Focus

Use Legacy Scripts to Retrieve Loopback Addresses

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Set Up Prisma Access IP Address Change Notifications

Use the Legacy Script to Retrieve Mobile User IP Addresses

Use Legacy Scripts to Retrieve Loopback Addresses

Learn about the legacy scripts you can use to retrieve Prisma Access IP and loopback addresses.

The commands described in this section are superseded by a newer API script as of Prisma Access 1.5; however, they are still supported when you need to obtain the loopback address, or for deployments that use them in scripts or other automated tools.

The following table shows the keywords and parameters that are available in the legacy API scripts used with Prisma Access, and provides information and recommendations about which API to use for the type of deployment you have.

These legacy commands also retrieve public IP and egress IP addresses; however, Palo Alto Networks recommends that you use the newer API script to retrieve these commands and only use the legacy API to retrieve the loopback IP addresses.

A public IP address is the source IP address that Prisma Access uses for requests made to an internet-based source. Add the public IP address to an allow list in your network to give Prisma Access access to internet resources such as SaaS applications or publicly accessible partner applications.
Mobile user, remote network, and clean pipe deployments use public IP addresses.
An egress IP address is an IP address that Prisma Access uses for egress traffic to the internet, and you must also add these addresses to an allow list to give Prisma Access access to internet resources.
Among other purposes, Prisma Access uses egress IP addresses so that users receive web pages in the language they expect from a Prisma Access location. All locations have public IP addresses; however, not all locations have egress IP addresses. The following locations do not use egress IP addresses:
- Any locations that you added before the release of Prisma Access 1.4.
- Bahrain
- Belgium
- France North
- France South
- Hong Kong
- Ireland
- South Korea
- Taiwan
- United Kingdom
Mobile user, remote network, and clean pipe deployments use egress IP addresses.

Commands Used in Mobile User Deployments
Command Name	Comments
get_egress_ip_all=yes command curl -H header-api-key:`Current-API-Key`"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?get_egress_ip_all=yes	This command retrieves all the IP addresses that you add to an allow list to give Prisma Access access to internet resources such as SaaS applications or publicly accessible partner applications. This command has the following constraints: This command can retrieve a large number of addresses (more than 200). If your enterprise cannot add this number of IP addresses to an allow list, you can use the `gpcs_gp_gw` and `gpcs_gp_portal` keywords to retrieve only the IP addresses you are currently using; however you will have to rerun these commands every time you add a location. In addition, if a scaling event occurs, you will need to the new IP addresses to an allow list. Prisma Access does not list the locations that are associated with these IP addresses; therefore, we recommend that you all the IP addresses that are returned with this command to an allow list. This command does not give you loopback addresses.
gpcs_gp_gw and gpcs_gp_portal keywords curl -H header-api-key:`Current-API-Key`"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=`gpcs_gp_gw` \| `gpcs_gp_portal`&addrType=`public_ip` \| `egress_ip_list` \| `loopback_ip`"	Use this command if your deployment limits the amount of IP addresses you can add to an allow list. You must add all IP addresses returned with this command to an allow list in your network. You can also retrieve the loopback IP addresses with this command.

Commands Used In Remote Network Deployments
Command Name	Comments
gpcs_remote_network keyword curl -H header-api-key:`Current-API-Key`"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=`gpcs_remote_network` &addrType=`public_ip` \| `egress_ip_list` \| `loopback_ip`"	Use this command to find the IP addresses that you need to add to an allow list for remote network deployments. You can also use this command to find the egress IP addresses for remote network deployments; the egress and IP addresses can be different in some situations.

Commands Used in Clean Pipe Deployments
Command Name	Comments
gpcs_clean_pipe keyword curl -H header-api-key:`Current-API-Key`"https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=`gpcs_clean_pipe`&addrType=`public_ip` \| `egress_ip_list` \| `loopback_ip`"	Use this command to find the IP addresses that you need to add to an allow list for clean pipe deployments.

Set Up Prisma Access IP Address Change Notifications

Use the Legacy Script to Retrieve Mobile User IP Addresses

Prisma Access Docs

Use Legacy Scripts to Retrieve Loopback Addresses

Prisma Access Docs

Use Legacy Scripts to Retrieve Loopback Addresses

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner