>
    TCP Ports and FQDNs Required for Strata Cloud Manager
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Onboard NGFWs to Strata Cloud Manager
    4. TCP Ports and FQDNs Required for Strata Cloud Manager
    Download PDF
    Next-Generation Firewall

    TCP Ports and FQDNs Required for Cloud Management

    Table of Contents

    TCP Ports and FQDNs Required for
    Strata Cloud Manager

    Review the TCP ports and FQDNs required to managed Palo Alto Networks Next-Gen Firewalls (NGFW) from
    Strata Cloud Manager
    .
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?
    What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    Review the TCP ports and Fully Qualified Domain Names (FQDN) that you must enable on your network communication and between the Palo Alto Networks Next-Gen Firewall (NGFW) and
    Strata Cloud Manager
    . Communication on these TCP ports and FQDNs must allowed on your network to successfully manage your firewalls from
    Strata Cloud Manager
    .

    Connections to
    Strata Cloud Manager

    You must allow the following app, FQDNs, and TCP ports on your network to enable connectivity between the firewall and
    Strata Cloud Manager
    .
    The Virtus service is a device connectivity service that facilitates the connection between the firewall and
    Strata Cloud Manager
    . The FQDN and/or IP address for the region where your
    Strata Cloud Manager
     tenant is deployed must be allowed on your network for the firewall to successfully connect to
    Strata Cloud Manager
    . The firewall cannot connect to
    Strata Cloud Manager
     if the FQDN or IP address is blocked.
    Required App-ID and Port for
    Strata Cloud Manager
    App-ID
    TCP Port
    panorama
    3978
    Required FQDNs, IP Addresses, and Ports for
    Strata Cloud Manager
    Service
    FQDN
    IP Address
    TCP Ports
    OCSP
    N/A
    80
    Virtus
    Australia
    —*.aus.ngfw.cloudmgmt.paloaltonetworks.com
    34.151.118.202
    3978
    443
    E.U
    —*.eu.ngfw.cloudmgmt.paloaltonetworks.com
    35.246.199.57
    India
    —*.in.ngfw.cloudmgmt.paloaltonetworks.com
    35.200.223.12
    Indonesia
    —*.id.ngfw.cloudmgmt.paloaltonetworks.com
    34.101.126.22
    Japan
    —*.jp.ngfw.cloudmgmt.paloaltonetworks.com
    34.146.27.93
    Qatar
    —*.qa.ngfw.cloudmgmt.paloaltonetworks.com
    34.18.53.154
    Singapore
    —*.sg.ngfw.cloudmgmt.paloaltonetworks.com
    35.198.210.240
    U.K
    —*.uk.ngfw.cloudmgmt.paloaltonetworks.com
    35.246.86.14
    U.S.A
    —*.us.ngfw.cloudmgmt.paloaltonetworks.com
    34.31.195.141
    Discovery Service
    ds.cloudmgmt-paloaltonetworks.com
    N/A
    443

    Connections to
    Strata Logging Service

    You must allow the following apps, FQDNs, and TCP ports on your network to forward logs from the managed firewall to Cortex Data Lake (CDL). For more details, see the TCP Ports and FQDNs Required for (CDL).
    Required App-ID and Ports for CDL
    App-ID
    TCP Port
    • paloalto-shared-services
    • panorama
    444
    3978
    Required if you’re sending device telemetry data to CDL
    .
    • paloalto-device-telemetry
    • google-base
    443
    5222-5224
    5228
    5229
    Required FQDNs and Ports for CDL
    Service
    FQDN
    TCP Ports
    OCSP
    80
    CDL Certificates
    3978
    Prisma Access
    *.gpcloudservice.com
    443

    Connections for Firewall Certificates

    You must allow the following FQDNs, and TCP ports on your network to enable your managed firewalls to install the device certificates for
    Strata Cloud Manager
    .
    Service
    FQDN
    TCP Ports
    API
    443
    Device Certificates
    443

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.