Enable Access to the Prisma Cloud Console
List of NAT Gateway IP addresses for Prisma™ Cloud and
the URLs/domains that you must add to an allow list.
So that Prisma Cloud can connect to your cloud environments
for monitoring and you can log in to the Prisma Cloud administrative
console, you must allow the following IP addresses and hostnames
that are used by different components which comprise the service.
NAT Gateway IP Addresses for Prisma Cloud
Prisma™ Cloud uses the following NAT
gateway IP addresses. To ensure that you can access Prisma Cloud
and the API for any integrations that you enabled between Prisma
Cloud and your incidence response workflows, or for your Prisma
Cloud Defenders to communicate with the Prisma Cloud Compute Console,
review the list and update the IP addresses in your allow lists.
In the event of disruption due to a disaster, to help backup data
in a timely manner, add the Disaster Recovery (DR) IP addresses
to your allow lists.
- The Prisma Cloud URL indicates the region where your tenant is deployed. For example, your tenant is on app3 if your URL is https://app3.prismacloud.io/.
- On the, find the region in the URL forComputeManageSystemUtilitiesPath to Console. Use that region to identify the destination IP address, which you must allow or add as trusted to access the Prisma Cloud Compute console. For example, if the URL is https://us-west1.cloud.twistlock.com/us-xxxxxx,us-west1indicates your Compute console region.To install Prisma Cloud Defenders in Kubernetes cluster, in addition to being able to connect to the Prisma Cloud Compute Console, the nodes in your cluster must be able to access the Prisma Cloud cloud registry at registry-auth.twistlock.com.
Prisma Cloud URL (AWS Region) | Source IP Address to Allow | Compute SaaS Console Region (GCP) | DR IP Address to Allow |
---|---|---|---|
app.prismacloud.io us-east-1 (N.Virginia) | 3.217.51.44 3.218.144.244 34.199.10.120 34.205.176.82 34.228.96.118 52.201.19.205 Only
required for Code Security integrations with on-premises environments
| us-east1 (South Carolina) Egress: 34.75.54.101 Ingress: 34.74.84.51 | 52.25.108.159/32 34.213.129.111/32 44.242.81.208/32 52.40.100.6/32 54.71.172.241/32 44.236.217.120/32 |
app2.prismacloud.io us-east-2 (Ohio) | 3.16.7.30 13.59.164.228 18.191.115.70 18.218.243.39 18.221.72.80 18.223.141.221 Only
required for Code Security integrations with on-premises environments
| us-east1 (South Carolina) Egress: 34.75.54.101 Ingress: 34.74.84.51 | 54.176.152.228/32 54.193.231.56/32 54.219.105.0/32 52.8.73.14/32 52.52.91.251/32 54.215.34.77/32 |
app3.prismacloud.io us-west-2 (Oregon) | 34.208.190.79 52.24.59.168 52.39.60.41 52.26.142.61 54.213.143.171 54.218.131.166 Only
required for Code Security integrations with on-premises environments
| us-west1 (Oregon) Egress: 34.82.51.12 Ingress: 104.198.109.73 | 34.192.147.35/32 34.205.10.23/32 54.221.206.73/32 54.145.56.75/32 54.152.99.85/32 52.73.209.182/32 |
app4.prismacloud.io us-west-1 (N.California) | 13.52.27.189 13.52.105.217 13.52.157.154 13.52.175.228 52.52.50.152 52.52.110.223 Only
required for Code Security integrations with on-premises environments
| us-west1 (Oregon) Egress: 35.233.225.166, 34.82.51.12 Ingress: 104.198.109.73 | 3.18.55.196/32 3.18.59.163/32 3.141.248.48/32 3.135.129.242/32 3.22.165.22/32 3.141.146.82/32 |
app5.prismacloud.io us-east-2 (Ohio) | 3.128.141.242 3.129.241.104 3.130.104.173 3.136.191.187 13.59.109.178 18.190.115.80 | us-east1 (South Carolina) Egress: 35.196.73.150, 34.75.54.101 Ingress: 34.74.84.51 | |
app.anz.prismacloud.io ap-southeast-2 (Sydney) | 3.104.252.91 13.210.254.18 13.239.110.68 52.62.75.140 52.62.194.176 54.66.215.148 Only
required for Code Security integrations with on-premises environments
| asia-northeast1 (Tokyo, Japan or australia-southeast1
(Sydney, Australia) Egress: 35.194.113.255 or 35.244.121.190 Ingress: 35.200.123.236
or 35.189.44.184 | |
app.ca.prismacloud.io ca-central-1 (Canada
