Enable Access to Cortex XSOAR - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-04-24
Category
Administrator Guide
Solution
Cloud
Abstract

Depending on your network environment settings, you may need to enable network access to the Cortex XSOAR resources.

To enable access to Cortex XSOAR components, you must allow access to various Palo Alto Networks resources.

Note

Some of the IP addresses required for access are registered in the United States. As a result, some GeoIP databases do not correctly pinpoint the location in which IP addresses are used. All customer data is stored in your deployment region, regardless of the IP address registration, and restricts data transmission through any infrastructure to that region.

Note

Throughout this topic, <XSOAR-tenant> refers to the chosen subdomain of your Cortex XSOAR tenant, and <region> is the region in which your tenant is deployed.

For IP address ranges in GCP, refer to the following tables for IP address coverage for your deployment:

In your firewall configuration, enable access to Cortex XSOAR communication servers, storage buckets, and resources.

FQDN

IP Addresses and Port

<XSOAR-tenant>.crtx.<region>.paloaltonetworks.com

Used to connect to the Cortex XSOAR tenant

IP address by region.

  • US (United States) —35.244.250.18

  • EU (Europe) — 35.227.237.180

  • CA (Canada) —34.120.31.199

  • UK (United Kingdom) — 34.120.87.77

  • JP (Japan) —35.241.28.254

  • SG (Singapore) — 34.117.211.129

  • AU (Australia) —34.120.229.65

  • DE (Germany) —34.98.68.183

  • IN (India) —35.186.207.80

  • CH (Switzerland)—34.111.6.153

  • PL (Poland) —34.117.240.208

  • TW (Taiwan) —34.160.28.41

  • QT (Qatar) —35.190.0.180

  • FA (France)—34.111.134.57

  • IL (Israel) —34.111.129.144

  • SA (Saudi Arabia)—35.244.157.127

Port—443

api-<XSOAR-tenant>.crtx.<region>.paloaltonetworks.com

Used for API requests and responses and to connect to the Cortex XSOAR engine

IP address by region.

  • US (United States) —35.222.81.194

  • EU (Europe) — 34.90.67.58

  • CA (Canada) —35.203.82.121

  • UK (United Kingdom) — 34.89.56.78

  • JP (Japan) —34.84.125.129

  • SG (Singapore) —34.87.83.144

  • AU (Australia) —35.189.18.208

  • DE (Germany) —34.107.57.23

  • IN (India) —35.200.158.164

  • CH (Switzerland) —34.65.248.119

  • PL (Poland) —34.116.216.55

  • TW (Taiwan) —35.234.8.249

  • QT (Qatar) —34.18.46.240

  • FA (France) —34.155.222.152

  • IL (Israel) —34.165.156.139

  • SA (Saudi Arabia)—34.166.58.79

Port—443

ext-<XSOAR-tenant>.crtx.<region>.paloaltonetworks.com

Used for EDL (long running integrations)

IP address by region.

  • US (United States) —35.222.81.194

  • EU (Europe) — 34.90.67.58

  • CA (Canada) —35.203.82.121

  • UK (United Kingdom) — 34.89.56.78

  • JP (Japan) —34.84.125.129

  • SG (Singapore) —34.87.83.144

  • AU (Australia) —35.189.18.208

  • DE (Germany) —34.107.57.23

  • IN (India) —35.200.158.164

  • CH (Switzerland) —34.65.248.119

  • PL (Poland) —34.116.216.55

  • TW (Taiwan) —35.234.8.249

  • QT (Qatar) —34.18.46.240

  • FA (France) —34.155.222.152

  • IL (Israel) —34.165.156.139

  • SA (Saudi Arabia)—34.166.58.79

Port—443

In-App Help Center and Notifications

data.pendo.io

Port—443

pendo-static-5664029141630976.storage.googleapis.com

Port—443

Email Notifications

IP address for all regions—159.183.150.248

Egress

Used for communication between Cortex XSOAR and customer resources

IP address by region.

  • US (United States)

    • 35.225.156.101

    • 34.69.88.119

  • EU (Europe)

    • 34.147.67.188

    • 34.90.16.31

  • CA (Canada)

    • 35.203.57.162

    • 35.203.90.79

  • UK (United Kingdom)

    • 34.142.3.42

    • 34.142.44.136

  • JP (Japan)

    • 34.146.60.215

    • 34.84.93.160

  • SG (Singapore)

    • 35.240.144.192

    • 35.240.255.15

  • AU (Australia)

    • 35.244.73.76

    • 35.201.22.63

  • DE (Germany)

    • 34.107.83.197

    • 34.159.53.97

  • IN (India)

    • 34.93.118.113

    • 35.244.5.205

  • CH (Switzerland)

    • 34.65.233.60

    • 34.65.222.25

  • PL (Poland)

    • 34.116.223.119

    • 34.118.92.214

  • TW (Taiwan)

    • 104.199.223.229

    • 34.81.38.132

  • QT (Qatar)

    • 34.18.39.0

    • 34.18.32.96

  • FA (France)

    • 34.155.197.131

    • 34.155.5.100

  • IL (Israel)

    • 34.165.33.165

    • 34.165.27.131

  • SA (Saudi Arabia)

    • 34.166.58.213

    • 34.166.61.81

App Login and Authentication

https://sso.paloaltonetworks.com

Port—443

Required Resources for Federal (United States - Government)

FQDN

IP Addresses and Port

App-ID Coverage

app-proxy.federal.paloaltonetworks.com

  • IP address: 35.186.217.42

  • Port: 443

No App ID coverage

api-<XSOAR-tenant>.crtx.federal.paloaltonetworks.com

Used for API requests and responses.

  • IP address: 130.211.195.231

  • Port: 443

No App ID coverage

App Login and Authentication

sso-fed.paloaltonetworks.com

Port: 443

No App ID coverage