This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Prisma Access Locations IP Addresses

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Prisma Access Locations IP Addresses

jeppich
L1 Bithead

‎10-22-2024 11:20 AM

I'm struggling to find the IP Addresses allocated for the 5 Prisma Access Locations we're using.  We would like to build a conditional access policy in M365 to only allow traffic from our Global Protect client via the Gateway IP addresses or ranges.  I've seen articles saying to use the API which I have zero knowledge of.  I just want the IPs so I can begin building and testing our policy.

 

Is this information available in the Prisma UI?

0 Likes Likes
3 REPLIES 3

abhinav2308
L2 Linker

‎10-25-2024 01:21 AM

Hello Jeppich,

Greetings of the day!


The only way to get the Prisma gateway IP address is using API , you can fetch with that
https://docs.paloaltonetworks.com/prisma/prisma-access/3-1/prisma-access-panorama-admin/prisma-acces...
Or you can open a TAC case with the Prisma team, requesting them to share the IP, Maybe they might share
Additionally you can try to fetch the IP, I can help you with that,

just post here.

 

Abhinav Srivastava
0 Likes Likes

jeppich
L1 Bithead
In response to abhinav2308

‎10-25-2024 10:56 AM

I've read that article many times.  We don't use Panorama so I don't understand how I can run the API Script.

 

I was able to find the GP locations IP Addresses in the console.  Not exactly the easiest to find.  However, my new issue is we've begun routing internet traffic in one of our Remote Networks via Policy Based Forwarding through the IPSec tunnel to Prisma.  The egress IP for the users in that office is now different and not part of the GP Locations addresses (obviously, since it's not GP).  The service endpoint address for the RN is not the egress IP.  The only way I've read is to run the API Script which Palo Alto doesn't document very well if you're not using Panorama.

 

0 Likes Likes

Vickynet
L2 Linker

‎10-27-2024 05:49 PM

Hello @jeppich , I believe there is similar documentation for Cloud-Managed Prisma Access. You can reference this https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-setup/retrieve-ip-addre... and just focus on the Strata Cloud Manager Tab. Within that tab, under the Legacy Scripts Used to Retrieve IP and Loopback Addresses, you should be able to retrieve the commands used in Mobile User Deployments or Remote Network deployment. 

 

I hope you find this helpful. 

 

Thank you,

Vickynet

  • 549 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks