Resources Required to Enable Access to
Cortex
XDR
Collectors

Depending on your network environment settings, you should enable network access to the Cortex XDR Collectors resources.
To enable access to
Cortex
XDR
Collectors components, you must allow access to various Palo Alto Networks resources. If you use the specific Palo Alto Networks App-IDs indicated in the table, you do not need to explicitly allow access to the resource. A dash (—) indicates there is no App-ID coverage for a resource.
Some of the IP addresses required for access are registered in the United States. As a result, some GeoIP databases do not correctly pinpoint the location in which IP addresses are used. All customer data is stored in your deployment region, regardless of the IP address registration and restricts data transmission through any infrastructure to that region. For considerations, see Plan Your Cortex XDR Deployment.
Throughout this topic,
<xdr-tenant>
refers to the chosen subdomain of your
Cortex
XDR
tenant and
<region>
is the region in which your Cortex Data Lake is deployed. For supported regions, see Plan Your Cortex XDR Deployment.
Refer to the following tables for the FQDNs, IP addresses, ports, and App-ID coverage for your deployment.
For IP address ranges in GCP, refer to the following tables for IP address coverage for your deployment.
Required Resources by Region
FQDN
IP Addresses and Port
App-ID Coverage
<xdr-tenant>
.xdr.
<region>
.paloaltonetworks.com
Used to connect to the
Cortex
XDR
management console.
IP address by region:
  • US—35.244.250.18
  • EU— 35.227.237.180
  • CA—34.120.31.199
  • UK— 34.120.87.77
  • JP—35.241.28.254
  • SG— 34.117.211.129
  • AU—34.120.229.65
  • DE—34.98.68.183
  • IN—35.186.207.80
Port—443
cortex-xdr
distributions.traps.paloaltonetworks.com
Used for the first request in registration flow where the agent passes the distribution id and obtains the
ch-
<xdr-tenant>
.traps.paloaltonetworks.com
of its tenant
  • IP address—35.223.6.69
  • Port—443
traps-management-service
panw-xdr-installers-prod-us.storage.googleapis.com
Used to download installers for upgrade actions from the server.
This storage bucket is used for all regions.
  • IP ranges in GCP
  • Port—443
cortex-xdr
global-content-profiles-policy.storage.googleapis.com
Used to download content updates.
  • IP ranges in GCP
  • Port—443
cortex-xdr
ch-
<xdr-tenant>
.traps.paloaltonetworks.com
Used for all other requests between the agent and its tenant server including heartbeat, uploads, action results, and scan reports.
IP address by region:
  • US—34.98.77.231
  • EU—34.102.140.103
  • CA— 34.96.120.25
  • UK—35.244.133.254
  • JP—34.95.66.187
  • SG—34.120.142.18
  • AU—34.102.237.151
  • DE—34.107.161.143
  • IN—34.120.213.188
Port—443
traps-management-service
api-
<xdr-tenant>
.xdr.
<region>
.paloaltonetworks.com
Used for API requests and responses.
IP address by region:
  • US—35.222.81.194
  • EU— 34.90.67.58
  • CA—35.203.82.121
  • UK— 34.89.56.78
  • JP—34.84.125.129
  • SG—34.87.83.144
  • AU—35.189.18.208
  • DE—34.107.57.23
  • IN—35.200.158.164
Port—443
Log Forwarding to a Syslog Receiver
Required Resources for Federal (United States - Government)
FQDN
IP Addresses and Port
App-ID Coverage
Required for
Cortex
XDR Collectors
distributions-prod-fed.traps.paloaltonetworks.com
Used for the first request in registration flow where the agent passes the distribution ID and obtains the
ch-
<xdr-tenant>
.traps.paloaltonetworks.com
of its tenant
  • IP address—104.198.132.24
  • Port—443
traps-management-service
panw-xdr-installers-prod-fr.storage.googleapis.com
Used to download installers for upgrade actions from the server.
  • IP ranges in GCP
  • Port—443
cortex-xdr
global-content-profiles-policy-prod-fr.storage.googleapis.com
Used to download content updates.
  • IP ranges in GCP
  • Port—443
cortex-xdr
ch-
<xdr-tenant>
.traps.paloaltonetworks.com
Used for all other requests between the agent and its tenant server including heartbeat, uploads, action results, and scan reports.
  • IP address—130.211.195.231
  • Port—443
traps-management-service
api-
<xdr-tenant>
.xdr.federal.paloaltonetworks.com
Used for API requests and responses.
  • IP address—130.211.195.231
  • Port—443
Log Forwarding to a Syslog Receiver

Recommended For You