URL requirements - Add the required URLs for Cortex XSOAR On-prem. - FAQs - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR 8 - FAQs
Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2025-10-08
Category
FAQs
Abstract

Add the required URLs for Cortex XSOAR On-prem.

URLs

You need to allow the following URLs for Cortex XSOAR to operate properly.

Note

If you use SSL inspection and experience difficulty connecting to the required URLs or to integration URLs, exclude the required URLs from SSL offloading on the firewall/proxy.

Function

Service

Port

Direction

Web interface

HTTPS

443

Inbound

Engine connectivity

HTTPS

443 (configurable)

Inbound

Integrations

Integration-specific ports

Outbound

Unit42 Intel Inventory (TIM license)

https://unit42intel.xsoar.paloaltonetworks.com

443

Outbound

Marketplace

  • https://marketplace.xsoar.paloaltonetworks.com/

    Download content packs and view the Marketplace (to view content pack images, the domain should also be reachable from the browser).

  • storage.googleapis.com

    Download content packs and view the Marketplace. This domain stores content pack artifacts (to view content pack images, the domain should also be reachable from the browser). It is possible to further limit the url prefix to: https://storage.googleapis.com/marketplace-dist/

  • api.demisto.com

    Download content Packs and view the Marketplace (this file maps the Marketplace URL to the Cortex XSOAR version).

    Note

    You must add marketplace.xsoar.paloaltonetworks.com, storage.googleapis.com, and api.demisto.com otherwise you cannot access the Marketplace.

  • xsoar-contrib.pan.dev

    Contribute content packs.

443

Outbound

On-prem Gateway

onpremgw.crtx.[region].paloaltonetworks.com

Cortex XSOAR accesses new versions from and uploads licenses to this repository.

443

Outbound

Download packages required for installation

  • deb.debian.org

  • security.debian.org

80

Outbound

Cortex XSOAR DNS records

You need to add the following DNS records to your DNS server to resolve hostnames to the cluster IP address (only static, DHCP is not supported). These DNS records (for a given tenant) should all point to the same cluster IP address to ensure a single entry point.

Note

Verify the internal DNS correctly resolves these addresses. DNS resolution failure for these FQDNs can cause communication issues.

  • xsoar.<hostname>.<domain>: The Cortex XSOAR DNS name for accessing the UI. For example, xsoar.mycompany.com.

  • api-<hostname>.<domain>: The Cortex XSOAR DNS name that is mapped for API access. For example, api-xsoar.mycompany.com. This should be a CNAME entry pointing to the same cluster IP address.

  • ext-<hostname>.<domain>: The Cortex XSOAR DNS name that is mapped to access long running integrations. For example, ext-xsoar.mycompany.com. This should be a CNAME entry pointing to the same cluster IP address.