Enable Access to the Prisma Cloud Console

So that Prisma Cloud can connect to your cloud environments for monitoring and you can log in to the Prisma Cloud administrative console, you must allow the following IP addresses and hostnames that are used by different components which comprise the service.

NAT Gateway IP Addresses for Prisma Cloud

Prisma™ Cloud uses the following NAT gateway IP addresses. To ensure that you can access Prisma Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, or your agentless deployment or the Prisma Cloud Defenders to communicate with the Prisma Cloud Compute Console, review the list and update the IP addresses in your allow lists.
In the event of disruption due to a disaster, to help backup data in a timely manner, add the Disaster Recovery (DR) IP addresses to your allow lists.
To add these IP addresses to an allow list, you may need to work with your network security team. The configuration for where you set up the allow list is dependent on your network architecture and it could be your firewall, proxy, or the server itself.
  • The Prisma Cloud URL indicates the region where your tenant is deployed. For example, your tenant is on app3 if your URL is https://app3.prismacloud.io/.
  • On the
    Compute
    Manage
    System
    Utilities
    , find the region in the URL for
    Path to Console
    . Use that region to identify the destination IP address, which you must allow or add as trusted to access the Prisma Cloud Compute console. For example, if the URL is https://us-west1.cloud.twistlock.com/us-xxxxxx,
    us-west1
    indicates your Compute console region.
Use the table below to review the IP addresses to allow:
Egress
-From Defenders to Console;
Ingress
-From Console in to your environment.
On app3, which is https://app3.prismacloud.io/ for example, will need an outbound security rule for the Egress IP address 34.82.51.12. Compute requires only an outbound rule to Console for Agentless and Defender deployments communications. For sending alerts to your environment, you’d add an inbound security rule to the Ingress IP address 104.198.109.73.
To install Prisma Cloud Defenders in Kubernetes cluster, in addition to being able to connect to the Prisma Cloud Compute Console, the nodes in your cluster must be able to access the Prisma Cloud cloud registry at registry-auth.twistlock.com.
Prisma Cloud URL (AWS Region)
Source IP Address to Allow (Ingress)
Compute SaaS Console Region (GCP)
DR IP Address to Allow
app.prismacloud.io
us-east-1 (N.Virginia)
3.210.133.47
34.235.13.250
44.207.239.90
3.217.51.44
3.218.144.244
34.199.10.120
34.205.176.82
34.228.96.118
52.201.19.205
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 54.147.35.106
  • 3.210.87.2
us-east1 (South Carolina)
Egress: 34.75.54.101
Ingress: 34.74.84.51
52.25.108.159/32
34.213.129.111/32
44.242.81.208/32
52.40.100.6/32
54.71.172.241/32
44.236.217.120/32
app2.prismacloud.io
us-east-2 (Ohio)
18.116.185.157
18.223.154.151
3.136.199.10
3.16.7.30
13.59.164.228
18.191.115.70
18.218.243.39
18.221.72.80
18.223.141.221
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 3.139.149.174
  • 3.132.209.81
us-east1 (South Carolina)
Egress: 34.75.54.101
Ingress: 34.74.84.51
54.176.152.228/32
54.193.231.56/32
54.219.105.0/32
52.8.73.14/32
52.52.91.251/32
54.215.34.77/32
app3.prismacloud.io
us-west-2 (Oregon)
44.233.39.196
52.12.85.11
54.70.207.107
34.208.190.79
52.24.59.168
52.39.60.41
52.26.142.61
54.213.143.171
54.218.131.166
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 52.35.163.8
  • 44.231.203.74
  • 44.231.142.62
us-west1 (Oregon)
Egress: 34.82.51.12
Ingress: 104.198.109.73
34.192.147.35/32
34.205.10.23/32
54.221.206.73/32
54.145.56.75/32
54.152.99.85/32
52.73.209.182/32
app4.prismacloud.io
us-west-1 (N.California)
184.72.47.199
54.193.251.180
54.241.31.130
13.52.27.189
13.52.105.217
13.52.157.154
13.52.175.228
52.52.50.152
52.52.110.223
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 50.18.117.136
  • 54.215.44.246
us-west1 (Oregon)
Egress: 35.233.225.166, 34.82.51.12, 35.230.69.118, 34.82.138.152
Ingress: 104.198.109.73
3.18.55.196/32
3.18.59.163/32
3.141.248.48/32
3.135.129.242/32
3.22.165.22/32
3.141.146.82/32
