Enable Access to the Prisma Cloud Console

List of NAT Gateway IP addresses for Prisma™ Cloud and the URLs/domains that you must add to an allow list.
So that Prisma Cloud can connect to your cloud environments for monitoring and you can log in to the Prisma Cloud administrative console, you must allow the following IP addresses and hostnames that are used by different components which comprise the service.

NAT Gateway IP Addresses for Prisma Cloud

Prisma™ Cloud uses the following NAT gateway IP addresses. To ensure that you can access Prisma Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, or for your Prisma Cloud Defenders to communicate with the Prisma Cloud Compute Console, review the list and update the IP addresses in your allow lists. In the event of disruption due to a disaster, to help backup data in a timely manner, add the Disaster Recovery (DR) IP addresses to your allow lists.
  • The Prisma Cloud URL indicates the region where your tenant is deployed. For example, your tenant is on app3 if your URL is https://app3.prismacloud.io/.
  • On the
    Compute
    Manage
    System
    Utilities
    , find the region in the URL for
    Path to Console
    . Use that region to identify the destination IP address, which you must allow or add as trusted to access the Prisma Cloud Compute console. For example, if the URL is https://us-west1.cloud.twistlock.com/us-xxxxxx,
    us-west1
    indicates your Compute console region.
    To install Prisma Cloud Defenders in Kubernetes cluster, in addition to being able to connect to the Prisma Cloud Compute Console, the nodes in your cluster must be able to access the Prisma Cloud cloud registry at registry-auth.twistlock.com.
Prisma Cloud URL (AWS Region)
Source IP Address to Allow
Compute SaaS Console Region (GCP)
DR IP Address to Allow
app.prismacloud.io
us-east-1 (N.Virginia)
3.217.51.44
3.218.144.244
34.199.10.120
34.205.176.82
34.228.96.118
52.201.19.205
Only required for Code Security integrations with on-premises environments
  • 54.147.35.106
  • 3.210.87.2
us-east1 (South Carolina)
Egress: 34.75.54.101
Ingress: 34.74.84.51
52.25.108.159/32
34.213.129.111/32
44.242.81.208/32
52.40.100.6/32
54.71.172.241/32
44.236.217.120/32
app2.prismacloud.io
us-east-2 (Ohio)
3.16.7.30
13.59.164.228
18.191.115.70
18.218.243.39
18.221.72.80
18.223.141.221
Only required for Code Security integrations with on-premises environments
  • 3.139.149.174
  • 3.132.209.81
us-east1 (South Carolina)
Egress: 34.75.54.101
Ingress: 34.74.84.51
54.176.152.228/32
54.193.231.56/32
54.219.105.0/32
52.8.73.14/32
52.52.91.251/32
54.215.34.77/32
app3.prismacloud.io
us-west-2 (Oregon)
34.208.190.79
52.24.59.168
52.39.60.41
52.26.142.61
54.213.143.171
54.218.131.166
Only required for Code Security integrations with on-premises environments
  • 52.35.163.8
  • 44.231.203.74
  • 44.231.142.62
us-west1 (Oregon)
Egress: 34.82.51.12
Ingress: 104.198.109.73
34.192.147.35/32
34.205.10.23/32
54.221.206.73/32
54.145.56.75/32
54.152.99.85/32
52.73.209.182/32
app4.prismacloud.io
us-west-1 (N.California)
13.52.27.189
13.52.105.217
13.52.157.154
13.52.175.228
52.52.50.152
52.52.110.223
Only required for Code Security integrations with on-premises environments
  • 50.18.117.136
  • 54.215.44.246
us-west1 (Oregon)
Egress: 35.233.225.166, 34.82.51.12
Ingress: 104.198.109.73
3.18.55.196/32
3.18.59.163/32
3.141.248.48/32
3.135.129.242/32
3.22.165.22/32
3.141.146.82/32
app5.prismacloud.io
us-east-2 (Ohio)
3.128.141.242
3.129.241.104
3.130.104.173
3.136.191.187
13.59.109.178
18.190.115.80
us-east1 (South Carolina)