- Central) | 15.223.59.158 15.223.96.201 15.223.127.111 52.60.127.179 99.79.30.121 35.182.209.121 Only
required for Code Security integrations with on-premises environments
| northamerica-northeast1 (Montréal, Québec) Egress: 35.203.59.190 Ingress: 35.203.31.67 | |
app.prismacloud.cn cn-northwest-1 (Ningxia) | 52.82.89.61 52.82.102.153 52.82.104.173 52.83.179.1 52.83.70.13 52.83.77.73 | Compute SaaS not supported | |
app.ind.prismacloud.io | 15.207.175.101 15.207.56.212 3.108.163.21 3.109.149.80 35.154.114.39 65.1.154.7 | asia-south1-a(Mumbai) Egress: 35.200.249.161 Ingress: 35.200.140.118 | |
app.uk.prismacloud.io eu-west2 (London) | 3.9.200.0 18.133.126.85 18.134.251.157 18.168.9.241 18.168.51.89 35.176.57.39 Only
required for Code Security integrations with on-premises environments
| europe-west2 (London) Egress: 34.105.197.208 Ingress: 34.89.87.128 | |
app.eu.prismacloud.io eu-central-1 (Frankfurt) | 3.121.64.255 3.121.248.165 3.121.107.154 3.124.113.11 18.184.105.224 18.185.81.104 Only
required for Code Security integrations with on-premises environments
| europe-west3 (Frankfurt, Germany) Egress: 34.107.65.220 Ingress: 34.107.91.105 | 34.247.199.145/32 3.248.43.139/32 54.73.199.140/32 52.209.24.141/32 52.211.138.79/32 52.208.61.249/32 |
app2.eu.prismacloud.io eu-west-1 (Ireland) | 18.200.200.125 3.248.26.245 99.81.226.57 52.208.244.121 18.200.207.86 63.32.161.197 Only
required for Code Security integrations with on-premises environments
| europe-west3 (Frankfurt, Germany) Egress: 34.89.249.72, 34.107.65.220 Ingress: 34.107.91.105 | 3.65.146.60/32 18.198.160.165/32 18.194.43.28/32 3.65.81.38/32 3.65.16.200/32 3.65.81.86/32 |
app.gov.prismacloud.io us-gov-west-1 (AWS
GovCloud US-West) | 15.200.146.166 15.200.89.211 | us-west1 (Oregon) Egress: 35.233.225.166, 34.82.51.12 Ingress: 104.198.109.73 | |
app.sg.prismacloud.io ap-southeast-1 (Singapore) | 13.250.248.219 18.139.183.196 52.76.28.40 52.76.70.227 52.221.36.124 52.221.157.53 Only
required for Code Security integrations with on-premises environments
| asia-southeast1 (Singapore) Egress: 35.198.194.238 Ingress: 34.87.137.141 | |
Data Security on Prisma Cloud | 3.128.230.117 3.22.23.119 3.14.212.156 |
Egress-From Defenders to Console; Ingress-From Console in to
your environment for alerts.
Due to compliance reasons, backup/Disaster Recovery (DR) IP addresses
are not supported in some regions.
Prisma Cloud Administrative Console
Allow
access to the following domains, to use the Prisma Cloud user interface:
- Palo Alto Networks sub domains.You can add *.paloaltonetworks.com to include all of the following URLs:
- apps.paloaltonetworks.com
- autofocus.paloaltonetworks.com
- docs.paloaltonetworks.com
- identity.paloaltonetworks.com
- live.paloaltonetworks.com
- login.paloaltonetworks.com
- support.paloaltonetworks.comSome additional URLs are also required, for the linked support domains.
- Prisma Cloud tenant URLThe URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. Your welcome email will include one of the following URLs that is specific to the tenant provisioned for you:
- https://app.prismacloud.io
- https://app2.prismacloud.io
- https://app3.prismacloud.io
- https://app4.prismacloud.io
- https://app5.prismacloud.io
- https://app.anz.prismacloud.io
- https://app.ca.prismacloud.io
- https://app.eu.prismacloud.io
- https://app2.eu.prismacloud.io
- https://app.gov.prismacloud.io
- https://app.ind.prismacloud.io
- https://app.sg.prismacloud.io
- https://app.prismacloud.cn
- https://app.uk.prismacloud.io
- Prisma Cloud API interfaceapi*.*.prismacloud.io. See API URLs for your Prisma Cloud tenant.
- URLs associated with the sign-in and status updates for Prisma Cloud
- assets.adobedtm.com
- cloudfront.net
- dpm.demdex.net
- google.com
- google.com/recaptcha/
- gstatic.com
- gstatic.com/recaptcha/
- polyfill.io
- wss://*.prismacloud.io
- Cloud Workload Protection (CWP) capabilities*.twistlock.com, for access to the CWP capabilities available on theComputetab on the Prisma Cloud console.
