Document:Prisma™ Cloud Administrator's Guide

Enable Access to the Prisma Cloud Console

Filter

Enable Access to the Prisma Cloud Console

List of NAT Gateway IP addresses for Prisma™ Cloud and the URLs/domains that you must add to an allow list.

So that Prisma Cloud can connect to your cloud environments for monitoring and you can log in to the Prisma Cloud administrative console, you must allow the following IP addresses and hostnames that are used by different components which comprise the service.

NAT Gateway IP Addresses for Prisma Cloud

Prisma Cloud Administrative Console

NAT Gateway IP Addresses for Prisma Cloud

Prisma™ Cloud uses the following NAT gateway IP addresses. To ensure that you can access Prisma Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, or for your Prisma Cloud Defenders to communicate with the Prisma Cloud Compute Console, review the list and update the IP addresses in your allow lists. In the event of disruption due to a disaster, to help backup data in a timely manner, add the Disaster Recovery (DR) IP addresses to your allow lists.

The Prisma Cloud URL indicates the region where your tenant is deployed. For example, your tenant is on app3 if your URL is https://app3.prismacloud.io/.

On the

Compute

Manage

System

Utilities

, find the region in the URL for Path to Console
. Use that region to identify the destination IP address, which you must allow or add as trusted to access the Prisma Cloud Compute console. For example, if the URL is https://us-west1.cloud.twistlock.com/us-xxxxxx, us-west1
indicates your Compute console region.

To install Prisma Cloud Defenders in Kubernetes cluster, in addition to being able to connect to the Prisma Cloud Compute Console, the nodes in your cluster must be able to access the Prisma Cloud cloud registry at registry-auth.twistlock.com.

