1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex® XDR Prevent Administrator’s Guide
    5. Get Started with Cortex® XDR™ Prevent
    6. Set up Endpoint Protection
    7. Enable Access to Cortex XDR
    8. Resources Required to Enable Access to Cortex XDR

    Resources Required to Enable Access to
    Cortex
    XDR

    Depending on your network environment settings, you should enable network access to the Cortex XDR resources.
    To Enable Access to Cortex XDR components, you must allow access to various Palo Alto Networks resources. If you use the specific Palo Alto Networks App-IDs indicated in the table, you do not need to explicitly allow access to the resource. A dash (—) indicates there is no App-ID coverage for a resource.
    Some of the IP addresses required for access are registered in the United States. As a result, some GeoIP databases do not correctly pinpoint the location in which IP addresses are used. All customer data is stored in your deployment region, regardless of the IP address registration and restricts data transmission through any infrastructure to that region. For considerations, see Plan Your Cortex Deployment.
    Throughout this topic,
    <xdr-tenant>
     refers to the chosen subdomain of your
    Cortex
    XDR
     tenant and
    <region>
     is the region in which your
    Cortex
     Data Lake is deployed (see Plan Your Cortex Deployment for supported regions).
    Refer to the following tables for the FQDNs, IP addresses, ports, and App-ID coverage for your deployment.
    For IP address ranges in GCP, refer to the following tables for IP address coverage for your deployment:
    Required Resources by Region
    FQDN
    IP Addresses and Port
    App-ID Coverage
    <xdr-tenant>
    .xdr.
    <region>
    .paloaltonetworks.com
    Used to connect to the
    Cortex
    XDR
     management console.
    IP address by region.
    • US—35.244.250.18
    • EU— 35.227.237.180
    • CA—34.120.31.199
    • UK— 34.120.87.77
    • JP—35.241.28.254
    • SG— 34.117.211.129
    • AU—34.120.229.65
    • DE—34.98.68.183
    • IN—35.186.207.80
    Port—443
    cortex-xdr
    distributions.traps.paloaltonetworks.com
    Used for the first request in registration flow where the agent passes the distribution id and obtains the
    ch-
    <xdr-tenant>
    .traps.paloaltonetworks.com
     of its tenant
    • IP address—35.223.6.69
    • Port—443
    traps-management-service
    wss://lrc-
    <region>
    .paloaltonetworks.com
    Used in live terminal flow.
    IP address by region.
    • US—35.190.88.43
    • EU—35.244.251.25
    • CA—35.203.99.74
    • UK—35.242.159.176
    • JP—34.84.201.32
    • SG—34.87.61.186
    • AU—35.244.66.177
    • DE—34.107.61.141
    • IN—35.200.146.253
    Port—443
    cortex-xdr
    panw-xdr-installers-prod-us.storage.googleapis.com
    Used to download installers for upgrade actions from the server.
    This storage bucket is used for all regions.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    panw-xdr-payloads-prod-us.storage.googleapis.com
    Used to download the executable for live terminal for
    Cortex
     XDR agents earlier than version 7.1.0.
    This storage bucket is used for all regions.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    global-content-profiles-policy.storage.googleapis.com
    Used to download content updates.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    panw-xdr-evr-prod-
    <region>
    .storage.googleapis.com
    Used to download extended verdict request results in scanning.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    dc-
    <xdr-tenant>
    .traps.paloaltonetworks.com
    Used for EDR data upload.
    IP address by region.
    • US—34.98.77.231
    • EU—34.102.140.103
    • CA—34.96.120.25
    • UK—35.244.133.254
    • JP—34.95.66.187
    • SG—34.120.142.18
    • AU—34.102.237.151
    • DE—34.107.161.143
    • IN—34.120.213.187
    Port—443
    traps-management-service
    ch-
    <xdr-tenant>
    .traps.paloaltonetworks.com
    Used for all other requests between the agent and its tenant server including heartbeat, uploads, action results, and scan reports.
    IP address by region.
    • US—34.98.77.231
    • EU—34.102.140.103
    • CA— 34.96.120.25
    • UK—35.244.133.254
    • JP—34.95.66.187
    • SG—34.120.142.18
    • AU—34.102.237.151
    • DE—34.107.161.143
    • IN—34.120.213.188
    Port—443
    traps-management-service
    api-
    <xdr-tenant>
    .xdr.
    <region>
    .paloaltonetworks.com
    Used for API requests and responses.
    IP address by region.
    • US—35.222.81.194
    • EU— 34.90.67.58
    • CA—35.203.82.121
    • UK— 34.89.56.78
    • JP—34.84.125.129
    • SG—34.87.83.144
    • AU—35.189.18.208
    • DE—34.107.57.23
    • IN—35.200.158.164
    Port—443
    cc-
    <xdr-tenant>
    .traps.paloaltonetworks.com
    Used for get-verdict requests.
    IP address by region.
    • US—35.224.140.142
    • EU—34.90.71.103
    • CA—35.203.35.23