- Cloud Network Security (CNS) /Microsegmentation capabilities*.network.prismacloud.io, for access to the Microsegmentation capabilities that are enabled on theNetwork Securitytab on the Prisma Cloud console.
- Code Security capabilities
- *.bridgecrew.cloud, for the Code Security capabilities that are enabled on theCodeandSettingstab on the Prisma Cloud console.
- To onboard a VCS/SCM integration or to scan Pull Requests, enable outbound communication from the VCS provider / on-prem server to the following IP addresses:
- 10.236.14.127
- 10.236.9.16
- When using Checkov to scan repositories and report the findings, you must allow access to the following domains if:You’re running Checkov within your pipeline, enable access for the machine running Checkov.If you’re running the IDE extension on your local machine, enable access on the local machine.Prisma Cloud URL is onAPI GatewayS3 bucket for uploading findingsS3 bucket for routing to the correct S3 bucketapp3api3.prismacloud.iobc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.combc-scanner-results-890234264427-prod.s3.us-west-2.amazonaws.comapp0api0.prismacloud.iobc-scanner-results-469330042197-prod.s3.us-east-1.amazonaws.combc-scanner-results-469330042197-prod.s3.us-west-2.amazonaws.comappapi.prismacloud.iobc-scanner-results-838878234734-prod.s3.us-east-1.amazonaws.combc-scanner-results-838878234734-prod.s3.us-west-2.amazonaws.comapp2api2.prismacloud.iobc-scanner-results-612480224350-prod.s3.us-east-2.amazonaws.combc-scanner-results-612480224350-prod.s3.us-west-2.amazonaws.comapp4api4.prismacloud.iobc-scanner-results-540411623009-prod.s3.us-west-1.amazonaws.combc-scanner-results-540411623009-prod.s3.us-west-2.amazonaws.comapp5api5.prismacloud.iobc-scanner-results-700766934309-prod.s3.us-east-2.amazonaws.combc-scanner-results-700766934309-prod.s3.us-west-2.amazonaws.comapp.caapi.ca.prismacloud.iobc-scanner-results-205367576728-prod.s3.ca-central-1.amazonaws.combc-scanner-results-205367576728-prod.s3.us-west-2.amazonaws.comapp.euapi.eu.prismacloud.iobc-scanner-results-836922451682-prod.s3.eu-central-1.amazonaws.combc-scanner-results-836922451682-prod.s3.us-west-2.amazonaws.comapp2.euapi2.eu.prismacloud.iobc-scanner-results-800009193461-prod.s3.eu-west-1.amazonaws.combc-scanner-results-800009193461-prod.s3.us-west-2.amazonaws.comapp-ukapi.uk.prismacloud.iobc-scanner-results-580360239683-prod.s3.eu-west-2.amazonaws.combc-scanner-results-580360239683-prod.s3.us-west-2.amazonaws.comapp.sgapi.sg.prismacloud.iobc-scanner-results-277833049433-prod.s3.ap-southeast-1.amazonaws.combc-scanner-results-277833049433-prod.s3.us-west-2.amazonaws.comapp.anzapi.anz.prismacloud.iobc-scanner-results-607751493482-prod.s3.ap-southeast-2.amazonaws.combc-scanner-results-607751493482-prod.s3.us-west-2.amazonaws.com
- Adoption Advisor*.ingest.sentry.io
- Launch Darkly*.launchdarkly.com, to enable preview access to features. Also refer to the public IP address list for Launch Darkly.
- PendoPrisma Cloud uses Pendo for in-app analytics.
- app.pendo.io
- data.pendo.io
- cdn.pendo.io
- us.pendo.io, *.us.pendo.io
- *.storage.googleapis.com
- Feature request submissions
- prismacloud.ideas.aha.io cdn.aha.io
- secure.gravatar.com
- s3.amazonaws.com
- Images and fonts
- use.typekit.net
- p.typekit.net
- fonts.googleapis.com
- *.storage.googleapis.com
- fonts.gstatic.com
- mt.google.com
- Palo Alto Support Portal and LiveCommunity
- static.cloud.coveo.com
- platform.cloud.coveo.com
- nebula-cdn.kampyle.com
- maxcdn.bootstrapcdn.com
- use.fontawesome.com
- ajax.googleapis.com
- prod.hosted.lithcloud.com
- static.hotjar.com
- vars.hotjar.com
- assets.adobedtm.com
- paloaltonetworks.hosted.panopto.com
- cdn.embed.ly
- tag.demandbase.com
- paloaltonetworks.d1.sc.omtrdc.net
- cloudfront.net
- cdn.pendo.io
- data.pendo.io
- firestore.googleapis.com
- use.typekit.net
- p.typekit.net
- *.youtube.com
Recommended For You
Recommended Videos
Recommended videos not found.