Prisma Access Browser
Prisma Access Browser Prerequisites
Table of Contents
Expand All
|
Collapse All
Prisma Access Browser Docs
-
- Use the Prisma Access Browser Dashboards
- Digest Prisma Access Browser Home Screen Highlights
- Investigate Prisma Access Browser Events
- Account Protection for the Prisma Access Browser
- Manage Prisma Access Browser Users
- Manage Prisma Access Browser Applications
- Manage Prisma Access Browser Extensions
- Manage Prisma Access Browser Sign-in Rules
- Manage Prisma Access Browser Requests to Bypass Policy Rules
- Manage Rollback Control for the Prisma Access Browser
- Prisma Access Browser Remote Connections
- Location-based Policy
- The Prisma Access Browser Extension
-
- Integrate Prisma Access Browser with Microsoft 365
- Integrate Prisma Access Browser with Microsoft Information Protection
- Windows Account Based SSO Authentication
- Integrate Prisma Access Browser with Google Workspace
- Integrate Prisma Access Browser with Votiro
- Integrate Prisma Access Browser with CrowdStrike Falcon Intelligence
- Integrate Prisma Access Browser with OPSWAT MetaDefender
- Integrate Prisma Access Browser with YazamTech SelectorIT
- Integrate Prisma Access Browser with Symantec DLP
- IP Based Enforcement
- Certificate-Based Enforcement
- How Is Synched Data Stored?
Prisma Access Browser Prerequisites
Learn about the prerequisites for Prisma Access Secure Enterprise Browser (Prisma Access Browser),
including: system requirements, domains to allow, and IdP proxy requirements. The most
recent review of this document is Jan 19, 2025.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
System Requirements
Windows
- Windows 10 64-bitEffective October 14, 2025, Microsoft will discontinue support for Windows 10. After this date, they will no longer provide security updates, bug fixes, technical support, or feature enhancements.
- Windows 11 64-bit
- No admin privileges are required
macOS
- macOS Big Sur 11.0 or later.
- Intel x86 or Apple M1 and above
- No admin privileges are required
Android
- Android 12 and above with all security updates
iOS
- iOS 17.5 and above.
- iOS 18 if you need to access to Private Apps.
Domains to Allow
The Prisma Access Browser communicates with several domains. Please select
your region:
US Region
The following domains are for clients in the US region.
The following domains are for clients in the US region only:
- *.talon-sec.com
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.talon-sec.com
- login.talon-sec.com
- ext-proxy.talon-sec.com
- classifier-auf.talon-sec.com
- assets.talon-sec.com
- auth.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.prod-eks.talon-sec.com
- release-manager.prod-eks.talon-sec.com
- prod.talon-sec.com
- us-east-1.prod.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.talon-sec.com
- 3.88.246.246/32
- 3.231.124.107/32
- 18.159.163.147/32
- 3.73.9.244/32
- 3.73.9.169/32
- 3.123.106.233/32
- 3.68.54.94/32
- 35.85.101.56/32
- 54.214.168.174/32
- 44.238.8.92/32
- 54.184.95.247/32
- 52.207.65.93/32
- 50.19.8.101/32
- 3.222.196.200/32
- 54.71.84.74/32
- 3.65.70.29/32
- 3.78.96.210/32
- 76.223.24.47/32
- 13.248.159.237/32
EU Region
The following domains are for clients in the EU region.
The following domains are for clients in the EU region only:
- *.talon-sec.com
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.eu.talon-sec.com
- login.eu.talon-sec.com
- ext-proxy.eu.talon-sec.com
- classifier-auf.talon-sec.com
- assets.talon-sec.com
- auth.eu.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.prod-eks.talon-sec.com
- release-manager.prod-eks.talon-sec.com
- prod.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.talon-sec.com
- 18.198.253.83/32
- 3.65.70.29/32
- 3.78.96.210/32
UK Region
The following domains are for clients in the UK region.
The following domains are for clients in the UK region only:
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.uk.talon-sec.com
- classifier-auf.talon-sec.com
- assets.uk.talon-sec.com
- users-assets.uk.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.uk.talon-sec.com
- release-manager.uk.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.uk.talon-sec.com
- 13.41.242.15/32
- 52.56.102.103/32
- 3.10.30.181/32
JP Region
The following domains are for clients in the JP region.
The following domains are for clients in the JP region only:
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.jp.talon-sec.com
- classifier-auf.talon-sec.com
- assets.jp.talon-sec.com
- users-assets.jp.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.jp.talon-sec.com
- release-manager.jp.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.jp.talon-sec.com
- 52.193.120.181/32
- 54.238.70.133/32
- 54.249.249.246/32
AU Region
The following domains are for clients in the AU region.
The following domains are for clients in the AU region only:
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.au.talon-sec.com
- classifier-auf.talon-sec.com
- assets.au.talon-sec.com
- users-assets.au.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.jp.talon-sec.com
- release-manager.jp.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.au.talon-sec.com
- 13.239.129.80/32
- 3.24.186.57/32
- 54.253.28.146/32
SGP Region
The following domains are for clients in the SGP region.
The following domains are for clients in the SGP region only:
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.sgp.talon-sec.com
- classifier-auf.talon-sec.com
- assets.sgp.talon-sec.com
- users-assets.sgp.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.sgp.talon-sec.com
- release-manager.sgp.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.sgp.talon-sec.com
- 54.254.234.203/32
- 13.213.181.229/32
- 3.1.70.170/32
CA Region
The following domains are for clients in the CA region.
The following domains are for clients in the CA region only:
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.ca.talon-sec.com
- classifier-auf.talon-sec.com
- assets.ca.talon-sec.com
- users-assets.ca.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.ca.talon-sec.com
- release-manager.ca.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.ca.talon-sec.com
- 52.60.200.13/32
- 52.60.49.253/32
- 15.157.249.98/32
IN Region
The following domains are for clients in the IN region.
The following domains are for clients in the IN region only:
- pabrowser.com
- get.pabrowser.com
- in.api.wildfire.paloaltonetworks.com
Palo Alto Networks highly recommends that *.talon-sec.com be
used as a network requirement. If you need to exclude specific domains, please use
the following list:
- gateway.in.talon-sec.com
- classifier-auf.talon-sec.com
- assets.in.talon-sec.com
- users-assets.in.talon-sec.com
- installer.talon-sec.com
- updates.talon-sec.com
- bfe078e7921507bb.talon-sec.com
- sentry.in.talon-sec.com
- release-manager.in.talon-sec.com
The also needs to communicate with the following list of Domains and IPs for SSO
Enforcement:
- idp-proxy.jp.talon-sec.com
- 13.234.185.83/32
- 13.127.196.143/32
- 13.232.90.106/32
For Prisma Access customers utilizing Private App Access
*.prismaaccess.com
For Prisma Access customers leveraging SSH/RDP/VNC connections
*.panwpra.com