Regional egress resources - Administrator Guide - Cortex XSIAM - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation
Product
Cortex XDR
License
XDR + Cloud
Creation date
2025-07-13
Last date published
2026-06-04
Category
Administrator Guide

These are the core resources specific to your selected deployment region (for example, US, EU, JP). They handle the primary communication between your agents and your specific tenant (API, Heartbeats, Live Terminal, and EDR data uploads).

The following table describes the service definition, FQDNs, and App-ID coverage for your deployment. Unless specified, all ports are 443 (TCP). Select your region and allow outbound traffic to the corresponding FQDNs and IPs.

Service definitions and regions

Service definition

FQDN

App-ID

Egress tenant

Connects to the Cortex XDR tenant.

<tenant-name>.xdr.<region>.paloaltonetworks.com

cortex-xdr

Live Terminal

Used in live terminal flow for real-time shell sessions

https://lrc-<region>.paloaltonetworks.com

wss://lrc-<region>.paloaltonetworks.com

cortex-xdr

Endpoint Detection and Response (EDR)

Used for EDR data upload. Includes telemetry logs, process executions, and security events that the Cortex XDR agent captures and sends to the cloud for analysis

dc-<tenant-name>.traps.paloaltonetworks.com

traps-management-service

Heartbeat

Used for all other requests between the XDR agent and the tenant, including heartbeat, uploads, action results, and scan reports.

ch-<tenant-name>.traps.paloaltonetworks.com

traps-management-service

API Access

Used for API requests and responses and to connect to an engine.

api-<tenant-name>.xdr.<region>.paloaltonetworks.com

N/a

Indicator

Used to download the IOC indicators from the tenant. Downloading lists of bad IPs, domains, or hashes to block locally.

xdr-<region>-<project ID>-tim-indicators.storage.googleapis.com

traps-management-service

Verdict requests

Used for get-verdict requests. For example, checking if a specific file hash is known to be malware.

cc-<tenant-name>.traps.paloaltonetworks.com

traps-management-service

Broker VM

Connection for the Broker VM

br-<tenant-name>.xdr.<region>.paloaltonetworks.com

N/a

The following table lists the required resources by region. Unless specified, all ports are 443 (TCP).

Region

Egress (tenant)

Live Terminal

EDR & Heartbeat

API Access

Indicator & Verdict requests

Broker VM

United States (US)

35.244.250.18

35.190.88.43

34.98.77.231

35.222.81.194

35.224.140.142

104.155.131.72

Brazil (BR)

34.96.83.202

34.151.236.197

136.110.146.246

34.39.136.78

34.39.195.104

35.198.38.182

Canada (CA)

34.120.31.199

35.203.99.74

34.96.120.25

35.203.82.121

35.203.35.23

34.95.8.232

Region

Egress (tenant)

Live Terminal

EDR & Heartbeat

API Access

Indicator & Verdict request

Broker VM

France (FA)

34.111.134.57

34.163.57.57

34.36.155.211

34.155.222.152

34.155.110.169

34.155.90.61

Germany (DE)

34.98.68.183

34.107.61.141

34.107.161.143

34.107.57.23

35.242.201.199

35.198.112.13

Israel (IL)

34.111.129.144

34.165.43.106

34.128.157.130

34.165.156.139

34.165.2.110

34.165.24.222

Italy (IT)

34.8.224.70

34.154.154.5

34.8.234.58

34.154.195.120

34.154.230.76

34.154.168.139

Netherlands/

Europe (EU)

35.227.237.180

35.244.251.25

34.102.140.103

34.90.67.58

34.90.71.103

34.91.128.226

Poland (PL)

34.117.240.208

34.118.62.80

35.190.13.237

34.116.216.55

34.116.213.71

34.116.176.97

Qatar (QT)

35.190.0.180

34.18.34.73

34.107.129.254

34.18.46.240

34.18.53.229

34.18.37.73

Saudi Arabia (SA)

35.244.157.127

34.166.54.6

34.107.213.85

34.166.58.79

34.166.53.160

34.166.55.153

South Africa (ZA)

34.149.165.12

34.35.56.170

35.190.79.68

34.35.64.191

34.35.13.198

34.35.45.251

Spain (ES)

34.111.188.248

34.175.18.78

34.120.102.147

34.175.30.176

34.175.205.166

34.175.182.55

Switzerland (CH)

34.111.6.153

34.65.213.226

34.149.180.250

34.65.248.119

34.65.137.215

34.65.51.103

United Kingdom (UK)

34.120.87.77

35.242.159.176

35.244.133.254

34.89.56.78

34.89.42.214

35.197.219.110

Region

Egress (tenant)

Live Terminal

EDR & Heartbeat

API Access

Indicator & Verdict requests

Broker VM

Australia (AU)

34.120.229.65

35.244.66.177

34.102.237.151

35.189.18.208

35.201.23.188

35.244.93.0

Delhi (DL)

34.8.67.192

34.131.116.135

136.110.132.208

34.131.165.103

34.131.47.126

34.131.131.141

India (IN)

35.186.207.80

35.200.146.253

34.120.213.187

35.200.158.164

35.244.57.196

35.200.234.99

Indonesia (ID)

34.111.58.152

34.101.214.157

34.128.156.84

34.128.115.238

34.101.155.198

34.101.101.170

Japan (JP)

35.241.28.254

34.84.201.32

34.95.66.187

34.84.125.129

34.84.225.105

34.85.74.43

Singapore (SG)

34.117.211.129

34.87.61.186

34.120.142.18

34.87.83.144

35.247.161.94

34.87.167.125

South Korea (KR)

34.54.5.247

34.22.66.91

34.54.155.245

34.64.54.175

34.64.228.117

34.64.46.249

Taiwan (TW)

34.160.28.41

34.80.34.30

34.149.248.76

35.234.8.249

35.229.186.216

34.80.230.166