Enable Access to the Prisma Cloud Console

List of NAT Gateway IP addresses for Prisma™ Cloud and the URLs/domains that you must add to an allow list.
So that Prisma Cloud can connect to your cloud environments for monitoring and you can log in to the Prisma Cloud administrative console, you must allow the following IP addresses and hostnames that are used by different components which comprise the service.

NAT Gateway IP Addresses for Prisma Cloud

Prisma™ Cloud uses the following NAT gateway IP addresses. To ensure that you can access Prisma Cloud and the API for any integrations that you enabled between Prisma Cloud and your incidence response workflows, or for your Prisma Cloud Defenders to communicate with the Prisma Cloud Compute Console, review the list and update the IP addresses in your allow lists. In the event of disruption due to a disaster, to help backup data in a timely manner, add the Disaster Recovery (DR) IP addresses to your allow lists.
  • The Prisma Cloud URL indicates the region where your tenant is deployed. For example, your tenant is on app3 if your URL is https://app3.prismacloud.io/.
  • On the
    Compute
    Manage
    System
    Utilities
    , find the region in the URL for
    Path to Console
    . Use that region to identify the destination IP address, which you must allow or add as trusted to access the Prisma Cloud Compute console. For example, if the URL is https://us-west1.cloud.twistlock.com/us-xxxxxx,
    us-west1
    indicates your Compute console region.
    To install Prisma Cloud Defenders in Kubernetes cluster, in addition to being able to connect to the Prisma Cloud Compute Console, the nodes in your cluster must be able to access the Prisma Cloud cloud registry at registry-auth.twistlock.com.
Prisma Cloud URL (AWS Region)
Source IP Address to Allow
Compute SaaS Console Region (GCP)
DR IP Address to Allow
app.prismacloud.io
us-east-1 (N.Virginia)
3.217.51.44
3.218.144.244
34.199.10.120
34.205.176.82
34.228.96.118
52.201.19.205
us-east1 (South Carolina)
Egress: 34.75.54.101
Ingress: 34.74.84.51
52.25.108.159/32
34.213.129.111/32
44.242.81.208/32
52.40.100.6/32
54.71.172.241/32
44.236.217.120/32
app2.prismacloud.io
us-east-2 (Ohio)
3.16.7.30
13.59.164.228
18.191.115.70
18.218.243.39
18.221.72.80
18.223.141.221
us-east1 (South Carolina)
Egress: 34.75.54.101
Ingress: 34.74.84.51
54.176.152.228/32
54.193.231.56/32
54.219.105.0/32
52.8.73.14/32
52.52.91.251/32
54.215.34.77/32
app3.prismacloud.io
us-west-2 (Oregon)
34.208.190.79
52.24.59.168
52.39.60.41
52.26.142.61
54.213.143.171
54.218.131.166
us-west1 (Oregon)
Egress: 34.82.51.12
Ingress: 104.198.109.73
34.192.147.35/32
34.205.10.23/32
54.221.206.73/32
54.145.56.75/32
54.152.99.85/32
52.73.209.182/32
app4.prismacloud.io
us-west-1 (N.California)
13.52.27.189
13.52.105.217
13.52.157.154
13.52.175.228
52.52.50.152
52.52.110.223
us-west1 (Oregon)
Egress: 35.233.225.166, 34.82.51.12
Ingress: 104.198.109.73
3.18.55.196/32
3.18.59.163/32
3.141.248.48/32
3.135.129.242/32
3.22.165.22/32
3.141.146.82/32
app5.prismacloud.io
us-east-2 (Ohio)
3.128.141.242
3.129.241.104
3.130.104.173
3.136.191.187
13.59.109.178
18.190.115.80
us-east1 (South Carolina)
Egress: 35.196.73.150, 34.75.54.101
Ingress: 34.74.84.51
app.anz.prismacloud.io
ap-southeast-2 (Sydney)
3.104.252.91
13.210.254.18
13.239.110.68
52.62.75.140
52.62.194.176
54.66.215.148
asia-northeast1 (Tokyo, Japan
or
australia-southeast1 (Sydney, Australia)
Egress: 35.194.113.255 or 35.244.121.190
Ingress: 35.200.123.236 or 35.189.44.184
app.ca.prismacloud.io
ca-central-1 (Canada - Central)
15.223.59.158
15.223.96.201
15.223.127.111
52.60.127.179
99.79.30.121
35.182.209.121
northamerica-northeast1 (Montréal, Québec)
Egress: 35.203.59.190
Ingress: 35.203.31.67
app.prismacloud.cn
cn-northwest-1 (Ningxia)
52.82.89.61
52.82.102.153
52.82.104.173
52.83.179.1
52.83.70.13
52.83.77.73
Compute SaaS not supported
app.ind.prismacloud.io
15.207.175.101
15.207.56.212
3.108.163.21
3.109.149.80
35.154.114.39
65.1.154.7
asia-south1-a(Mumbai)
Egress: 35.200.249.161
Ingress: 35.200.140.118
app.uk.prismacloud.io
eu-west2 (London)
3.9.200.0
18.133.126.85
18.134.251.157
18.168.9.241
18.168.51.89
35.176.57.39
europe-west2 (London)
Egress: 34.105.197.208
Ingress: 34.89.87.128
app.eu.prismacloud.io
eu-central-1 (Frankfurt)
3.121.64.255
3.121.248.165
3.121.107.154
3.124.113.11
18.184.105.224
18.185.81.104
europe-west3 (Frankfurt, Germany)
Egress: 34.107.65.220
Ingress: 34.107.91.105
34.247.199.145/32
3.248.43.139/32
54.73.199.140/32
52.209.24.141/32
52.211.138.79/32
52.208.61.249/32
app2.eu.prismacloud.io
eu-west-1 (Ireland)
18.200.200.125
3.248.26.245
99.81.226.57
52.208.244.121
18.200.207.86
63.32.161.197
europe-west3 (Frankfurt, Germany)
Egress: 34.89.249.72, 34.107.65.220
Ingress: 34.107.91.105
3.65.146.60/32
18.198.160.165/32
18.194.43.28/32
3.65.81.38/32
3.65.16.200/32
3.65.81.86/32
app.gov.prismacloud.io
us-gov-west-1 (AWS GovCloud US-West)
15.200.20.182
52.222.38.70
52.61.207.0
15.200.68.21
us-west1 (Oregon)
Egress: 35.233.225.166, 34.82.51.12
Ingress: 104.198.109.73
app.sg.prismacloud.io
ap-southeast-1 (Singapore)
13.250.248.219
18.139.183.196
52.76.28.40
52.76.70.227
52.221.36.124
52.221.157.53
asia-southeast1 (Singapore)
Egress: 35.198.194.238
Ingress: 34.87.137.141
Data Security on Prisma Cloud
3.128.230.117
3.22.23.119
3.14.212.156
Egress-From Defenders to Console; Ingress-From Console in to your environment for alerts.
Due to compliance reasons, backup is not supported in some regions.

