>
    Strata Copilot
    NGFW FedRAMP Moderate and High FQDNs
    Focus
    Download PDF
    Focus
    1. Home
    2. FedRAMP
    3. NGFW FedRAMP Moderate and High Requirements
    4. NGFW FedRAMP Moderate and High FQDNs
    Download PDF
    FedRAMP

    NGFW FedRAMP Moderate and High FQDNs

    Table of Contents

    NGFW FedRAMP Moderate and High FQDNs

    Learn which fully qualified domains (FQDNs) are supported for use in Prisma SASE FedRAMP Moderate and High environments.
    Because Palo Alto Networks enforces strict incoming Security policy rules for NetSec FedRAMP tenants, you must provide Palo Alto Networks customer services with a list of fully qualified domains (FQDNs) for the administrative users who will be accessing your environment. After you submit a support ticket with these FQDNs, customer services will create an allow list for them, which will let users log in from these FQDNs and access the environment.

    Moderate FQDNs

    The following are FedRAMP Moderate FQDNs.
    ProductDomain
    CASB (SaaS API / SSPM)
    • https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
    • https://api.saas.pubsec-cloud.paloaltonetworks.com
    • https://app.saas.pubsec-cloud.paloaltonetworks.com
    • https://orchestrator-api.saas.pubsec-cloud.paloaltonetworks.com
    • https://authz.saas.pubsec-cloud.paloaltonetworks.com
    • https://filecache.saas.pubsec-cloud.paloaltonetworks.com
    CASB (SaaS Inline)
    • https://sase-saas-api.saas.pubsec-cloud.paloaltonetworks.com
    • https://api-prod-us.saas-inline.pubsec-cloud.paloaltonetworks.com
    Cloud Management
    • admin-mod-prod.gov.panorama.paloaltonetworks.com
    • paas-1-mod-prod.gov.panorama.paloaltonetworks.com
    • 35.232.6.182
    • 34.170.216.242
    Strata Logging Service
    • Source IP Addresses for Log Forwarding
      34.67.50.64/28
    • Firewall Log Ingestion
      firewall-gov.gov.cdl.paloaltonetworks.com
      Port 3978
      *.in2-lc-prod-gov-us.gpcloudservice.com
      Port 3978
    • Enhanced Application Log Ingestion
      fei-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 443
    • *.fei-lc-prod-gov-us.gpcloudservice.com
      Port 444
    • Telemetry and GlobalProtect Troubleshooting Log Ingestion
      br-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 443
      storage.googleapis.com
      Port 443
    • Log Access from Panorama
      pcl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 444
      cdl-gov1.us1.cent1.gov.cdl.paloaltonetworks.com
      Port 443
      *.api2-lc-prod-gov-us.gpcloudservice.com
      Port 444
    DLPhttps://gov.dlp.pubsec-cloud.paloaltonetworks.com
    IoT
    • https://fedramp-banff-api-elb.iot-gov.paloaltonetworks.com
    • 34.208.130.221
    • 52.11.205.69
    • 44.236.140.29
    Lumos V&R
    • api.mod.prod.reporting.paloaltonetworks.com
    • 34.29.53.115
    Panorama
    • Strata Logging Service-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    • *.api2-lc-prod-gov.gpcloudservice.com
    • *.fei-lc-prod-gov.gpcloudservice.com
    • Br-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    • lic.lc.prod.us.cs.paloaltonetworks.com
    • api.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    • sdwanapps-pa-panorama-autofedramptf.hood.cloudgenix.com
    • sdwanapps-pa-panorama.rogers.prismasasegov.com
    • sdwanapps-pa-panorama.campbel.prismasasegov.com
    PanOS Cloud Component
    • hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
    • enforcer.hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
    • iot.services-edge.pubsec-cloud.paloaltonetworks.com
    • enforcer.iot.services-edge.pubsec-cloud.paloaltonetworks.com
    Advanced Wildfire
    • pubsec-cloud.wildfire.paloaltonetworks.com
    • 35.230.63.175

    High FQDNs

    The following are FedRAMP High FQDNs.
    ProductDomain
    Cloud Management
    • admin.gov.panorama.paloaltonetworks.com
    • paas-1.gov.panorama.paloaltonetworks.com
    DLP[ul]
    • gov.dss.paloaltonetworks.com
    • ui-gov.dss.paloaltonetworks.com
    • api.dlp.paloaltonetworks.com
    • vault-fh.dss.paloaltonetworks.com
    • mongoe-fh0.dss.paloaltonetworks.com
    • mongoe-fh1.dss.paloaltonetworks.com
    • mongoe-fh2.dss.paloaltonetworks.com
    • mongodb-fh-prod.dss.paloaltonetworks.com
    • _mongodb._tcp.mongoe-fh0.dss.paloaltonetworks.com
    • _mongodb._tcp.mongoe-fh1.dss.paloaltonetworks.com
    • _mongodb._tcp.mongoe-fh2.dss.paloaltonetworks.com
    • _mongodb._tcp.mongodb-fh-prod.dss.paloaltonetworks.com
    hubfed.apps.paloaltonetworks.us
    IoT Securityhttps://fedramp-banff-pentest1.iot-gov.paloaltonetworks.com
    Panorama
    Strata Logging Service-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    *.api2-lc-prod-gov.gpcloudservice.com
    *.fei-lc-prod-gov.gpcloudservice.com
    Br-gov1.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    Lic.lc.prod.us.cs.paloaltonetworks.com
    api.us1.cent1.gov.Strata Logging Service.paloaltonetworks.com
    PanOS CC (Cloud Component)
    • dlp.gov-hawkeye.services-edge.paloaltonetworks.com
    • urlcat.gov-hawkeye.services-edge.paloaltonetworks.com
    • ace.gov-hawkeye.services-edge.paloaltonetworks.com
    • enforcer.gov-hawkeye.services-edge.paloaltonetworks.com
    • gov-hawkeye.services-edge.paloaltonetworks.com
    SaaS
    • https://ingestion-prod-us.gov.adv-saas-vis.paloaltonetworks.com/
    • https://api-prod-us.gov.adv-saas-vis.paloaltonetworks.com/
    • https://*.gov.saasprod.paloaltonetworks.com/
    • enforcer.gov-iot.services-edge.paloaltonetworks.com
    • gov-iot.services-edge.paloaltonetworks.com
    SASE Portalfed.sase.paloaltonetworks.us
    Advanced Wildfire
    • gov-cloud.wildfire.paloaltonetworks.com
    • govgvs.wildfire.paloaltonetworks.com

    © 2025 Palo Alto Networks, Inc. All rights reserved.