NetSec FedRAMP Moderate FQDNs
Learn which fully qualified domains (FQDNs) are supported for use in NetSec FedRAMP
Moderate environments.
Because Palo Alto Networks enforces strict incoming Security policy rules for NetSec
FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of
fully qualified domains (FQDNs) for the administrative users who will be accessing your
environment. After you submit a support ticket with these FQDNs, customer services will
create an allow list for them, which will let users log in from these FQDNs and access
the environment.
The following are FedRAMP Moderate FQDNs.
| Product | Domain |
|---|
| CASB (SaaS API / SSPM) |
- https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
- https://api.saas.pubsec-cloud.paloaltonetworks.com
- https://app.saas.pubsec-cloud.paloaltonetworks.com
- https://orchestrator-api.saas.pubsec-cloud.paloaltonetworks.com
- https://authz.saas.pubsec-cloud.paloaltonetworks.com
- https://filecache.saas.pubsec-cloud.paloaltonetworks.com
|
| CASB (SaaS Inline) |
- https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
- https://api-prod-us.saas-inline.pubsec-cloud.paloaltonetworks.com
|
|
Cloud Management
|
- admin-mod-prod.gov.panorama.paloaltonetworks.com
- paas-1-mod-prod.gov.panorama.paloaltonetworks.com
- 35.232.6.182
- 34.170.216.242
|
| Strata Logging Service |
Source IP Addresses for Log Forwarding 34.67.50.64/28 Firewall Log Ingestion firewall-gov.gov.cdl.paloaltonetworks.com Port 3978 *.in2-lc-prod-gov-us.gpcloudservice.com Port 3978 Enhanced Application Log Ingestion fei-gov1.us1.cent1.gov.cdl.paloaltonetworks.com Port 443 *.fei-lc-prod-gov-us.gpcloudservice.com Port 444 Telemetry and GlobalProtect Troubleshooting Log Ingestion br-gov1.us1.cent1.gov.cdl.paloaltonetworks.com Port 443 storage.googleapis.com Port 443 Log Access from Panorama pcl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com Port 444 cdl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com Port 443 *.api2-lc-prod-gov-us.gpcloudservice.com Port 444
|
| DLP | https://gov.dlp.pubsec-cloud.paloaltonetworks.com |
| IoT |
- https://fedramp-banff-api-elb.iot-gov.paloaltonetworks.com
- 34.208.130.221
- 52.11.205.69
- 44.236.140.29
|
| Lumos V&R |
- api.mod.prod.reporting.paloaltonetworks.com
- 34.29.53.115
|
| Panorama |
- Strata Logging Service-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
- *.api2-lc-prod-gov.gpcloudservice.com
- *.fei-lc-prod-gov.gpcloudservice.com
- Br-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
- lic.lc.prod.us.cs.paloaltonetworks.com
- api.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
- sdwanapps-pa-panorama-autofedramptf.hood.cloudgenix.com
- sdwanapps-pa-panorama.rogers.prismasasegov.com
- sdwanapps-pa-panorama.campbel.prismasasegov.com
|
|
PanOS Cloud Component
|
- hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
- enforcer.hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
- iot.services-edge.pubsec-cloud.paloaltonetworks.com
- enforcer.iot.services-edge.pubsec-cloud.paloaltonetworks.com
|
| Advanced Wildfire |
- pubsec-cloud.wildfire.paloaltonetworks.com
- 35.230.63.175
|