Prisma Cloud URL (AWS Region)	Source IP Address to Allow	Compute SaaS Console Region (GCP)	DR IP Address to Allow
app.prismacloud.io us-east-1 (N.Virginia)	3.217.51.44 3.218.144.244 34.199.10.120 34.205.176.82 34.228.96.118 52.201.19.205 Only required for Code Security integrations with on-premises environments 54.147.35.106 3.210.87.2	us-east1 (South Carolina) Egress: 34.75.54.101 Ingress: 34.74.84.51	52.25.108.159/32 34.213.129.111/32 44.242.81.208/32 52.40.100.6/32 54.71.172.241/32 44.236.217.120/32
app2.prismacloud.io us-east-2 (Ohio)	3.16.7.30 13.59.164.228 18.191.115.70 18.218.243.39 18.221.72.80 18.223.141.221 Only required for Code Security integrations with on-premises environments 3.139.149.174 3.132.209.81	us-east1 (South Carolina) Egress: 34.75.54.101 Ingress: 34.74.84.51	54.176.152.228/32 54.193.231.56/32 54.219.105.0/32 52.8.73.14/32 52.52.91.251/32 54.215.34.77/32
app3.prismacloud.io us-west-2 (Oregon)	34.208.190.79 52.24.59.168 52.39.60.41 52.26.142.61 54.213.143.171 54.218.131.166 Only required for Code Security integrations with on-premises environments 52.35.163.8 44.231.203.74 44.231.142.62	us-west1 (Oregon) Egress: 34.82.51.12 Ingress: 104.198.109.73	34.192.147.35/32 34.205.10.23/32 54.221.206.73/32 54.145.56.75/32 54.152.99.85/32 52.73.209.182/32
app4.prismacloud.io us-west-1 (N.California)	13.52.27.189 13.52.105.217 13.52.157.154 13.52.175.228 52.52.50.152 52.52.110.223 Only required for Code Security integrations with on-premises environments 50.18.117.136 54.215.44.246	us-west1 (Oregon) Egress: 35.233.225.166, 34.82.51.12 Ingress: 104.198.109.73	3.18.55.196/32 3.18.59.163/32 3.141.248.48/32 3.135.129.242/32 3.22.165.22/32 3.141.146.82/32
app5.prismacloud.io us-east-2 (Ohio)	3.128.141.242 3.129.241.104 3.130.104.173 3.136.191.187 13.59.109.178 18.190.115.80	us-east1 (South Carolina) Egress: 35.196.73.150, 34.75.54.101 Ingress: 34.74.84.51
app.anz.prismacloud.io ap-southeast-2 (Sydney)	3.104.252.91 13.210.254.18 13.239.110.68 52.62.75.140 52.62.194.176 54.66.215.148 Only required for Code Security integrations with on-premises environments 52.64.90.100 54.206.227.53	asia-northeast1 (Tokyo, Japan) or australia-southeast1 (Sydney, Australia) Egress: 35.194.113.255 or 35.244.121.190 Ingress: 35.200.123.236 or 35.189.44.184
app.ca.prismacloud.io ca-central-1 (Canada - Central)	15.223.59.158 15.223.96.201 15.223.127.111 52.60.127.179 99.79.30.121 35.182.209.121 Only required for Code Security integrations with on-premises environments 35.183.55.7 3.98.207.92	northamerica-northeast1 (Montréal, Québec) Egress: 35.203.59.190 Ingress: 35.203.31.67
app.prismacloud.cn cn-northwest-1 (Ningxia)	52.82.89.61 52.82.102.153 52.82.104.173 52.83.179.1 52.83.70.13 52.83.77.73	Compute SaaS not supported
app.ind.prismacloud.io	15.207.175.101 15.207.56.212 3.108.163.21 3.109.149.80 35.154.114.39 65.1.154.7	asia-south1-a (Mumbai) Egress: 35.200.249.161 Ingress: 35.200.140.118
app.uk.prismacloud.io eu-west2 (London)	3.9.200.0 18.133.126.85 18.134.251.157 18.168.9.241 18.168.51.89 35.176.57.39 Only required for Code Security integrations with on-premises environments 3.9.243.250 18.133.59.44	europe-west2 (London) Egress: 34.105.197.208 Ingress: 34.89.87.128
app.eu.prismacloud.io eu-central-1 (Frankfurt)	3.121.64.255 3.121.248.165 3.121.107.154 3.124.113.11 18.184.105.224 18.185.81.104 Only required for Code Security integrations with on-premises environments 3.69.215.10 18.159.139.221	europe-west3 (Frankfurt, Germany) Egress: 34.107.65.220 Ingress: 34.107.91.105	34.247.199.145/32 3.248.43.139/32 54.73.199.140/32 52.209.24.141/32 52.211.138.79/32 52.208.61.249/32
app2.eu.prismacloud.io eu-west-1 (Ireland)	18.200.200.125 3.248.26.245 99.81.226.57 52.208.244.121 18.200.207.86 63.32.161.197 Only required for Code Security integrations with on-premises environments 54.170.182.84 79.125.19.221	europe-west3 (Frankfurt, Germany) Egress: 34.89.249.72, 34.107.65.220 Ingress: 34.107.91.105	3.65.146.60/32 18.198.160.165/32 18.194.43.28/32 3.65.81.38/32 3.65.16.200/32 3.65.81.86/32
app.fr.prismacloud.io eu-west-3 (Paris)	15.188.106.72 15.188.116.74 13.38.189.211 15.188.209.236 15.188.0.67 35.181.110.153 Only required for Code Security integrations with on-premises environments 35.180.236.144 52.47.148.170	europe-west9 (Paris, France) Egress: 34.163.186.175 Ingress: 34.163.33.98
app.gov.prismacloud.io us-gov-west-1 (AWS GovCloud US-West)	15.200.146.166 15.200.89.211	us-west1 (Oregon) Egress: 35.233.225.166, 34.82.51.12 Ingress: 104.198.109.73
app.jp.prismacloud.io ap-northeast-1 (Tokyo)	13.114.192.248 13.230.74.246 18.180.127.96 35.75.84.20 35.76.22.242 54.249.107.1 Only required for Code Security integrations with on-premises environments 35.79.185.43 54.178.36.219	asia-northeast1-a (Tokyo, Japan, APAC) Egress: 35.200.123.236 Ingress: 35.194.113.255
app.sg.prismacloud.io ap-southeast-1 (Singapore)	13.250.248.219 18.139.183.196 52.76.28.40 52.76.70.227 52.221.36.124 52.221.157.53 Only required for Code Security integrations with on-premises environments 3.0.37.2 54.251.48.202	asia-southeast1 (Singapore) Egress: 35.198.194.238 Ingress: 34.87.137.141
Data Security on Prisma Cloud US	3.128.230.117 3.22.23.119 3.14.212.156
Data Security on Prisma Cloud EU	3.64.66.135 18.198.52.216 3.127.191.112

Egress-From Defenders to Console; Ingress-From Console in to your environment for alerts.

