Next-Generation Firewall
TCP Ports and FQDNs Required for Strata Cloud Manager
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0 (EoL)
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
TCP Ports and FQDNs Required for Strata Cloud Manager
Review the TCP ports and FQDNs required to managed Palo Alto Networks Next-Gen Firewalls
(NGFW) from Strata Cloud Manager.
Contact your account team to enable Cloud Management for NGFWs using Strata
Cloud Manager.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Review the TCP ports and Fully Qualified Domain Names (FQDN) that you must enable on your network
communication and between the Palo Alto Networks Next-Gen Firewall (NGFW) and Strata Cloud Manager. Communication on these TCP ports and FQDNs must allowed on your
network to successfully manage your firewalls from Strata Cloud Manager.
Connections to Strata Cloud Manager
You must allow the following app, FQDNs, and TCP ports on your network to enable connectivity
between the firewall and Strata Cloud Manager.
The Virtus service is a device connectivity service that facilitates the connection
between the firewall and Strata Cloud Manager. The FQDN and/or IP address for the
region where your Strata Cloud Manager tenant is deployed must be allowed on your
network for the firewall to successfully connect to Strata Cloud Manager. The
firewall cannot connect to Strata Cloud Manager if the FQDN or IP address is
blocked.
App-ID | TCP Port |
---|---|
panorama | 3978 |
Service
|
FQDN
|
IP Address
|
TCP Ports
|
---|---|---|---|
Virtus
|
Australia—*.aus.ngfw.cloudmgmt.paloaltonetworks.com
|
34.151.118.202
|
3978
443
|
E.U—*.eu.ngfw.cloudmgmt.paloaltonetworks.com
|
35.246.199.57
| ||
India—*.in.ngfw.cloudmgmt.paloaltonetworks.com
|
35.200.223.12
| ||
Indonesia—*.id.ngfw.cloudmgmt.paloaltonetworks.com
|
34.101.126.22
| ||
Japan—*.jp.ngfw.cloudmgmt.paloaltonetworks.com
|
34.146.27.93
| ||
Qatar—*.qa.ngfw.cloudmgmt.paloaltonetworks.com
|
34.18.53.154
| ||
Singapore—*.sg.ngfw.cloudmgmt.paloaltonetworks.com
|
35.198.210.240
| ||
U.K—*.uk.ngfw.cloudmgmt.paloaltonetworks.com
|
35.246.86.14
| ||
U.S.A—*.us.ngfw.cloudmgmt.paloaltonetworks.com
|
34.31.195.141
| ||
Discovery Service
|
ds-cloudmgmt.paloaltonetworks.com
|
N/A
|
443
|
Connections to Strata Logging Service
You must allow the following apps, FQDNs, and TCP ports
on your network to forward logs from the managed firewall to Strata Logging Service (SLS). For more details, see the TCP Ports and FQDNs Required
for (SLS).
App-ID | TCP Port |
---|---|
| 444 3978 |
Required if you’re sending device telemetry
data to SLS.
| 443 5222-5224 5228 5229 |
Service | FQDN | TCP Ports |
---|---|---|
Prisma Access | *.gpcloudservice.com | 443 |
Connections for Firewall Certificates
You must allow the following FQDNs, and TCP ports on your network to enable your managed
firewalls to install the device certificates for Strata Cloud Manager.
Service | FQDN | TCP Ports |
---|