Enterprise DLP
Setup Prerequisites for Enterprise DLP
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Setup Prerequisites for Enterprise DLP
Ports, Fully Qualified Domain Names, and IP addressed required to enable Enterprise Data Loss Prevention (E-DLP).
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Below are the full qualified domain names (FQDN), network ports, and IP addresses that
must be allowed. These tables describe the network settings required to forward traffic
for inspection and verdict rendering Enterprise Data Loss Prevention (E-DLP), as well as required
network settings for specific Enterprise DLP features.
- Ports and FQDNs
- IP Addresses for Evidence Storage
- IP Addresses for Syslog Forwarding
- FQDNs for EDM
- End User Alerting
Prerequisite Ports and FQDNs for Enterprise DLP
Allow access to the following IP addresses and open ports required to successfully
forward traffic to Enterprise Data Loss Prevention (E-DLP).
Firewalls managed by a Panorama™ management server or Strata Cloud Manager need to access the
following FQDNs and ports open on the network to successfully forward traffic for
inspection by the DLP cloud service.
| FQDNs | Ports |
|---|---|
| TCP 80 |
| TCP 443 |
Prerequisite IP Addresses for Enterprise DLP Evidence Storage
Allow access to the IP addresses required to save evidence for investigative analysis
with Enterprise Data Loss Prevention (E-DLP).
Allow access to the following IP addressed on the hypervisor where you created the evidence storage
bucket to automatically store files scanned by the DLP cloud service that
match your Enterprise DLP data profile for firewalls managed by Panorama
or Strata Cloud Manager.
- You must allow the Default IP addresses to successfully connect your evidence storage bucket to Enterprise DLP.
- To automatically store inspected files, the IP addresses you need to allow access for are dependent on region or zone where the file will be scanned by Enterprise DLP.
- To download stored files from your evidence storage bucket, you may also need to allow the specific user IP addresses as well.
Evidence Storage and Syslog Forwarding require you allow the same IP addresses on
your network. You don't need to allow any region-specific IP addresses for Evidence
Storage if already allowed for Syslog Forwarding.
| Region | IP Address |
|---|---|
| APAC | 13.228.151.58 52.74.82.77 |
|
Australia
| 13.54.198.248 52.63.9.154 |
|
Canada
| 15.222.125.234 99.79.19.33 |
|
E.U
| 3.123.172.116 52.59.186.42 |
|
India
|
15.207.246.3
3.108.103.214
|
|
Japan
|
3.115.43.201
35.72.148.77
35.74.96.38
52.68.52.77
|
|
U.K
|
13.43.141.10
18.169.44.228
35.177.5.4
52.56.54.90
|
|
(Default) U.S.A
| 3.230.176.219 3.226.106.173 18.190.146.204 3.16.224.253 34.223.123.78 52.27.148.95 |
IP Addresses for Syslog Forwarding
Allow the IP addresses required to forward DLP incident syslogs from Enterprise Data Loss Prevention (E-DLP) to manage and create workflows.
Allow the following IP addresses on your network to successfully forward
Enterprise Data Loss Prevention (E-DLP) incidents syslogs to your third-party security information and
event management (SIEM), Security Orchestration, and Response (SOAR), or other automated
ticketing systems. This enables your SOC Analysts and Incident admins to effectively
triage, review, and resolve data security risks that occur in your organization. To
forward DLP incident syslogs, the IP addresses you need to allow access for are
dependent on region or zone where the file will be scanned by Enterprise DLP.
Evidence Storage and Syslog Forwarding require you allow the same IP addresses on
your network. You don't need to allow any region-specific IP addresses for Syslog
Forwarding if already allowed for Evidence Storage.
| Region | IP Address |
|---|---|
| APAC | 13.228.151.58 52.74.82.77 |
|
Australia
| 13.54.198.248 52.63.9.154 |
|
Canada
| 15.222.125.234 99.79.19.33 |
|
E.U
| 3.123.172.116 52.59.186.42 |
|
India
|
15.207.246.3
3.108.103.214
|
|
Japan
|
3.115.43.201
35.72.148.77
35.74.96.38
52.68.52.77
|
|
U.K
|
13.43.141.10
18.169.44.228
35.177.5.4
52.56.54.90
|
|
(Default) U.S.A
| 3.230.176.219 3.226.106.173 18.190.146.204 3.16.224.253 34.223.123.78 52.27.148.95 |
Prerequisite FQDNs for Exact Data Matching (EDM)
Fully Qualified Domain Names (FQDN) required to upload data sets for Exact Data
Matching (EDM).
To successfully create and upload data sets to the DLP cloud service and use Exact Data Matching (EDM), you must allow
access to the following FQDNs on your network.
- https://api.dlp.paloaltonetworks.com
- https://auth.apps.paloaltonetworks.com
- https://prod-edm-dataset-bucket.s3.us-west-2.amazonaws.com
Prerequisites for Enterprise DLP End User Alerting with Cortex XSOAR
The integrated platforms, supported applications, and configuration prerequisites
required to use the Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR.
Review the Palo Alto Networks product portfolio integration, supported application, and
configuration prerequisites required to use Enterprise Data Loss Prevention (E-DLP) End User Alerting
with Cortex XSOAR.
| Requirements | Panorama (Palo Alto Networks Next-Generation Firewalls) | Prisma Access (Managed by Panorama) | Strata Cloud Manager |
|---|---|---|---|
PAN-OS Release |
| N/A | |
Palo Alto Networks Product Portfolio Integration | Cortex XSOAR | ||
Supported Applications | Slack, Microsoft Teams, Email | ||
IP Mapping to Email Addresses | |||