Next-Generation Firewall
TCP Ports and FQDNs Required for Strata Cloud Manager
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
TCP Ports and FQDNs Required for Strata Cloud Manager
Review the TCP ports and FQDNs required to managed Palo Alto Networks Next-Gen
Firewalls (NGFW) from Strata Cloud Manager.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Review the TCP ports and Fully Qualified Domain Names (FQDN) that you must enable on your
network communication and between the Palo Alto Networks Next-Gen Firewall (NGFW) and
Strata Cloud Manager. Communication on these TCP ports and FQDNs must allowed on
your network to successfully manage your firewalls from Strata Cloud Manager.
Connections to Strata Cloud Manager
You must allow the following app, FQDNs, and TCP ports on your network to enable
connectivity between the firewall and Strata Cloud Manager.
App-ID
|
TCP Port
|
---|---|
panorama
|
3978
|
Service
|
FQDN
|
TCP Ports
|
---|---|---|
Virtus
|
|
3978
|
Discovery Service
|
ds.cloudmgmt-paloaltonetworks.com
|
443
|
Connections to Cortex Data Lake
You must allow the following apps, FQDNs, and TCP ports on your network to forward
logs from the managed firewall to Cortex Data Lake (CDL). For more details, see the
TCP Ports and FQDNs Required for Cortex Data
Lake (CDL).
App-ID
|
TCP Port
|
---|---|
|
444
3978
|
Required if you’re sending device telemetry
data to CDL.
|
443
5222-5224
5228
5229
|
Service
|
FQDN
|
TCP Ports
|
---|---|---|
Prisma Access
|
*.gpcloudservice.com
|
443
|
Connections for Firewall Certificates
You must allow the following FQDNs, and TCP ports on your network to enable your
managed firewalls to install the device certificates for Strata Cloud Manager.
Service
|
FQDN
|
TCP Ports
|
---|---|---|