Due to compliance reasons, backup/Disaster Recovery (DR) IP addresses are not supported in some regions.

Prisma Cloud Administrative Console

Allow access to the following domains, to use the Prisma Cloud user interface:

Palo Alto Networks sub domains.

You can add *.paloaltonetworks.com to include all of the following URLs:

apps.paloaltonetworks.com

autofocus.paloaltonetworks.com

docs.paloaltonetworks.com

identity.paloaltonetworks.com

live.paloaltonetworks.com

support.paloaltonetworks.com

Some additional URLs are also required, for the Prisma Cloud Administrative Console.

Prisma Cloud tenant URL

The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. Your welcome email will include one of the following URLs that is specific to the tenant provisioned for you:

https://app.prismacloud.io

https://app2.prismacloud.io

https://app3.prismacloud.io

https://app4.prismacloud.io

https://app5.prismacloud.io

https://app.anz.prismacloud.io

https://app.ca.prismacloud.io

https://app.eu.prismacloud.io

https://app2.eu.prismacloud.io

https://app.fr.prismacloud.io

https://app.gov.prismacloud.io

https://app.ind.prismacloud.io

https://app.jp.prismacloud.io

https://app.sg.prismacloud.io

https://app.prismacloud.cn

https://app.uk.prismacloud.io

Prisma Cloud API interface

api*.*.prismacloud.io. See API URLs for your Prisma Cloud tenant.

URLs associated with the sign-in and status updates for Prisma Cloud

assets.adobedtm.com

cloudfront.net

dpm.demdex.net

google.com

google.com/recaptcha/

gstatic.com

gstatic.com/recaptcha/

polyfill.io

wss://*.prismacloud.io

Cloud Workload Protection (CWP) capabilities

*.twistlock.com, for access to the CWP capabilities available on the Compute
tab on the Prisma Cloud console.

Cloud Network Security (CNS) /Microsegmentation capabilities

*.network.prismacloud.io, for access to the Microsegmentation capabilities that are enabled on the Network Security
tab on the Prisma Cloud console.

Code Security capabilities

*.bridgecrew.cloud, for the Code Security capabilities that are enabled on the Code
and Settings
tab on the Prisma Cloud console.

To onboard a VCS/SCM integration or to scan Pull Requests, enable outbound communication from the VCS provider / on-prem server to the following IP addresses:

10.236.14.127

10.236.9.16

When using Checkov to scan repositories and report the findings, you must allow access to the following domains if:

You’re running Checkov within your pipeline, enable access for the machine running Checkov.

If you’re running the IDE extension on your local machine, enable access on the local machine.

Adoption Advisor *.ingest.sentry.io

Launch Darkly

*.launchdarkly.com, to enable preview access to features. Also refer to the public IP address list for Launch Darkly.

Pendo

Prisma Cloud uses Pendo for in-app analytics.

app.pendo.io

data.pendo.io

cdn.pendo.io

us.pendo.io, *.us.pendo.io

*.storage.googleapis.com

Feature request submissions

prismacloud.ideas.aha.io cdn.aha.io

secure.gravatar.com

s3.amazonaws.com

Images and fonts

use.typekit.net

p.typekit.net

fonts.googleapis.com

*.storage.googleapis.com

fonts.gstatic.com

mt.google.com

Palo Alto Support Portal and LiveCommunity

static.cloud.coveo.com

platform.cloud.coveo.com

nebula-cdn.kampyle.com

maxcdn.bootstrapcdn.com

use.fontawesome.com

ajax.googleapis.com

prod.hosted.lithcloud.com

static.hotjar.com

vars.hotjar.com

assets.adobedtm.com

paloaltonetworks.hosted.panopto.com

cdn.embed.ly

tag.demandbase.com

paloaltonetworks.d1.sc.omtrdc.net

cloudfront.net

cdn.pendo.io

data.pendo.io

firestore.googleapis.com

use.typekit.net

p.typekit.net

*.youtube.com

Document:Prisma™ Cloud Administrator's Guide

Enable Access to the Prisma Cloud Console

Table of Contents

Enable Access to the Prisma Cloud Console

NAT Gateway IP Addresses for Prisma Cloud

Prisma Cloud Administrative Console

Most Popular

Recommended For You

Prisma Cloud URL is on	API Gateway	S3 bucket for uploading findings	S3 bucket for routing to the correct S3 bucket
app3	api3.prismacloud.io	bc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.com	bc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.com
app0	api0.prismacloud.io	bc-scanner-results-469330042197-prod.s3.us-east-1.amazonaws.com	bc-scanner-results-469330042197-prod.s3.us-west-2.amazonaws.com
app	api.prismacloud.io	bc-scanner-results-838878234734-prod.s3.us-east-1.amazonaws.com	bc-scanner-results-838878234734-prod.s3.us-west-2.amazonaws.com
app2	api2.prismacloud.io	bc-scanner-results-612480224350-prod.s3.us-east-2.amazonaws.com	bc-scanner-results-612480224350-prod.s3.us-west-2.amazonaws.com
app4	api4.prismacloud.io	bc-scanner-results-540411623009-prod.s3.us-west-1.amazonaws.com	bc-scanner-results-540411623009-prod.s3.us-west-2.amazonaws.com
app5	api5.prismacloud.io	bc-scanner-results-700766934309-prod.s3.us-east-2.amazonaws.com	bc-scanner-results-700766934309-prod.s3.us-west-2.amazonaws.com
app.ca	api.ca.prismacloud.io	bc-scanner-results-205367576728-prod.s3.ca-central-1.amazonaws.com	bc-scanner-results-205367576728-prod.s3.us-west-2.amazonaws.com
app.eu	api.eu.prismacloud.io	bc-scanner-results-836922451682-prod.s3.eu-central-1.amazonaws.com	bc-scanner-results-836922451682-prod.s3.us-west-2.amazonaws.com
app2.eu	api2.eu.prismacloud.io	bc-scanner-results-800009193461-prod.s3.eu-west-1.amazonaws.com	bc-scanner-results-800009193461-prod.s3.us-west-2.amazonaws.com
app.fr	api.fr.prismacloud.io	bc-scanner-results-063178804405-prod.s3.eu-west-3.amazonaws.com	bc-scanner-results-063178804405-prod.s3.us-west-2.amazonaws.com
app-uk	api.uk.prismacloud.io	bc-scanner-results-580360239683-prod.s3.eu-west-2.amazonaws.com	bc-scanner-results-580360239683-prod.s3.us-west-2.amazonaws.com
app.jp	api.jp.prismacloud.io	bc-scanner-results-510882576293-prod.s3.ap-northeast-1.amazonaws.com	bc-scanner-results-510882576293-prod.s3.us-west-2.amazonaws.com
app.sg	api.sg.prismacloud.io	bc-scanner-results-277833049433-prod.s3.ap-southeast-1.amazonaws.com	bc-scanner-results-277833049433-prod.s3.us-west-2.amazonaws.com
app.anz	api.anz.prismacloud.io	bc-scanner-results-607751493482-prod.s3.ap-southeast-2.amazonaws.com	bc-scanner-results-607751493482-prod.s3.us-west-2.amazonaws.com

Document:Prisma™ Cloud Administrator's Guide

Enable Access to the Prisma Cloud Console

Table of Contents

Enable Access to the Prisma Cloud Console

NAT Gateway IP Addresses for Prisma Cloud

Prisma Cloud Administrative Console

Most Popular

Recommended For You

Recommended Videos