Prisma SASE FedRAMP Moderate and High "In Process" FQDNs
Focus
Focus
FedRAMP

Prisma SASE FedRAMP Moderate and High "In Process" FQDNs

Table of Contents

Prisma SASE FedRAMP Moderate and High "In Process" FQDNs

Learn which fully qualified domains (FQDNs) are supported for use in Prisma SASE FedRAMP Moderate and High "In Process" environments.
Because Palo Alto Networks enforces strict incoming Security policy rules for Prisma SASE FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of fully qualified domains (FQDNs) for the administrative users who will be accessing your environment. After you submit a support ticket with these FQDNs, customer services will create an allow list for them, which will let users log in from these FQDNs and access the environment.

Moderate FQDNs

The following are FedRAMP Moderate FQDNs.
ProductDomain
ADEM
  • agents.dem.prismaaccess.com
  • api-fed-mod-prod-1-us-central1.dem.prismaaccess.com
  • agents-fed-mod-prod-1-us-central1.dem.prismaaccess.com
  • probes-fed-mod-prod-1-us-central1.dem.prismaaccess.com
  • controller-fed-mod-prod-1-us-central1.dem.prismaaccess.com
API Gatewayhttps://api-usgov-mod.cloudmgmt.paloaltonetworks.com/
App Services (Hub & CIE)
  • Hub
    apps.paloaltonetworks.com
  • Logging Service Portal
    logging-service.apps.paloaltonetworks.com
  • SASE Portal
    sase.paloaltonetworks.com
  • Auth Service
    auth.apps.paloaltonetworks.com
  • App Registry
    app-registry-service.apps.paloaltonetworks.com
  • Directory Sync Portal
    directory-sync.gov.apps.paloaltonetworks.com
  • Directory Sync API
    app-directory-sync.gov.apps.paloaltonetworks.com
  • Directory Sync Agent
    agent-directory-sync.gov.apps.paloaltonetworks.com
  • Cloud Auth
    cloud-auth.gov.apps.paloaltonetworks.com
  • Cloud Auth Service
    cloud-auth-service.gov.apps.paloaltonetworks.com
  • SCIM Sync Service
    scim-sync.gov.apps.paloaltonetworks.com
CASB (SaaS API / SSPM)
  • https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
  • https://api.saas.pubsec-cloud.paloaltonetworks.com
  • https://app.saas.pubsec-cloud.paloaltonetworks.com
  • https://orchestrator-api.saas.pubsec-cloud.paloaltonetworks.com
  • https://authz.saas.pubsec-cloud.paloaltonetworks.com
  • https://filecache.saas.pubsec-cloud.paloaltonetworks.com
CASB (SaaS Inline)
  • https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
  • https://api-prod-us.saas-inline.pubsec-cloud.paloaltonetworks.com
Cloud Management
  • admin-mod-prod.gov.panorama.paloaltonetworks.com
  • paas-1-mod-prod.gov.panorama.paloaltonetworks.com
  • 35.232.6.182
  • 34.170.216.242
Strata Logging Service
  • Source IP Addresses for Log Forwarding
    34.67.50.64/28
  • Firewall Log Ingestion
    firewall-gov.gov.cdl.paloaltonetworks.com
    Port 3978
    *.in2-lc-prod-gov-us.gpcloudservice.com
    Port 3978
  • Enhanced Application Log Ingestion
    fei-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
    Port 443
  • *.fei-lc-prod-gov-us.gpcloudservice.com
    Port 444
  • Telemetry and GlobalProtect Troubleshooting Log Ingestion
    br-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
    Port 443
    storage.googleapis.com
    Port 443
  • Log Access from Panorama
    pcl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
    Port 444
    cdl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
    Port 443
    *.api2-lc-prod-gov-us.gpcloudservice.com
    Port 444
DLPhttps://gov.dlp.pubsec-cloud.paloaltonetworks.com
Insights
  • HTTPS: pa-usgov01.api.prismaaccess.com
  • MTLS: pa-service-api-usgov01.api.prismaaccess.com
IoT
  • https://fedramp-banff-api-elb.iot-gov.paloaltonetworks.com
  • 34.208.130.221
  • 52.11.205.69
  • 44.236.140.29
Lumos V&R
  • api.mod.prod.reporting.paloaltonetworks.com
  • 34.29.53.115
Prisma SASE Multitenant Portal
  • https://pa-us01.api.prismasasegov.com/api/cloud/2.0/agg
  • https://api.paloaltonetworks.com/mt/monitor/v1/agg with x-panw-region header as gov
Prisma SD-WAN*.prismasasegov.com
Panorama
Strata Logging Service-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
*.api2-lc-prod-gov.gpcloudservice.com
*.fei-lc-prod-gov.gpcloudservice.com
Br-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
Lic.lc.prod.us.cs.paloaltonetworks.com
api.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
sdwanapps-pa-panorama-autofedramptf.hood.cloudgenix.com
sdwanapps-pa-panorama.rogers.prismasasegov.com
sdwanapps-pa-panorama.campbel.prismasasegov.com
PanOS Cloud Component
  • hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
  • enforcer.hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
  • iot.services-edge.pubsec-cloud.paloaltonetworks.com
  • enforcer.iot.services-edge.pubsec-cloud.paloaltonetworks.com
Wildfire
  • http://pubsec-cloud.wildfire.paloaltonetworks.com/
  • 35.230.63.175