Egress: 35.196.73.150, 34.75.54.101
Ingress: 34.74.84.51
app.anz.prismacloud.io
ap-southeast-2 (Sydney)
3.104.252.91
13.210.254.18
13.239.110.68
52.62.75.140
52.62.194.176
54.66.215.148
Only required for Code Security integrations with on-premises environments
  • 52.64.90.100
  • 54.206.227.53
asia-northeast1 (Tokyo, Japan)
or
australia-southeast1 (Sydney, Australia)
Egress: 35.194.113.255 or 35.244.121.190
Ingress: 35.200.123.236 or 35.189.44.184
app.ca.prismacloud.io
ca-central-1 (Canada - Central)
15.223.59.158
15.223.96.201
15.223.127.111
52.60.127.179
99.79.30.121
35.182.209.121
Only required for Code Security integrations with on-premises environments
  • 35.183.55.7
  • 3.98.207.92
northamerica-northeast1 (Montréal, Québec)
Egress: 35.203.59.190
Ingress: 35.203.31.67
app.prismacloud.cn
cn-northwest-1 (Ningxia)
52.82.89.61
52.82.102.153
52.82.104.173
52.83.179.1
52.83.70.13
52.83.77.73
Compute SaaS not supported
app.ind.prismacloud.io
15.207.175.101
15.207.56.212
3.108.163.21
3.109.149.80
35.154.114.39
65.1.154.7
asia-south1-a (Mumbai)
Egress: 35.200.249.161
Ingress: 35.200.140.118
app.uk.prismacloud.io
eu-west2 (London)
3.9.200.0
18.133.126.85
18.134.251.157
18.168.9.241
18.168.51.89
35.176.57.39
Only required for Code Security integrations with on-premises environments
  • 3.9.243.250
  • 18.133.59.44
europe-west2 (London)
Egress: 34.105.197.208
Ingress: 34.89.87.128
app.eu.prismacloud.io
eu-central-1 (Frankfurt)
3.121.64.255
3.121.248.165
3.121.107.154
3.124.113.11
18.184.105.224
18.185.81.104
Only required for Code Security integrations with on-premises environments
  • 3.69.215.10
  • 18.159.139.221
europe-west3 (Frankfurt, Germany)
Egress: 34.107.65.220
Ingress: 34.107.91.105
34.247.199.145/32
3.248.43.139/32
54.73.199.140/32
52.209.24.141/32
52.211.138.79/32
52.208.61.249/32
app2.eu.prismacloud.io
eu-west-1 (Ireland)
18.200.200.125
3.248.26.245
99.81.226.57
52.208.244.121
18.200.207.86
63.32.161.197
Only required for Code Security integrations with on-premises environments
  • 54.170.182.84
  • 79.125.19.221
europe-west3 (Frankfurt, Germany)
Egress: 34.89.249.72, 34.107.65.220
Ingress: 34.107.91.105
3.65.146.60/32
18.198.160.165/32
18.194.43.28/32
3.65.81.38/32
3.65.16.200/32
3.65.81.86/32
app.fr.prismacloud.io
eu-west-3 (Paris)
15.188.106.72
15.188.116.74
13.38.189.211
15.188.209.236
15.188.0.67
35.181.110.153
Only required for Code Security integrations with on-premises environments
  • 35.180.236.144
  • 52.47.148.170
europe-west9 (Paris, France)
Egress: 34.163.186.175
Ingress: 34.163.33.98
app.gov.prismacloud.io
us-gov-west-1 (AWS GovCloud US-West)
15.200.146.166
15.200.89.211
us-west1 (Oregon)
Egress: 35.233.225.166, 34.82.51.12
Ingress: 104.198.109.73
app.jp.prismacloud.io
ap-northeast-1 (Tokyo)
13.114.192.248
13.230.74.246
18.180.127.96
35.75.84.20
35.76.22.242
54.249.107.1
Only required for Code Security integrations with on-premises environments
  • 35.79.185.43
  • 54.178.36.219
asia-northeast1-a (Tokyo, Japan, APAC)
Egress: 35.200.123.236
Ingress: 35.194.113.255
app.sg.prismacloud.io
ap-southeast-1 (Singapore)
13.250.248.219
18.139.183.196
52.76.28.40
52.76.70.227
52.221.36.124
52.221.157.53
Only required for Code Security integrations with on-premises environments
  • 3.0.37.2
  • 54.251.48.202
asia-southeast1 (Singapore)
Egress: 35.198.194.238
Ingress: 34.87.137.141
Data Security on Prisma Cloud US
3.128.230.117
3.22.23.119
3.14.212.156
Data Security on Prisma Cloud EU
3.64.66.135
18.198.52.216
3.127.191.112
Egress-From Defenders to Console; Ingress-From Console in to your environment for alerts.
