>
    Prisma Access Browser Prerequisites
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access Browser
    3. Prisma Access Browser Prerequisites
    Download PDF
    Prisma Access Browser

    Prisma Access Browser Prerequisites

    Table of Contents

    Prisma Access Browser Prerequisites

    Learn about the prerequisites for Prisma Access Secure Enterprise Browser (Prisma Access Browser), including: system requirements, domains to allow, and IdP proxy requirements,.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Standalone Prisma Access Browser
    • Prisma Access with Prisma Access Browser bundle license or Prisma Access Browser standalone license
    • Superuser or Prisma Access Browser role

    System Requirements

    Windows
    • Windows 10 64-bit
    • Windows 11 64-bit
    • No admin privileges are required
    macOS
    • macOS Big Sur 11.0 or later.
    • Intel x86 or Apple M1 and above
    • No admin privileges are required
    Android
    • Android 11 and above
    iOS
    • iOS 17 and above

    Domains to Allow

    All the services listed below use SSL Pinning. These domains must be excluded from SSL decryption on your gateway or proxy to ensure they function correctly.
    The Prisma Access Browser communicates with the following domains:
    • *.talon-sec.com/* See below
    • https://*.browser-intake-ddog-gov.com/*
    • https://public-trace-http-intake.logs.datadoghq.com/*
    • https://rum-http-intake.logs.datadoghq.com/*
    • https://browser-http-intake.logs.datadoghq.com/*
    • https://public-trace-http-intake.logs.datadoghq.eu/*
    • https://rum-http-intake.logs.datadoghq.eu/*
    • https://browser-http-intake.logs.datadoghq.eu/*
    • https://api.us.frontegg.com/auth/vendor/*
    • https://talon-session-recordings-prod-us-east-1.s3.amazonaws.com/*
    Replacing *.talon-sec.com/*
    If your organization is not able to use an all-encompassing URL, enter the following URLs:
    Palo Alto Networks highly recommends that the https://*.talon-sec.com entry be used as a network requirement.
    There is no guarantee that this list will not change. URLs may be modified and additional services may be added in the future.
    Policy servicehttps://gateway.talon-sec.com
    Device servicehttps://gateway.talon-sec.com
    Event ingestion servicehttps://gateway.talon-sec.com
    Login servicehttps://login.talon-sec.com
    Login proxy servicehttps://ext-proxy.talon-sec.com
    Sync servicehttps://gateway.talon-sec.com
    Vault servicehttps://gateway.talon-sec.com
    Static assets servicehttps://assets.talon-sec.com
    Onboarding servicehttps://auth.talon-sec.com
    User requests servicehttps://gateway.talon-sec.com
    Malware protectionhttps://riskapi.talon-sec.com
    Updates service
    https://bfe078e7921507bb.talon-sec.com
    https://updates.talon-sec.com
    Crash reportinghttps://gateway.talon-sec.com
    Browser Enginehttps://extensions.talon-sec.com

    IdP Proxy Requirements

    The IdP Proxy prevents applications from using the Prisma Access Browser. To enable the proxy to function, your firewall/proxy must allow access to the following IP addresses.
    Ingress IP addresses - traffic will flow into the proxy through:
    https://idp-proxy.talon-sec.com
    This FQDN resolves to the following IP addresses:
    13.248.159.237
    76.223.24.47
    Egress IP addresses- Traffic will flow out of the proxy through:
    If your Prisma Access Browser tenant is located in the US:If your Prisma Access Browser tenant is located in the EU:
    3.88.246.246
    3.231.124.107
    18.159.163.147
    3.73.9.244
    3.73.9.169
    3.123.106.233
    3.68.54.94
    35.85.101.56
    54.214.168.174
    44.238.8.92
    54.184.95.247
    52.207.65.93
    50.19.8.101
    3.222.196.200
    54.71.84.74
    18.198.253.83
    3.65.70.29
    3.78.96.210
    18.198.253.83
    3.65.70.29
    3.78.96.210

    © 2024 Palo Alto Networks, Inc. All rights reserved.