Use the Legacy Script to Retrieve Public, Loopback, and Egress IP Addresses
Focus
Focus

Use the Legacy Script to Retrieve Public, Loopback, and Egress IP Addresses

Table of Contents

Use the Legacy Script to Retrieve Public, Loopback, and Egress IP Addresses

Use this script to retrieve public, loopback, and egress IP addresses for Prisma Access mobile user deployments.
This legacy script has been superseded by a by a newer API script as of Prisma Access 1.5. Palo Alto Networks recommends that you use the newer script to retrieve all IP addresses with the exception of loopback addresses.
To retrieve public, loopback, and egress IP addresses, complete the following steps.
  1. Get the API key and add an IP Change Event Notification URL where you can be notified of IP address changes in your Prisma Access infrastructure.
  2. Retrieve the public IP addresses, loopback IP addresses, or both for Prisma Access.
    Use the API key and the API endpoint URL either manually or in an automation script:
      header-api-key:Current
    API Key "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=$fwType&addrType=$addrType"
    where you need to replace Current API Key with your API key and use one or both of the following keywords and arguments:
    KeywordDescription
    fwType keyword
    gpcs_gp_gw
    Retrieves Prisma Access gateway IP addresses (for mobile user deployments).
    gpcs_gp_portal
    Retrieves Prisma Access portal IP addresses (for mobile user deployments).
    gpcs_remote_network
    Retrieves Prisma Access remote network IP addresses (for remote network deployments).
    gpcs_clean_pipe
    Retrieves Prisma Access Clean Pipe IP addresses.
    addrType keyword
    public_ip
    Retrieves the source IP addresses that Prisma Access uses for requests made to an internet-based source.
    For mobile user locations, Prisma Access lists the IP addresses by location. For remote networks, Prisma Access lists the IP addresses by remote network name.
    egress_ip_list
    Retrieves the IP addresses that Prisma Access uses with public IP addresses for additional egress traffic to the internet.
    For mobile user locations, Prisma Access lists the IP addresses by location. For remote networks, Prisma Access lists the IP addresses by remote network name.
    loopback_ip
    Retrieves the source IP addresses used by Prisma Access for requests made to an internal source (for example, a RADIUS or Active Directory server), and is assigned from the infrastructure subnet.
    If you don’t specify a keyword, Prisma Access retrieves all IP addresses.
    For example, you can try the following Curl command to manually retrieve the list of public IP addresses for all remote networks:
    curl -H header-api-key:1234y9ydxb__0UmxetVTbC8XTyFMaoT4RBZBKBjfX419YVufeFG7 "https://api.prod.datapath.prismaaccess.com/getAddrList/latest?fwType=gpcs_remote_network&addrType=public_ip"
    or use a simple python script to retrieve the list of all IP addresses, for example:
      #!/usr/bin/python
    import subprocess
    import json
    api_key = '1234y9ydxb__0UmxetVTbC8XTyFMaoT4RBZBKBjfX419YVufeFG7' # Replace with your key
    api_end_point = 'https://api.prod.datapath.prismaaccess.com/getAddrList/latest' # This call retrieves IP addresses for all your Prisma Access firewalls
    args = ['curl', '-k', '-H', 'header-api-key:' +  api_key, api_end_point]
    p = subprocess.Popen(args, stdout=subprocess.PIPE)
    output = p.communicate()
    dout = json.loads(output[0])
    addrStrList = dout['result']['addrList']
    addrList = []
    for addr_str in addrStrList:
        addrList.append(addr_str.split(":")[1])
    print(addrList)
  3. Update the allow lists on your on-premises servers or SaaS application policy rules with the IP addresses you retrieved.