app5.prismacloud.io
us-east-2 (Ohio)
3.128.141.242
3.129.241.104
3.130.104.173
3.136.191.187
13.59.109.178
18.190.115.80
us-east1 (South Carolina)
Egress: 35.196.73.150, 34.75.54.101
Ingress: 34.74.84.51
app.anz.prismacloud.io
ap-southeast-2 (Sydney)
13.55.65.214
3.104.84.8
54.66.162.181
3.104.252.91
13.210.254.18
13.239.110.68
52.62.75.140
52.62.194.176
54.66.215.148
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 52.64.90.100
  • 54.206.227.53
asia-northeast1 (Tokyo, Japan)
or
australia-southeast1 (Sydney, Australia)
Egress: 35.194.113.255 or 35.244.121.190
Ingress: 35.200.123.236 or 35.189.44.184
app.ca.prismacloud.io
ca-central-1 (Canada - Central)
3.97.19.141
3.97.195.202
3.97.251.220
15.223.59.158
15.223.96.201
15.223.127.111
52.60.127.179
99.79.30.121
35.182.209.121
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 35.183.55.7
  • 3.98.207.92
northamerica-northeast1 (Montréal, Québec)
Egress: 35.203.59.190
Ingress: 35.203.31.67
app.prismacloud.cn
cn-northwest-1 (Ningxia)
52.82.89.61
52.82.102.153
52.82.104.173
52.83.179.1
52.83.70.13
52.83.77.73
Compute SaaS not supported
app.ind.prismacloud.io
13.126.142.108
3.108.78.191
65.0.233.228
15.207.175.101
15.207.56.212
3.108.163.21
3.109.149.80
35.154.114.39
65.1.154.7
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 65.0.226.192
  • 13.127.213.101
asia-south1-a (Mumbai)
Egress: 35.200.249.161
Ingress: 35.200.140.118
app.uk.prismacloud.io
eu-west2 (London)
13.42.159.205
3.8.248.150
35.176.28.215
3.9.200.0
18.133.126.85
18.134.251.157
18.168.9.241
18.168.51.89
35.176.57.39
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 3.9.243.250
  • 18.133.59.44
europe-west2 (London)
Egress: 34.105.197.208
Ingress: 34.89.87.128
app.eu.prismacloud.io
eu-central-1 (Frankfurt)
18.184.42.114
3.73.209.143
3.75.34.63
3.121.64.255
3.121.248.165
3.121.107.154
18.184.105.224
18.185.81.104
52.29.141.235
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 3.69.215.10
  • 18.159.139.221
europe-west3 (Frankfurt, Germany)
Egress: 34.107.65.220
Ingress: 34.107.91.105
34.247.199.145/32
3.248.43.139/32
54.73.199.140/32
52.209.24.141/32
52.211.138.79/32
52.208.61.249/32
app2.eu.prismacloud.io
eu-west-1 (Ireland)
52.208.88.215
54.170.230.172
54.72.135.50
18.200.200.125
3.248.26.245
99.81.226.57
52.208.244.121
18.200.207.86
63.32.161.197
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 54.170.182.84
  • 79.125.19.221
europe-west3 (Frankfurt, Germany)
Egress: 34.89.249.72, 34.107.65.220
Ingress: 34.107.91.105
3.65.146.60/32
18.198.160.165/32
18.194.43.28/32
3.65.81.38/32
3.65.16.200/32
3.65.81.86/32
app.fr.prismacloud.io
eu-west-3 (Paris)
13.36.26.86
13.37.138.49
13.37.20.19
15.188.106.72
15.188.116.74
13.38.189.211
15.188.209.236
15.188.0.67
35.181.110.153
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 35.180.236.144
  • 52.47.148.170
europe-west9 (Paris, France)
Egress: 34.163.186.175
Ingress: 34.163.33.98
app.gov.prismacloud.io
us-gov-west-1 (AWS GovCloud US-West)
15.200.146.166
15.200.89.211
us-west1 (Oregon)
Egress: 35.233.225.166, 34.82.51.12
Ingress: 104.198.109.73
app.jp.prismacloud.io
ap-northeast-1 (Tokyo)
18.178.170.193
18.182.113.156
3.114.23.157
13.114.192.248
13.230.74.246
18.180.127.96
35.75.84.20
35.76.22.242
54.249.107.1
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 35.79.185.43
  • 54.178.36.219
asia-northeast1-a (Tokyo, Japan, APAC)
Egress: 35.200.123.236
Ingress: 35.194.113.255
app.sg.prismacloud.io
ap-southeast-1 (Singapore)
13.251.200.128
18.136.72.0
18.139.106.36
13.250.248.219
18.139.183.196
52.76.28.40
52.76.70.227
52.221.36.124
52.221.157.53
Required for Code Security integrations with network restrictions, such as self-hosted code environments.
  • 3.0.37.2
  • 54.251.48.202
asia-southeast1 (Singapore)
Egress: 35.198.194.238
Ingress: 34.87.137.141
Data Security on Prisma Cloud US
3.128.230.117
3.14.212.156
3.22.23.119
20.9.80.30
20.9.81.254
20.228.128.132
20.228.250.145
20.253.198.116
20.253.198.147
Data Security on Prisma Cloud EU
3.64.66.135
18.198.52.216
3.127.191.112
20.223.237.240
20.238.97.44
20.26.194.122
51.142.252.210
51.124.198.75
51.124.199.134
Due to compliance reasons, backup/Disaster Recovery (DR) IP addresses are not supported in some regions.

