Use the Legacy Script to Retrieve Mobile User IP Addresses
Focus
Focus

Use the Legacy Script to Retrieve Mobile User IP Addresses

Table of Contents

Use the Legacy Script to Retrieve Mobile User IP Addresses

Use these legacy scripts to retrieve public and egress IP addresses for mobile user deployments.
This legacy script has been superseded by a by a newer API script as of Prisma Access 1.5. Palo Alto Networks recommends that you use the newer script to retrieve all IP addresses with the exception of loopback addresses.
If you are adding public IP addresses to allow lists to give mobile users access to SaaS or public applications, Prisma Access provides two IP addresses for each gateway and portal IP address so that one IP address can be used during a scaling or other event. You can add this set of IP addresses to an allow list before they are used, preventing any issues with mobile users being able to access SaaS or public applications during a scaling event.
Retrieve these new addresses by completing the following task:
  1. Get the API key by selecting PanoramaCloud ServicesConfigurationService Setup; then, selecting Generate API Key.
    You need this key to authenticate to Prisma Access and retrieve the list of IP addresses using the curl command listed below. Only a Panorama administrator or Superuser can generate or access this API key.
  2. Enter the following command to retrieve the mobile user public IP addresses:
      curl -H header-api-key:Current-API-Key "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?get_egress_ip_all=yes"
    Where Current-API-Key is the Prisma Access API key.
    For example, given an API key of 12345abcde, use the following API command to retrieve the public IP address for all locations:
      curl -H header-api-key:12345abcde "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?get_egress_ip_all=yes"
    Every time Prisma Access uses the one set of public IP addresses, it allocates another set of IP addresses. If you think that Prisma Access has used the added set of public IP addresses (for example, if a large number of mobile users have accessed a single location), you can run this API command again to find the new set of public IP addresses. All IP addresses persist after an upgrade.