Enable access to Palo Alto Network resources - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Cloud Documentation

Product
Cortex XSOAR
Version
8
Creation date
2024-03-07
Last date published
2024-11-13
Category
Administrator Guide
Solution
Cloud
Abstract

Depending on your network environment settings, you may need to enable network access to the Cortex XSOAR resources.

After you receive your account details, in your firewall configuration, enable and verify access to Cortex XSOAR communication servers, storage buckets, and various resources.

Note

Some of the IP addresses required for access are registered in the United States. As a result, some GeoIP databases do not correctly pinpoint the location in which IP addresses are used. All customer data is stored in your deployment region, regardless of the IP address registration, and restricts data transmission through any infrastructure to that region.

For IP address ranges in Google Cloud Platform (GCP), view the following tables for IP address coverage for your deployment:

In your firewall configuration, enable the following resources:

FQDN

Description

<xsoar-tenant>.crtx.<region>.paloaltonetworks.com

Used to connect to Palo Alto Networks. For the relevant region and IP address, see the IP Address to connect to Cortex XSOAR column below. For example, if the region is US, use the 35.244.250.18 IP address.

api-<xsoar-tenant>.crtx.<region>.paloaltonetworks.com

Used for API requests and responses and to connect to an engine. For the relevant region and IP address, see the API/EDL IP Address column below. For example, if the region is US, use the 35.222.81.194 IP address.

ext-<xsoar-tenant>.crtx.<region>.paloaltonetworks.com

Used for EDL (long-running integrations). For the relevant region and IP address, see the API/EDL IP Address column below. For example, if the region is US, use the 35.222.81.194 IP address.

Note

<xsoar-tenant> refers to the chosen subdomain of your Cortex XSOAR tenant, and <region> is the region in which your tenant is deployed.

The port is 443.

Egress is used for communication between Cortex XSOAR and customer resources. For the relevant region and IP address, see the Egress IP Address column below. For example, if the region is US, use 35.225.156.101 and 34.69.88.119.

Region

IP Address to connect to Cortex XSOAR

API/EDL IP Address

Egress IP Address

AU (Australia)

34.120.229.65

35.189.18.208

  • 35.244.73.76

  • 35.201.22.63

CA (Canada)

34.120.31.199

35.203.82.121

  • 35.203.57.162

  • 35.203.90.79

CH (Switzerland)

34.111.6.153

34.65.248.119

  • 34.65.233.60

  • 34.65.222.25

DE (Germany)

34.98.68.183

34.107.57.23

  • 34.107.83.197

  • 34.159.53.97

ES (Spain)

34.111.188.248

34.175.30.176

  • 34.175.255.99

  • 34.175.230.35

EU (Europe)

35.227.237.180

34.90.67.58

  • 34.147.67.188

  • 34.90.16.31

FA (France)

34.111.134.57

34.155.222.152

  • 34.155.197.131

  • 34.155.5.100

ID (Indonesia)

34.111.58.152

34.128.115.238

  • 34.101.125.66

  • 34.101.218.184

IL (Israel)

34.111.129.144

34.165.156.139

  • 34.165.46.47

  • 34.165.17.246

IN (India)

35.186.207.80

35.200.158.164

  • 34.93.118.113

  • 35.244.5.205

JP (Japan)

35.241.28.254

34.84.125.129

  • 34.146.60.215

  • 34.84.93.160

PL (Poland)

34.117.240.208

34.116.216.55

  • 34.116.223.119

  • 34.118.92.214

QT (Qatar)

35.190.0.180

34.18.46.240

  • 34.18.39.0

  • 34.18.32.96

SA (Saudi Arabia)

35.244.157.127

34.166.58.79

  • 34.166.58.243

  • 34.166.54.238

SG (Singapore)

34.117.211.129

34.87.83.144

  • 35.240.144.192

  • 35.240.255.15

TW (Taiwan)

34.160.28.41

35.234.8.249

  • 104.199.223.229

  • 34.81.38.132

UK (United Kingdom)

34.120.87.77

34.89.56.78

  • 34.142.3.42

  • 34.142.44.136

US (United States)

35.244.250.18

35.222.81.194

  • 35.225.156.101

  • 34.69.88.119

In-app Help Center and notifications

FQDN

IP Addresses and Port

data.pendo.io

Port: 443

pendo-static-5664029141630976.storage.googleapis.com

Port: 443

Email notifications

IP address for all regions: 159.183.150.248

App login and authentication

FQDN

IP address and port

https://sso.paloaltonetworks.com

Port: 443

Required Resources for Federal (United States - Government)

FQDN

IP Addresses and Port

app-proxy.federal.paloaltonetworks.com

  • IP address: 35.186.217.42

  • Port: 443

api-<xsoar-tenant>.crtx.federal.paloaltonetworks.com

Used for API requests and responses.

  • IP address: 130.211.195.231

  • Port: 443

App Login and Authentication

sso-fed.paloaltonetworks.com

Port: 443