66.246.164
    35.225.238.124
    35.223.231.169
    34.58.60.130
    35.238.28.62
    34.67.76.48
    104.154.217.19
    35.202.179.253
    34.123.101.142

    Prerequisite FQDNs for Exact Data Matching (EDM)

    Fully Qualified Domain Names (FQDN) required to upload data sets for Exact Data Matching (EDM).
    To successfully create and upload data sets to the DLP cloud service and use Exact Data Matching (EDM), you must allow access to the following FQDNs on your network.
    • https://api.dlp.paloaltonetworks.com
    • https://auth.apps.paloaltonetworks.com
    • https://prod-edm-dataset-bucket.s3.us-west-2.amazonaws.com

    Prerequisites for Enterprise DLP End User Alerting with Cortex XSOAR

    The integrated platforms, supported applications, and configuration prerequisites required to use the Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR.
    Review the Palo Alto Networks product portfolio integration, supported application, and configuration prerequisites required to use Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR.
    Requirements
    Panorama (Palo Alto Networks Next-Generation Firewalls)
    Prisma Access (Managed by Panorama)
    Strata Cloud Manager
    PAN-OS Release
    • All PAN-OS versions that support Enterprise DLP
    • All Enterprise DLP plugin versions
    N/A
    Palo Alto Networks Product Portfolio Integration
    Cortex XSOAR
    Supported Applications
    Slack, Microsoft Teams, Email
    IP Mapping to Email Addresses
    Integrate AWS - Identity and Access Management, Integrate MSGraphAzure Users, Integrate Okta v2, Integrate PingOne, Integrate SailPoint IdentityIQ, or Integrate SailPoint IdentityNow

    © 2025 Palo Alto Networks, Inc. All rights reserved.