Prisma Cloud Administrative Console

Allow access to the following domains, to use the Prisma Cloud user interface:
  • When using Checkov to scan repositories and report the findings, you must allow access to the following domains if:
    You’re running Checkov within your pipeline, enable access for the machine running Checkov.
    If you’re running the IDE extension on your local machine, enable access on the local machine.
    Prisma Cloud URL is on
    API Gateway
    S3 bucket for uploading findings
    S3 bucket for routing to the correct S3 bucket
    app3
    api3.prismacloud.io
    bc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.com
    bc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.com
    app0
    api0.prismacloud.io
    bc-scanner-results-469330042197-prod.s3.us-east-1.amazonaws.com
    bc-scanner-results-469330042197-prod.s3.us-west-2.amazonaws.com
    app
    api.prismacloud.io
    bc-scanner-results-838878234734-prod.s3.us-east-1.amazonaws.com
    bc-scanner-results-838878234734-prod.s3.us-west-2.amazonaws.com
    app2
    api2.prismacloud.io
    bc-scanner-results-612480224350-prod.s3.us-east-2.amazonaws.com
    bc-scanner-results-612480224350-prod.s3.us-west-2.amazonaws.com
    app4
    api4.prismacloud.io
    bc-scanner-results-540411623009-prod.s3.us-west-1.amazonaws.com
    bc-scanner-results-540411623009-prod.s3.us-west-2.amazonaws.com
    app5
    api5.prismacloud.io
    bc-scanner-results-700766934309-prod.s3.us-east-2.amazonaws.com
    bc-scanner-results-700766934309-prod.s3.us-west-2.amazonaws.com
    app.ca
    api.ca.prismacloud.io
    bc-scanner-results-205367576728-prod.s3.ca-central-1.amazonaws.com
    bc-scanner-results-205367576728-prod.s3.us-west-2.amazonaws.com
    app.eu
    api.eu.prismacloud.io
    bc-scanner-results-836922451682-prod.s3.eu-central-1.amazonaws.com
    bc-scanner-results-836922451682-prod.s3.us-west-2.amazonaws.com
    app2.eu
    api2.eu.prismacloud.io
    bc-scanner-results-800009193461-prod.s3.eu-west-1.amazonaws.com
    bc-scanner-results-800009193461-prod.s3.us-west-2.amazonaws.com
    app.ind
    api.ind.prismacloud.io
    bc-scanner-results-018169107740-prod.s3.ap-south-1.amazonaws.com
    bc-scanner-results-018169107740-prod.s3.us-west-2.amazonaws.com
    app.fr
    api.fr.prismacloud.io
    bc-scanner-results-063178804405-prod.s3.eu-west-3.amazonaws.com
    bc-scanner-results-063178804405-prod.s3.us-west-2.amazonaws.com
    app-uk
    api.uk.prismacloud.io
    bc-scanner-results-580360239683-prod.s3.eu-west-2.amazonaws.com
    bc-scanner-results-580360239683-prod.s3.us-west-2.amazonaws.com
    app.jp
    api.jp.prismacloud.io
    bc-scanner-results-510882576293-prod.s3.ap-northeast-1.amazonaws.com
    bc-scanner-results-510882576293-prod.s3.us-west-2.amazonaws.com
    app.sg
    api.sg.prismacloud.io
    bc-scanner-results-277833049433-prod.s3.ap-southeast-1.amazonaws.com
    bc-scanner-results-277833049433-prod.s3.us-west-2.amazonaws.com
    app.anz
    api.anz.prismacloud.io
    bc-scanner-results-607751493482-prod.s3.ap-southeast-2.amazonaws.com
    bc-scanner-results-607751493482-prod.s3.us-west-2.amazonaws.com
    • Adoption Advisor *.ingest.sentry.io
    • Launch Darkly
      *.launchdarkly.com, to enable preview access to features. Also refer to the public IP address list for Launch Darkly.
    • Pendo
      Prisma Cloud uses Pendo for in-app analytics.
  • app.pendo.io
  • data.pendo.io
  • cdn.pendo.io
  • us.pendo.io, *.us.pendo.io
  • *.storage.googleapis.com
    • Feature request submissions
  • prismacloud.ideas.aha.io cdn.aha.io
  • secure.gravatar.com
  • s3.amazonaws.com
    • Images and fonts
  • use.typekit.net
  • p.typekit.net
  • fonts.googleapis.com
  • *.storage.googleapis.com
  • fonts.gstatic.com
  • mt.google.com
    • Palo Alto Support Portal and LiveCommunity
  • static.cloud.coveo.com
  • platform.cloud.coveo.com
  • nebula-cdn.kampyle.com
  • maxcdn.bootstrapcdn.com
  • use.fontawesome.com
  • ajax.googleapis.com
  • prod.hosted.lithcloud.com
  • static.hotjar.com
  • vars.hotjar.com
  • assets.adobedtm.com
  • paloaltonetworks.hosted.panopto.com
  • cdn.embed.ly
  • tag.demandbase.com
  • paloaltonetworks.d1.sc.omtrdc.net
  • cloudfront.net
  • cdn.pendo.io
  • data.pendo.io
  • firestore.googleapis.com
  • use.typekit.net
  • p.typekit.net
  • *.youtube.com

Recommended For You