Allow IP Addresses in Firewall Configuration

The purpose of this document is to maintain all services that run on the ION device that require you to open ports on external firewalls.
The public IP addresses for customer firewall configurations use a domain-based ACL / Firewall Rule. These public IPs are subject to change.
To ensure smooth functioning of the Prisma SD-WAN services, allow the following IP URLs and/or IP addresses.
Service Name
Protocol
Port
Direction
Source Interface IP
Destination and IP Addresses
IPSec for Prisma SD-WAN and Standard VPNs
UDP
4500
Outbound at both Data Center and Branch.
Inbound at least at one side of the connection.
Internet Port IP on both ION devices.
Private WAN port IP on Branch for VPNoMPLS.
Peering Port on the Data Center side for VPNoMPLS.
Internet Port IP on both ION devices.
Private WAN port IP on Branch for VPNoMPLS.
Peering Port on the Data Center side for VPNoMPLS.
ESP for Prisma SD-WAN and Standard VPNs
IP proto 50
NA
Outbound and Inbound
Internet Port IP on both ION devices.
Private WAN port IP on Branch for VPNoMPLS.
Peering Port on the Data Center side for VPNoMPLS.
Internet Port IP on both ION devices.
Private WAN port IP on Branch for VPNoMPLS.
Peering Port on the Data Center side for VPNoMPLS.
Prisma SD-WAN access to web interface
TCP
443
Outbound
Client PC
https://login.cloudgenix.com
https://portal.cloudgenix.com
https://api.cloudgenix.com
https://login.elcapitan.cloudgenix.com
https://portal.elcapitan.cloudgenix.com
https://portal.hood.cloudgenix.com/
https://login.hood.cloudgenix.com/
Prisma SD-WAN access to API Endpoints
TCP
443
Outbound
Client PC
https://api.elcapitan.cloudgenix.com
https://api.sugarloaf.cloudgenix.com
https://api.hood.cloudgenix.com
ION Device to Prisma SD-WAN Cloud Controller
TCP
443
Outbound
ION Controller Port IP Address (primary)
ION Internet Port IP Address (backup)
https://controller.cgnx.net
Address: 52.8.93.87
Address: 52.8.25.40
https://locator.cgnx.net
Address: 13.56.217.238
Address: 13.56.201.169
https://vmfg.cgnx.net
Address: 52.53.122.104
Address: 52.53.102.7
https://controller.elcapitan.cgnx.net
Address: 52.8.93.87
Address: 52.8.25.40
https://vmfg.elcapitan.cgnx.net
Address: 52.53.122.104
Address: 52.53.102.7
https://controller.hood.cgnx.net
Address: 52.32.167.5
Address: 54.70.168.33
https://vmfg.hood.cgnx.net
Address: 50.112.136.184
Address: 34.210.34.87
https://controller.sugarloaf.cgnx.net
Address: 108.128.176.192
Address: 18.200.144.58
https://vmfg.sugarloaf.cgnx.net
Address: 99.81.179.99
Address: 99.80.52.255
Bandwidth Monitoring
TCP and UDP
443
Outbound
ION Controller Port IP Address
ION Internet Port IP Address
Peer DC ION 7K Peering Interface IP Addresses
Cloud service at pcm.cgnx.net
52.25.78.62
34.212.76.47
54.172.15.178
52.207.248.9
Link Quality
TCP and UDP
443
Outbound
ION Controller Port IP Address
VPN Tunnel Internal IP Address
Peer DC ION Peering Interface IP Addresses
Prisma SD-WAN Web Interface
TCP
443
Outbound
Client PC (or NAT IP on ION)
portal.cloudgenix.com
login.cloudgenx.com
api.cloudgenix.com
portal.elcapitan.cloudgenix.com
login.elcapitan.cloudgenx.com
api.elcpaitancloudgenix.com
52.8.33.74
52.8.122.116
NTP
UDP
123
Outbound
ION Controller Port IP Address
ION Internet Port IP Address
time.nist.gov
DNS
UDP and TCP
53
Outbound
ION Controller Port IP Address
ION Internet Port IP Address
Customer or Provider DNS servers
WAN Layer 3
Reachability
ICMP
Outbound
ION Internet Port IP Address
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
WAN Layer 3
Reachability
TCP
80
Outbound
ION Internet Port IP Address
captive.apple.com
clients3.google.com

Recommended For You