Retrieve Public, Loopback, and Egress IP Addresses

1. Get the API key and add an IP Change Event Notification URL where you can be notified of IP address changes in your Prisma Access infrastructure.

   See Get Notifications When Prisma Access IP Addresses Change for details.
2. Retrieve the public IP addresses, loopback IP addresses, or both for Prisma Access.

   Use the API key and the API endpoint URL either manually or in an automation script:

     header-api-key:Current
   API Key "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=$fwType&addrType=$addrType"

   where you need to replace Current API Key with your API key and use one or both of the following keywords and arguments:

   Keyword	Description
   fwType keyword
   gpcs_gp_gw	Retrieves Prisma Access gateway IP addresses (for mobile user deployments).
   gpcs_gp_portal	Retrieves Prisma Access portal IP addresses (for mobile user deployments).
   gpcs_remote_network	Retrieves Prisma Access remote network IP addresses (for remote network deployments).
   gpcs_clean_pipe	Retrieves Prisma Access Clean Pipe IP addresses.
   addrType keyword
   public_ip	Retrieves the source IP addresses that Prisma Access uses for requests made to an internet-based source. For mobile user locations, Prisma Access lists the IP addresses by location. For remote networks, Prisma Access lists the IP addresses by remote network name.
   egress_ip_list	Retrieves the IP addresses that Prisma Access uses with public IP addresses for additional egress traffic to the internet. For mobile user locations, Prisma Access lists the IP addresses by location. For remote networks, Prisma Access lists the IP addresses by remote network name.
   loopback_ip	Retrieves the source IP addresses used by Prisma Access for requests made to an internal source (for example, a RADIUS or Active Directory server), and is assigned from the infrastructure subnet.

   If you don’t specify a keyword, Prisma Access retrieves all IP addresses.

   For example, you can try the following Curl command to manually retrieve the list of public IP addresses for all remote networks:

   curl -H header-api-key:1234y9ydxb__0UmxetVTbC8XTyFMaoT4RBZBKBjfX419YVufeFG7 "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=gpcs_remote_network&addrType=public_ip"

   or use a simple python script to retrieve the list of all IP addresses, for example:

     #!/usr/bin/python
   import subprocess
   import json
   api_key = '1234y9ydxb__0UmxetVTbC8XTyFMaoT4RBZBKBjfX419YVufeFG7' # Replace with your key
   api_end_point = 'https://api.prod.datapath.prismaaccess.com/getAddrList/latest' # This call retrieves IP addresses for all your Prisma Access firewalls
   args = ['curl', '-k', '-H', 'header-api-key:' +  api_key, api_end_point]
   p = subprocess.Popen(args, stdout=subprocess.PIPE)
   output = p.communicate()
   dout = json.loads(output[0])
   addrStrList = dout['result']['addrList']
   addrList = []
   for addr_str in addrStrList:
       addrList.append(addr_str.split(":")[1])
   print(addrList)

3. Update the allow lists on your on-premises servers or SaaS application policy rules with the IP addresses you retrieved.