Prisma Cloud Administrative Console

Allow access to the following domains, to use the Prisma Cloud user interface:
  • *.paloaltonetworks.com
    • apps.paloaltonetworks.com
    • autofocus.paloaltonetworks.com
    • docs.paloaltonetworks.com
    • identity.paloaltonetworks.com
    • live.paloaltonetworks.com
    • login.paloaltonetworks.com
    • support.paloaltonetworks.com
      Some additional URLs are also required, for the linked support domains.
  • The URL for Prisma Cloud varies depending on the region and cluster on which your tenant is deployed. Your welcome email will include one of the following URLs that is specific to the tenant provisioned for you:
    • https://app.prismacloud.io
    • https://app2.prismacloud.io
    • https://app3.prismacloud.io
    • https://app4.prismacloud.io
    • https://app.ca.prismacloud.io
    • https://app.eu.prismacloud.io
    • https://app2.eu.prismacloud.io
    • https://app.anz.prismacloud.io
    • https://app.gov.prismacloud.io
    • https://app.ind.prismacloud.io
    • https://app.sg.prismacloud.io
    • https://app.prismacloud.cn
    • https://app.uk.prismacloud.io
  • api*.*.prismacloud.io. See API URLs for your Prisma Cloud tenant.
  • URLs associated with the sign-in and status updates for Prisma Cloud
    • assets.adobedtm.com
    • cloudfront.net
    • dpm.demdex.net
    • google.com
    • google.com/recaptcha/
    • gstatic.com
    • gstatic.com/recaptcha/
    • polyfill.io
  • wss://*.prismacloud.io
  • *.twistlock.com
    For the Cloud Workload Protection (CWP) capabilities that are enabled on the
    Compute
    tab on the Prisma Cloud console.
  • *.network.prismacloud.io
    For the Cloud Network Security (CNS) /Microsegmentation capabilities that are enabled on the
    Network Security
    tab on the Prisma Cloud console.
  • *.ingest.sentry.io
    For the
    Adoption Advisor
    .
  • *.launchdarkly.com
    Prisma Cloud uses the Launch Darkly service to enable preview access to features. Also refer to the public IP address list for Launch Darkly.
  • *.pendo.io
    • app.pendo.io
    • data.pendo.io
    • cdn.pendo.io
    • us.pendo.io
    • *.storage.googleapis.com
  • Feature request submissions
    • prismacloud.ideas.aha.io cdn.aha.io
    • secure.gravatar.com
    • s3.amazonaws.com
  • Images and fonts
    • use.typekit.net
    • p.typekit.net
    • fonts.googleapis.com
    • *.storage.googleapis.com
    • fonts.gstatic.com
    • mt.google.com
  • Palo Alto Support Portal and LiveCommunity
    • static.cloud.coveo.com
    • platform.cloud.coveo.com
    • nebula-cdn.kampyle.com
    • maxcdn.bootstrapcdn.com
    • use.fontawesome.com
    • ajax.googleapis.com
    • prod.hosted.lithcloud.com
    • static.hotjar.com
    • vars.hotjar.com
    • assets.adobedtm.com
    • paloaltonetworks.hosted.panopto.com
    • cdn.embed.ly
    • tag.demandbase.com
    • paloaltonetworks.d1.sc.omtrdc.net
    • cloudfront.net
    • cdn.pendo.io
    • data.pendo.io
    • firestore.googleapis.com
    • use.typekit.net
    • p.typekit.net
    • *.youtube.com

Recommended For You