>
    Strata Copilot
    Prisma SASE FedRAMP High FQDNs
    Focus
    Download PDF
    Focus
    1. Home
    2. FedRAMP
    3. Prisma SASE FedRAMP Moderate and High Requirements
    4. Prisma SASE FedRAMP High FQDNs
    Download PDF
    FedRAMP

    Prisma SASE FedRAMP High FQDNs

    Table of Contents

    Prisma SASE FedRAMP High FQDNs

    Learn which fully qualified domains (FQDNs) are supported for use in Prisma SASE FedRAMP High environments.
    Because Palo Alto Networks enforces strict incoming Security policy rules for Prisma SASE FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of fully qualified domains (FQDNs) for the administrative users who will be accessing your environment. After you submit a support ticket with these FQDNs, customer services will create an allow list for them, which will let users log in from these FQDNs and access the environment.
    ProductDomain
    ADEM
    • api.dem.prismasasegov.com
    • api-il4-prod-us-central1.dem.prismasasegov.com
    • agents.dem.prismasasegov.com
    • agents-il4-prod-us-central1.dem.prismasasegov.com
    • probes.dem.prismasasegov.com
    • probes-il4-prod-us-central1.dem.prismasasegov.com
    • controller.dem.prismasasegov.com
    • controller-il4-prod-us-central1.dem.prismasasegov.com
    ADNSdns-fedh.service.paloaltonetworks.com
    In PAN-OS 12.2 (and later) ADNS includes APIs that are hosted by filemgr. Both sets of APIs (those hosted independently and managed by filemgr) work in tandem; you need to set the FQDN for both to target your respective environment. The FQDN for filemgr is hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com.
    API Gatewayhttps://api.highprod.prismasasegov.com/getPrismaAccessIP/v2
    Strata Logging Service
    • United States Government (High) Source IP Addresses for Log Forwarding
      34.132.154.128/28
    • Firewall Log Ingestion
      Firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 3978
      *.in2-lc-prod-gov-us.gpcloudservice.com
      Port 3978
    • Enhanced Application Log Ingestion
      Fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.fei-lc-prod-gov-us.gpcloudservice.com
      Port 444
    • Telemetry and GlobalProtect Troubleshooting Log Ingestion
      br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • Storage.googleapis.com
      Port 443
    • Log Access from Panorama
      Pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 444
    • Cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.api2-lc-prod-gov-us.gpcloudservice.com
      Port 444
    • License and Tenant Mapping Check
      lic.lc.prod.us.cs.paloaltonetworks.com
      Port 444
      registry.highgov.cdl.paloaltonetworks.com
      Port 443
    • Firewall Log Ingestion
      firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 3978
    • *.in2-lc-prod-gov-us.gpcloudservice.com
      Port 3978
    • Enhanced Application Log Ingestion
      fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.fei-lc-prod-gov-us.gpcloudservice.com Port 444
    • Telemetry and GlobalProtect Troubleshooting Log Ingestion
      br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • storage.googleapis.com
      Port 443
    • Log Access from Panorama
      pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 444
    • cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
      Port 443
    • *.api2-lc-prod-gov-us.gpcloudservice.com
      Port 444
    CIE/DSSagent-directory-sync.fed.apps.paloaltonetworks.us
    Cloud Management
    • admin.gov.panorama.paloaltonetworks.com
    • paas-1.gov.panorama.paloaltonetworks.com
    DLP
    • gov.dss.paloaltonetworks.com
    • ui-gov.dss.paloaltonetworks.com
    • api.dlp.paloaltonetworks.com
    • vault-fh.dss.paloaltonetworks.com
    • mongoe-fh0.dss.paloaltonetworks.com
    • mongoe-fh1.dss.paloaltonetworks.com
    • mongoe-fh2.dss.paloaltonetworks.com
    • mongodb-fh-prod.dss.paloaltonetworks.com
    • _mongodb._tcp.mongoe-fh0.dss.paloaltonetworks.com
    • _mongodb._tcp.mongoe-fh1.dss.paloaltonetworks.com
    • _mongodb._tcp.mongoe-fh2.dss.paloaltonetworks.com
    • _mongodb._tcp.mongodb-fh-prod.dss.paloaltonetworks.com
    hubfed.apps.paloaltonetworks.us
    Insights*.prismasasegov.com
    IoT Securityhttps://fedramp-banff-pentest1.iot-gov.paloaltonetworks.com
    Palo Alto Networks Hubfed.apps.paloaltonetworks.us
    Palo Alto Networks Supportsupport-fed.paloaltonetworks.us
    Prisma SASE Multitenant Portal*.prismasasegov.com
    Panorama
    Strata Logging Service-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    *.api2-lc-prod-gov.gpcloudservice.com
    *.fei-lc-prod-gov.gpcloudservice.com
    Br-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    Lic.lc.prod.us.cs.paloaltonetworks.com
    api.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    PanOS CC (Cloud Component)
    • dlp.gov-hawkeye.services-edge.paloaltonetworks.com
    • urlcat.gov-hawkeye.services-edge.paloaltonetworks.com
    • ace.gov-hawkeye.services-edge.paloaltonetworks.com
    • enforcer.gov-hawkeye.services-edge.paloaltonetworks.com
    • gov-hawkeye.services-edge.paloaltonetworks.com
    Prisma Access*.prismasasegov.com
    SaaS
    • https://ingestion-prod-us.gov.adv-saas-vis.paloaltonetworks.com/
    • https://api-prod-us.gov.adv-saas-vis.paloaltonetworks.com/
    • https://*.gov.saasprod.paloaltonetworks.com/
    • enforcer.gov-iot.services-edge.paloaltonetworks.com
    • gov-iot.services-edge.paloaltonetworks.com
    SASE Portalfed.sase.paloaltonetworks.us
    Prisma SD-WAN*.prismasasegov.com
    Wildfire
    • gov-cloud.wildfire.paloaltonetworks.com
    • govgvs.wildfire.paloaltonetworks.com

    © 2025 Palo Alto Networks, Inc. All rights reserved.