Learn about the legacy scripts you can use to retrieve
Prisma Access IP and loopback addresses.
The commands described in this section are superseded by a newer API script as
of Prisma Access 1.5; however, they are still supported when you
need to obtain the loopback address, or for deployments that use
them in scripts or other automated tools.
The following table shows the keywords and parameters that are
available in the legacy API scripts used with Prisma Access, and
provides information and recommendations about which API to use
for the type of deployment you have.
These legacy commands also retrieve
however, Palo Alto Networks recommends that you use the newer API
script to retrieve these commands and only use the legacy API to
retrieve the loopback IP addresses.
public IP address
is the source
IP address that Prisma Access uses for requests made to an internet-based
source. Add the public IP address to an allow list in your network
to give Prisma Access access to internet resources such as SaaS
applications or publicly accessible partner applications.
user, remote network, and clean pipe deployments use public IP addresses.
egress IP address
is an IP address
that Prisma Access uses for egress traffic to the internet, and
you must also add these addresses to an allow list to give Prisma
Access access to internet resources.
Among other purposes,
Prisma Access uses egress IP addresses so that users receive web
pages in the language they expect from
a Prisma Access location. All locations have public IP addresses;
however, not all locations have egress IP addresses. The following
locations do not use egress IP addresses:
that you added before the release of Prisma Access 1.4.
Mobile user, remote network,
and clean pipe deployments use egress IP addresses.
This command retrieves all the IP addresses
that you add to an allow list to give Prisma Access access to internet
resources such as SaaS applications or publicly accessible partner
applications. This command has the following constraints:
command can retrieve a large number of addresses (more than 200). If
your enterprise cannot add this number of IP addresses to an allow
list, you can use the
to retrieve only the IP addresses you are currently using; however
you will have to rerun these commands every time you add a location.
In addition, if a scaling event occurs,
you will need to the new IP addresses to an allow list.
Prisma Access does not list the locations that are associated
with these IP addresses; therefore, we recommend that you all the
IP addresses that are returned with this command to an allow list.
This command does not give you loopback addresses.
Use this command if your deployment limits
the amount of IP addresses you can add to an allow list. You must
add all IP addresses returned with this command to an allow list
in your network. You can also retrieve the loopback IP addresses
with this command.