Due to compliance reasons, backup/Disaster Recovery (DR) IP addresses are not supported in some regions.

Prisma Cloud Administrative Console

Allow access to the following domains, to use the Prisma Cloud user interface:
  • Palo Alto Networks sub domains.
    You can add *.paloaltonetworks.com to include all of the following URLs:
    • apps.paloaltonetworks.com
    • autofocus.paloaltonetworks.com
    • docs.paloaltonetworks.com
    • identity.paloaltonetworks.com
    • live.paloaltonetworks.com
    • login.paloaltonetworks.com
    • support.paloaltonetworks.com
      Some additional URLs are also required, for the Prisma Cloud Administrative Console.
  • Prisma Cloud API interface
    api*.*.prismacloud.io. See API URLs for your Prisma Cloud tenant.
  • URLs associated with the sign-in and status updates for Prisma Cloud
    • assets.adobedtm.com
    • cloudfront.net
    • dpm.demdex.net
    • google.com
    • google.com/recaptcha/
    • gstatic.com
    • gstatic.com/recaptcha/
    • polyfill.io
  • wss://*.prismacloud.io
  • Cloud Workload Protection (CWP) capabilities
    *.twistlock.com, for access to the CWP capabilities available on the
    Compute
    tab on the Prisma Cloud console.
  • Cloud Network Security (CNS) /Microsegmentation capabilities
    *.network.prismacloud.io, for access to the Microsegmentation capabilities that are enabled on the
    Network Security
    tab on the Prisma Cloud console.
  • Code Security capabilities
    • *.bridgecrew.cloud, for the Code Security capabilities that are enabled on the
      Code
      and
      Settings
      tab on the Prisma Cloud console.
    • To onboard a VCS/SCM integration or to scan Pull Requests, enable outbound communication from the VCS provider / on-prem server to the following IP addresses:
      • 10.236.14.127
      • 10.236.9.16
    • When using Checkov to scan repositories and report the findings, you must allow access to the following domains if:
      You’re running Checkov within your pipeline, enable access for the machine running Checkov.
      If you’re running the IDE extension on your local machine, enable access on the local machine.
