Prisma Access
Retrieve Public, Loopback, and Egress IP Addresses
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Retrieve Public, Loopback, and Egress IP Addresses
Use this script to retrieve public, loopback, and egress
IP addresses for Prisma Access mobile user deployments.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
This legacy script has been superseded by a by a newer script as of Prisma Access
1.5. Palo Alto Networks recommends that you use the newer script to retrieve all
IP addresses with the exception of loopback addresses.
To retrieve public, loopback,
and egress IP addresses, complete the following steps.
- Get the API key and add an IP Change Event Notification URL where you can be notified of IP address changes in your Prisma Access infrastructure.See Get Notifications When Prisma Access IP Addresses Change for details.Retrieve the public IP addresses, loopback IP addresses, or both for Prisma Access.Use the API key and the API endpoint URL either manually or in an automation script:
header-api-key:Current API Key "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=$fwType&addrType=$addrType"
where you need to replace Current API Key with your API key and use one or both of the following keywords and arguments:Keyword Description fwType keyword gpcs_gp_gwRetrieves Prisma Access gateway IP addresses (for mobile user deployments).gpcs_gp_portalRetrieves Prisma Access portal IP addresses (for mobile user deployments).gpcs_remote_networkRetrieves Prisma Access remote network IP addresses (for remote network deployments).gpcs_clean_pipeRetrieves Prisma Access Clean Pipe IP addresses.addrType keyword public_ipRetrieves the source IP addresses that Prisma Access uses for requests made to an internet-based source.For mobile user locations, Prisma Access lists the IP addresses by location. For remote networks, Prisma Access lists the IP addresses by remote network name.egress_ip_listRetrieves the IP addresses that Prisma Access uses with public IP addresses for additional egress traffic to the internet.For mobile user locations, Prisma Access lists the IP addresses by location. For remote networks, Prisma Access lists the IP addresses by remote network name.loopback_ipRetrieves the source IP addresses used by Prisma Access for requests made to an internal source (for example, a RADIUS or Active Directory server), and is assigned from the infrastructure subnet.If you don’t specify a keyword, Prisma Access retrieves all IP addresses.For example, you can try the following Curl command to manually retrieve the list of public IP addresses for all remote networks:curl -H header-api-key:1234y9ydxb__0UmxetVTbC8XTyFMaoT4RBZBKBjfX419YVufeFG7 "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=gpcs_remote_network&addrType=public_ip"
or use a simple python script to retrieve the list of all IP addresses, for example:#!/usr/bin/python import subprocess import json api_key = '1234y9ydxb__0UmxetVTbC8XTyFMaoT4RBZBKBjfX419YVufeFG7' # Replace with your key api_end_point = 'https://api.prod.datapath.prismaaccess.com/getAddrList/latest' # This call retrieves IP addresses for all your Prisma Access firewalls args = ['curl', '-k', '-H', 'header-api-key:' + api_key, api_end_point] p = subprocess.Popen(args, stdout=subprocess.PIPE) output = p.communicate() dout = json.loads(output[0]) addrStrList = dout['result']['addrList'] addrList = [] for addr_str in addrStrList: addrList.append(addr_str.split(":")[1]) print(addrList)
Update the allow lists on your on-premises servers or SaaS application policy rules with the IP addresses you retrieved.