High "In Process" FQDNs

The following are FedRAMP High "In Process" FQDNs.
ProductDomain
ADEM*.prismasasegov.com
API Gatewayapi-usgov.cloudmgmt.paloaltonetworks.com
Strata Logging Service
  • United States Government (High) Source IP Addresses for Log Forwarding
    34.132.154.128/28
  • Firewall Log Ingestion
    Firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 3978
    *.in2-lc-prod-gov-us.gpcloudservice.com
    Port 3978
  • Enhanced Application Log Ingestion
    Fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.fei-lc-prod-gov-us.gpcloudservice.com
    Port 444
  • Telemetry and GlobalProtect Troubleshooting Log Ingestion
    br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • Storage.googleapis.com
    Port 443
  • Log Access from Panorama
    Pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 444
  • Cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.api2-lc-prod-gov-us.gpcloudservice.com
    Port 444
  • License and Tenant Mapping Check
    lic.lc.prod.us.cs.paloaltonetworks.com
    Port 444
    registry.highgov.cdl.paloaltonetworks.com
    Port 443
  • Firewall Log Ingestion
    firewall-highgov.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 3978
  • *.in2-lc-prod-gov-us.gpcloudservice.com
    Port 3978
  • Enhanced Application Log Ingestion
    fei-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.fei-lc-prod-gov-us.gpcloudservice.com Port 444
  • Telemetry and GlobalProtect Troubleshooting Log Ingestion
    br-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • storage.googleapis.com
    Port 443
  • Log Access from Panorama
    pcl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 444
  • cdl-highgov1.us1.cent1.highgov.cdl.paloaltonetworks.com
    Port 443
  • *.api2-lc-prod-gov-us.gpcloudservice.com
    Port 444
CIE/DSS*.paloaltonetworks.us
Cloud Management[ul]admin.gov.panorama.paloaltonetworks.com paas-1.gov.panorama.paloaltonetworks.com
DLP[ul]gov.dss.paloaltonetworks.comui-gov.dss.paloaltonetworks.comapi.dlp.paloaltonetworks.comvault-fh.dss.paloaltonetworks.commongoe-fh0.dss.paloaltonetworks.commongoe-fh1.dss.paloaltonetworks.commongoe-fh2.dss.paloaltonetworks.commongodb-fh-prod.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh0.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh1.dss.paloaltonetworks.com_mongodb._tcp.mongoe-fh2.dss.paloaltonetworks.com_mongodb._tcp.mongodb-fh-prod.dss.paloaltonetworks.com
hubfed.apps.paloaltonetworks.us
Insights*.prismasasegov.com
IoT Securityhttps://fedramp-banff-pentest1.iot-gov.paloaltonetworks.com
Prisma SASE Multitenant Portal*.prismasasegov.com
Panorama
Strata Logging Service-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
*.api2-lc-prod-gov.gpcloudservice.com
*.fei-lc-prod-gov.gpcloudservice.com
Br-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
Lic.lc.prod.us.cs.paloaltonetworks.com
api.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
PanOS CC (Cloud Component)[ul]dlp.gov-hawkeye.services-edge.paloaltonetworks.comurlcat.gov-hawkeye.services-edge.paloaltonetworks.comace.gov-hawkeye.services-edge.paloaltonetworks.comenforcer.gov-hawkeye.services-edge.paloaltonetworks.com gov-hawkeye.services-edge.paloaltonetworks.com
Prisma Access*.prismasasegov.com
SaaS[ul]https://ingestion-prod-us.gov.adv-saas-vis.paloaltonetworks.com/https://api-prod-us.gov.adv-saas-vis.paloaltonetworks.com/ https://*.gov.saasprod.paloaltonetworks.com/enforcer.gov-iot.services-edge.paloaltonetworks.comgov-iot.services-edge.paloaltonetworks.com
Sase Portalfed.sase.paloaltonetworks.us
Prisma SD-WAN*.prismasasegov.com
Wildfire[ul]gov.wildfire.paloaltonetworks.usgvs.gov.wildfire.paloaltonetworks.us