      Prisma Cloud URL is on
      API Gateway
      S3 bucket for uploading findings
      S3 bucket for routing to the correct S3 bucket
      app3
      api3.prismacloud.io
      bc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.com
      bc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.com
      app0
      api0.prismacloud.io
      bc-scanner-results-469330042197-prod.s3.us-east-1.amazonaws.com
      bc-scanner-results-469330042197-prod.s3.us-west-2.amazonaws.com
      app
      api.prismacloud.io
      bc-scanner-results-838878234734-prod.s3.us-east-1.amazonaws.com
      bc-scanner-results-838878234734-prod.s3.us-west-2.amazonaws.com
      app2
      api2.prismacloud.io
      bc-scanner-results-612480224350-prod.s3.us-east-2.amazonaws.com
      bc-scanner-results-612480224350-prod.s3.us-west-2.amazonaws.com
      app4
      api4.prismacloud.io
      bc-scanner-results-540411623009-prod.s3.us-west-1.amazonaws.com
      bc-scanner-results-540411623009-prod.s3.us-west-2.amazonaws.com
      app5
      api5.prismacloud.io
      bc-scanner-results-700766934309-prod.s3.us-east-2.amazonaws.com
      bc-scanner-results-700766934309-prod.s3.us-west-2.amazonaws.com
      app.ca
      api.ca.prismacloud.io
      bc-scanner-results-205367576728-prod.s3.ca-central-1.amazonaws.com
      bc-scanner-results-205367576728-prod.s3.us-west-2.amazonaws.com
      app.eu
      api.eu.prismacloud.io
      bc-scanner-results-836922451682-prod.s3.eu-central-1.amazonaws.com
      bc-scanner-results-836922451682-prod.s3.us-west-2.amazonaws.com
      app2.eu
      api2.eu.prismacloud.io
      bc-scanner-results-800009193461-prod.s3.eu-west-1.amazonaws.com
      bc-scanner-results-800009193461-prod.s3.us-west-2.amazonaws.com
      app.fr
      api.fr.prismacloud.io
      bc-scanner-results-063178804405-prod.s3.eu-west-3.amazonaws.com
      bc-scanner-results-063178804405-prod.s3.us-west-2.amazonaws.com
      app-uk
      api.uk.prismacloud.io
      bc-scanner-results-580360239683-prod.s3.eu-west-2.amazonaws.com
      bc-scanner-results-580360239683-prod.s3.us-west-2.amazonaws.com
      app.jp
      api.jp.prismacloud.io
      bc-scanner-results-510882576293-prod.s3.ap-northeast-1.amazonaws.com
      bc-scanner-results-510882576293-prod.s3.us-west-2.amazonaws.com
      app.sg
      api.sg.prismacloud.io
      bc-scanner-results-277833049433-prod.s3.ap-southeast-1.amazonaws.com
      bc-scanner-results-277833049433-prod.s3.us-west-2.amazonaws.com
      app.anz
      api.anz.prismacloud.io
      bc-scanner-results-607751493482-prod.s3.ap-southeast-2.amazonaws.com
      bc-scanner-results-607751493482-prod.s3.us-west-2.amazonaws.com
  • Adoption Advisor *.ingest.sentry.io
  • Launch Darkly
    *.launchdarkly.com, to enable preview access to features. Also refer to the public IP address list for Launch Darkly.
  • Pendo
    Prisma Cloud uses Pendo for in-app analytics.
    • app.pendo.io
    • data.pendo.io
    • cdn.pendo.io
    • us.pendo.io, *.us.pendo.io
    • *.storage.googleapis.com
  • Feature request submissions
    • prismacloud.ideas.aha.io cdn.aha.io
    • secure.gravatar.com
    • s3.amazonaws.com
  • Images and fonts
    • use.typekit.net
    • p.typekit.net
    • fonts.googleapis.com
    • *.storage.googleapis.com
    • fonts.gstatic.com
    • mt.google.com
  • Palo Alto Support Portal and LiveCommunity
    • static.cloud.coveo.com
    • platform.cloud.coveo.com
    • nebula-cdn.kampyle.com
    • maxcdn.bootstrapcdn.com
    • use.fontawesome.com
    • ajax.googleapis.com
    • prod.hosted.lithcloud.com
    • static.hotjar.com
    • vars.hotjar.com
    • assets.adobedtm.com
    • paloaltonetworks.hosted.panopto.com
    • cdn.embed.ly
    • tag.demandbase.com
    • paloaltonetworks.d1.sc.omtrdc.net
    • cloudfront.net
    • cdn.pendo.io
    • data.pendo.io
    • firestore.googleapis.com
    • use.typekit.net
    • p.typekit.net
    • *.youtube.com

Recommended For You