Use Legacy Scripts to Retrieve IP Addresses
Focus
Focus
Prisma Access

Use Legacy Scripts to Retrieve IP Addresses

Table of Contents

Use Legacy Scripts to Retrieve IP Addresses

Learn about the legacy scripts you can use to retrieve
Prisma Access
IP and loopback addresses.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Panorama Managed)
  • Prisma Access
    license
The commands described in this section are superseded by a newer API script as of
Prisma Access
1.5; however, they are still supported when you need to obtain the loopback address, or for deployments that use them in scripts or other automated tools.
The following table shows the keywords and parameters that are available in the legacy API scripts used with
Prisma Access
, and provides information and recommendations about which API to use for the type of deployment you have.
These legacy commands also retrieve
public IP
and
egress IP
addresses; however, Palo Alto Networks recommends that you use the newer API script to retrieve these commands and only use the legacy API to retrieve the loopback IP addresses.
  • A
    public IP address
    is the source IP address that
    Prisma Access
    uses for requests made to an internet-based source. Add the public IP address to an allow list in your network to give
    Prisma Access
    to internet resources such as SaaS applications or publicly accessible partner applications.
    Mobile user, remote network, and clean pipe deployments use public IP addresses.
  • An
    egress IP address
    is an IP address that
    Prisma Access
    uses for egress traffic to the internet, and you must also add these addresses to an allow list to give Prisma Access access to internet resources.
    Among other purposes,
    Prisma Access
    uses egress IP addresses so that users receive web pages in the language they expect from a
    Prisma Access
    location. All locations have public IP addresses; however, not all locations have egress IP addresses. The following locations do not use egress IP addresses:
    • Any locations that you added before the release of
      Prisma Access
      1.4.
    • Bahrain
    • Belgium
    • France North
    • France South
    • Hong Kong
    • Ireland
    • South Korea
    • Taiwan
    • United Kingdom
    Mobile user, remote network, and clean pipe deployments use egress IP addresses.
Commands Used in Mobile User Deployments
Command Name
Comments
get_egress_ip_all=yes
command
curl -H header-api-key:
Current-API-Key
"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?get_egress_ip_all=yes
This command retrieves all the IP addresses that you add to an allow list to give
Prisma Access
to internet resources such as SaaS applications or publicly accessible partner applications. This command has the following constraints:
  • This command can retrieve a large number of addresses (more than 200). If your enterprise cannot add this number of IP addresses to an allow list, you can use the
    gpcs_gp_gw
    and
    gpcs_gp_portal
    keywords to retrieve only the IP addresses you are currently using; however you will have to rerun these commands every time you add a location. In addition, if a scaling event occurs, you will need to the new IP addresses to an allow list.
  • Prisma Access
    does not list the locations that are associated with these IP addresses; therefore, we recommend that you all the IP addresses that are returned with this command to an allow list.
  • This command does not give you loopback addresses.
gpcs_gp_gw
and
gpcs_gp_portal
keywords
curl -H header-api-key:
Current-API-Key
"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=
gpcs_gp_gw
|
gpcs_gp_portal
&addrType=
public_ip
|
egress_ip_list
|
loopback_ip
"
Use this command if your deployment limits the amount of IP addresses you can add to an allow list. You must add all IP addresses returned with this command to an allow list in your network. You can also retrieve the loopback IP addresses with this command.
Commands Used In Remote Network Deployments
Command Name
Comments
gpcs_remote_network
keyword
curl -H header-api-key:
Current-API-Key
"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=
gpcs_remote_network
&addrType=
public_ip
|
egress_ip_list
|
loopback_ip
"
Use this command to find the IP addresses that you need to add to an allow list for remote network deployments.
You can also use this command to find the egress IP addresses for remote network deployments; the egress and IP addresses can be different in some situations.
Commands Used in Clean Pipe Deployments
Command Name
Comments
gpcs_clean_pipe
keyword
curl -H header-api-key:
Current-API-Key
"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=
gpcs_clean_pipe
&addrType=
public_ip
|
egress_ip_list
|
loopback_ip
"
Use this command to find the IP addresses that you need to add to an allow list for clean pipe deployments.

Recommended For You