Use Legacy Scripts to Retrieve IP Addresses
Focus
Focus
Prisma Access

Use Legacy Scripts to Retrieve IP Addresses

Table of Contents

Use Legacy Scripts to Retrieve IP Addresses

Learn about the legacy scripts you can use to retrieve Prisma Access IP and loopback addresses.
Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
  • Prisma Access license
The commands described in this section are superseded by a newer API script as of Prisma Access 1.5; however, they are still supported when you need to obtain the loopback address, or for deployments that use them in scripts or other automated tools.
The following table shows the keywords and parameters that are available in the legacy API scripts used with Prisma Access, and provides information and recommendations about which API to use for the type of deployment you have.
These legacy commands also retrieve public IP and egress IP addresses; however, Palo Alto Networks recommends that you use the newer API script to retrieve these commands and only use the legacy API to retrieve the loopback IP addresses.
  • A public IP address is the source IP address that Prisma Access uses for requests made to an internet-based source. Add the public IP address to an allow list in your network to give Prisma Access to internet resources such as SaaS applications or publicly accessible partner applications.
    Mobile user, remote network, and clean pipe deployments use public IP addresses.
  • An egress IP address is an IP address that Prisma Access uses for egress traffic to the internet, and you must also add these addresses to an allow list to give Prisma Access access to internet resources.
    Among other purposes, Prisma Access uses egress IP addresses so that users receive web pages in the language they expect from a Prisma Access location. All locations have public IP addresses; however, not all locations have egress IP addresses. The following locations do not use egress IP addresses:
    • Any locations that you added before the release of Prisma Access 1.4.
    • Bahrain
    • Belgium
    • France North
    • France South
    • Hong Kong
    • Ireland
    • South Korea
    • Taiwan
    • United Kingdom
    Mobile user, remote network, and clean pipe deployments use egress IP addresses.
Commands Used in Mobile User Deployments
Command NameComments
get_egress_ip_all=yes command
curl -H header-api-key:Current-API-Key"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?get_egress_ip_all=yes
This command retrieves all the IP addresses that you add to an allow list to give Prisma Access to internet resources such as SaaS applications or publicly accessible partner applications. This command has the following constraints:
  • This command can retrieve a large number of addresses (more than 200). If your enterprise cannot add this number of IP addresses to an allow list, you can use the gpcs_gp_gw and gpcs_gp_portal keywords to retrieve only the IP addresses you are currently using; however you will have to rerun these commands every time you add a location. In addition, if a scaling event occurs, you will need to the new IP addresses to an allow list.
  • Prisma Access does not list the locations that are associated with these IP addresses; therefore, we recommend that you all the IP addresses that are returned with this command to an allow list.
  • This command does not give you loopback addresses.
gpcs_gp_gw and gpcs_gp_portal keywords
curl -H header-api-key:Current-API-Key"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=gpcs_gp_gw | gpcs_gp_portal&addrType=public_ip | egress_ip_list | loopback_ip"
Use this command if your deployment limits the amount of IP addresses you can add to an allow list. You must add all IP addresses returned with this command to an allow list in your network. You can also retrieve the loopback IP addresses with this command.
Commands Used In Remote Network Deployments
Command NameComments
gpcs_remote_network keyword
curl -H header-api-key:Current-API-Key"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=gpcs_remote_network &addrType=public_ip | egress_ip_list | loopback_ip"
Use this command to find the IP addresses that you need to add to an allow list for remote network deployments.
You can also use this command to find the egress IP addresses for remote network deployments; the egress and IP addresses can be different in some situations.
Commands Used in Clean Pipe Deployments
Command NameComments
gpcs_clean_pipe keyword
curl -H header-api-key:Current-API-Key"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=gpcs_clean_pipe&addrType=public_ip | egress_ip_list | loopback_ip"
Use this command to find the IP addresses that you need to add to an allow list for clean pipe deployments.