>
    Strata Copilot
    Prerequisite FQDNs for Exact Data Matching (EDM)
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Activation & Onboarding
    4. Setup Prerequisites for Enterprise DLP
    5. Prerequisite FQDNs for Exact Data Matching (EDM)
    Download PDF
    Enterprise DLP

    Prerequisite FQDNs for Exact Data Matching (EDM)

    Table of Contents

    Prerequisite FQDNs for Exact Data Matching (EDM)

    Fully Qualified Domain Names (FQDN) required to upload data sets for Exact Data Matching (EDM).
    To ensure General Data Protection Regulation (GDPR) compliance, the EDM CLI app hashes and encrypts EDM data sets before upload to the Enterprise DLP EDM data set storage bucket. The EDM CLI app first hashes the data set using the SHA256 hash function when you initiate an EDM data set upload. The EDM CLI app then encrypts the EDM data set using AES Symmetric encryption before beginning the EDM data set upload to the Enterprise DLP EDM data set storage bucket. The raw data in your EDM data sets never leave your organization's network, and Enterprise DLP does not store or have access to the raw EDM data set data. Enterprise DLP stores only hashed and encrypted EDM data set data in the EDM data set storage bucket. Review the Enterprise DLP Privacy Datasheet for more information about how Enterprise DLP captures, processes, and stores personal information.
    You need to allow the following FQDNs on your network to use EDM:
    • API Egressβ€”https://api.dlp.paloaltonetworks.com
      Required for commercial and FedRAMP users to allow egress access to Enterprise DLP EDM API and allow EDM functionality on your network.
    • EDM Client Authorizationβ€”https://auth.apps.paloaltonetworks.com
      Required for Enterprise DLP to authorize EDM client tokens for commercial and FedRAMP users.
    • (FedRAMP High only) FedRAMP High Authorizationβ€”https://auth.fed.apps.paloaltonetworks.us
      Required by FedRAMP High users to authorize Enterprise DLP EDM functionality on your network.
    • EDM Data Set Uploadsβ€”The country-specific Public API URL and Storage Bucket FQDNs where you want EDM data sets stored.
      You must allow both FQDNs to successfully upload hashed and encrypted EDM data sets or a data dictionary to an Enterprise DLP storage bucket.
    • Country Storage Buckets
      For EDM CLI app 3.5 or earlier, allow the region-specific Public API URL and the Default FQDN.
      For EDM CLI app 4.0 or later, allow the region-specific Public API URL and FQDN.
      Country
      Public API URL
      FQDN for EDM CLI App 3.5 or Earlier
      FQDN for EDM CLI App 4.0 or Later
      United States
      https://nam-west-oauth.dss.paloaltonetworks.com
      (Default) https://prod-edm-dataset-bucket.s3.us-west-2.amazonaws.com
      https://prod-edm-dataset-bucket-us-west-2.s3.us-west-2.amazonaws.com
      Australia
      https://au-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-ap-southeast-2.s3.ap-southeast-2.amazonaws.com
      Canada
      https://ca-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-ca-central-1.s3.ca-central-1.amazonaws.com
      France
      https://fr-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-eu-west-3.s3.eu-west-3.amazonaws.com
      Germany
      https://emea-oauth.dss.paloaltonetworks.com
      Not Supported
      		https://prod-edm-dataset-bucket-eu-central-1.s3.eu-central-1.amazonaws.com
      India
      https://in-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-ap-south-1.s3.ap-south-1.amazonaws.com
      Japan
      https://jp-saas-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-ap-northeast-1.s3.ap-northeast-1.amazonaws.com
      Singapore
      https://apac-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-.ap-southeast-1.s3.ap-southeast-1.amazonaws.com
      Switzerland
      https://sui-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-eu-central-2.s3.eu-central-2.amazonaws.com
      United Kingdom
      https://uk-oauth.dss.paloaltonetworks.com
      Not Supported
      https://prod-edm-dataset-bucket-eu-west-2.s3.eu-west-2.amazonaws.com
    • FedRAMP Storage Buckets
      Country
      Public API URL
      FQDN for EDM CLI App 3.5 or Earlier
      		FQDN for EDM CLI App 4.0 or Later
      FedRAMP Impact Level
      United States
      https://apigov.dlp.pubsec-cloud.paloaltonetworks.com
      https://fm-prod-edm-dataset-bucket.s3.us-gov-west-1.amazonaws.com
      https://fm-prod-edm-dataset-bucket-us-gov-west-1.s3.us-gov-west-1.amazonaws.com
      Moderate
      United States
      https://api-gov.dlp.paloaltonetworks.com
      https://prod-edm-dataset-bucket.s3.us-gov-west-1.amazonaws.com
      https://prod-edm-dataset-bucket-us-gov-west-1.s3.us-gov-west-1.amazonaws.com
      High

    © 2025 Palo Alto Networks, Inc. All rights reserved.