    • UK—34.89.42.214
    • JP—34.84.225.105
    • SG—35.247.161.94
    • AU—35.201.23.188
    • DE—34.90.71.103
    • IN—35.244.57.196
    Port—443
    traps-management-service
    Broker VM Resources
    Required for deployments that use Broker VM features
    br-
    <xdr-tenant>
    .xdr.
    <region>
    .paloaltonetworks.com
    IP address by region.
    • US—104.155.131.72
    • EU— 34.91.128.226
    • CA— 34.95.8.232
    • UK—35.197.219.110
    • JP— 34.85.74.43
    • SG—34.87.167.125
    • AU—35.244.93.0
    • DE—35.198.112.13
    • IN—35.200.234.99
    Port—443
    distributions.traps.paloaltonetworks.com
    • IP address—35.223.6.69
    • Port—443
    traps-management-service
    • time.google.com
    • pool.ntp.org
    UDP port—123
    App Login and Authentication
    identity.paloaltonetworks.com
    (SSO)
    • IP address—34.107.215.35
    • Port—443
    login.paloaltonetworks.com
    (SSO)
    • IP address—34.107.190.184
    • Port—443
    In-App Help Center and Notifications
    data.pendo.io
    Port—443
    pendo-static-5664029141630976.storage.googleapis.com
    Port—443
    Email Notifications
    IP address for all regions starting 7th August 2022—159.183.150.248
    IP address by region.
    • US— 67.231.148.124
    • EU—67.231.156.123
    To Collect 3rd Party Data from Customer's SaaS and Cloud resources
    IP address by region.
    • US
      • 34.66.69.154
      • 35.202.21.123
    • AU
      • 35.197.181.108
      • 35.197.175.44
    • CA
      • 34.95.33.72
      • 34.95.62.136
    • SG
      • 35.247.148.38
      • 35.247.173.40
    • JP
      • 34.85.68.167
      • 34.84.99.239
    • IN
      • 34.93.3.196
      • 34.93.175.218
    • DE
      • 34.89.197.46
      • 34.107.3.224
    • UK
      • 34.105.227.146
      • 34.105.137.22
    • EU
      • 34.90.70.107
      • 35.204.129.196
    cortex-xdr
    Log Forwarding to a Syslog Receiver
    Required Resources for Federal (United States - Government)
    FQDN
    IP Addresses and Port
    App-ID Coverage
    distributions-prod-fed.traps.paloaltonetworks.com
    Used for the first request in registration flow where the agent passes the distribution ID and obtains the
    ch-
    <xdr-tenant>
    .traps.paloaltonetworks.com
     of its tenant
    • IP address—104.198.132.24
    • Port—443
    traps-management-service
    wss://lrc-fed.paloaltonetworks.com
    Used in live terminal flow.
    • IP address—35.188.188.91
    • Port—443
    cortex-xdr
    panw-xdr-installers-prod-fr.storage.googleapis.com
    Used to download installers for upgrade actions from the server.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    panw-xdr-payloads-prod-fr.storage.googleapis.com
    Used to download the executable for live terminal for Cortex XDR agents earlier than version 7.1.0.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    global-content-profiles-policy-prod-fr.storage.googleapis.com
    Used to download content updates.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    panw-xdr-evr-prod-fr.storage.googleapis.com
    Used to download extended verdict request results in scanning.
    • IP ranges in GCP
    • Port—443
    cortex-xdr
    app-proxy.federal.paloaltonetworks.com
    • IP address—104.155.148.118
    • Port—443
    dc-
    <xdr-tenant>
    .traps.paloaltonetworks.com
    Used for EDR data upload.
    • IP address—130.211.195.231
    • Port—443
    traps-management-service
    ch-
    <xdr-tenant>
    .traps.paloaltonetworks.com
    Used for all other requests between the agent and its tenant server including heartbeat, uploads, action results, and scan reports.
    • IP address—130.211.195.231
    • Port—443
    traps-management-service
    api-
    <xdr-tenant>
    .xdr.
    federal.paloaltonetworks.com
    Used for API requests and responses.
    • IP address—130.211.195.231
    • Port—443
    cc-
    <xdr-tenant>
    .traps.paloaltonetworks.com
    Used for get-verdict requests.
    • IP address—35.222.50.74
    • Port—443
    traps-management-service
    Broker VM Resources
    Required for deployments that use Broker VM features
    br-
    <xdr-tenant>
    .xdr.
    federal.paloaltonetworks.com:443
    • IP address—34.71.185.11
    • Port—443
    distributions-prod-fed.traps.paloaltonetworks.com
    • IP address—104.198.132.24
    • Port—443
    traps-management-service
    • time.google.com
    • pool.ntp.org
    UDP port—123
    App Login and Authentication
    identity.paloaltonetworks.com
    (SSO)
    • IP address—34.107.215.35
    • Port—443
    login.paloaltonetworks.com
    (SSO)
    • IP address—34.107.190.184
    • Port—443
    In-App Help Center and Notifications
    data.pendo.io
    Port—443
    pendo-static-5664029141630976.storage.googleapis.com
    Port—443
    To Collect 3rd Party Data from Customer's SaaS and Cloud resources
    IP addresses
    • 34.68.217.16
    • 34.69.175.202
    cortex-xdr
    Log Forwarding to a Syslog Receiver

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo