Ports Used for Management Functions
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
PAN-OS 11.1 & Later
- PAN-OS 11.1 & Later
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
-
- Tap Interfaces
-
- Layer 2 and Layer 3 Packets over a Virtual Wire
- Port Speeds of Virtual Wire Interfaces
- LLDP over a Virtual Wire
- Aggregated Interfaces for a Virtual Wire
- Virtual Wire Support of High Availability
- Zone Protection for a Virtual Wire Interface
- VLAN-Tagged Traffic
- Virtual Wire Subinterfaces
- Configure Virtual Wires
- Configure a PPPoE Client on a Subinterface
- Configure an IPv6 PPPoE Client
- Configure an Aggregate Interface Group
- Configure Bonjour Reflector for Network Segmentation
- Use Interface Management Profiles to Restrict Access
-
- DHCP Overview
- Firewall as a DHCP Server and Client
- Firewall as a DHCPv6 Client
- DHCP Messages
- Dynamic IPv6 Addressing on the Management Interface
- Configure an Interface as a DHCP Server
- Configure an Interface as a DHCPv4 Client
- Configure an Interface as a DHCPv6 Client with Prefix Delegation
- Configure the Management Interface as a DHCP Client
- Configure the Management Interface for Dynamic IPv6 Address Assignment
- Configure an Interface as a DHCP Relay Agent
-
- DNS Overview
- DNS Proxy Object
- DNS Server Profile
- Multi-Tenant DNS Deployments
- Configure a DNS Proxy Object
- Configure a DNS Server Profile
- Use Case 1: Firewall Requires DNS Resolution
- Use Case 2: ISP Tenant Uses DNS Proxy to Handle DNS Resolution for Security Policies, Reporting, and Services within its Virtual System
- Use Case 3: Firewall Acts as DNS Proxy Between Client and Server
- DNS Proxy Rule and FQDN Matching
-
- NAT Rule Capacities
- Dynamic IP and Port NAT Oversubscription
- Dataplane NAT Memory Statistics
-
- Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT)
- Create a Source NAT Rule with Persistent DIPP
- PAN-OS
- Strata Cloud Manager
- Enable Clients on the Internal Network to Access your Public Servers (Destination U-Turn NAT)
- Enable Bi-Directional Address Translation for Your Public-Facing Servers (Static Source NAT)
- Configure Destination NAT with DNS Rewrite
- Configure Destination NAT Using Dynamic IP Addresses
- Modify the Oversubscription Rate for DIPP NAT
- Reserve Dynamic IP NAT Addresses
- Disable NAT for a Specific Host or Interface
-
- Network Packet Broker Overview
- How Network Packet Broker Works
- Prepare to Deploy Network Packet Broker
- Configure Transparent Bridge Security Chains
- Configure Routed Layer 3 Security Chains
- Network Packet Broker HA Support
- User Interface Changes for Network Packet Broker
- Limitations of Network Packet Broker
- Troubleshoot Network Packet Broker
-
- Enable Advanced Routing
- Logical Router Overview
- Configure a Logical Router
- Create a Static Route
- Configure BGP on an Advanced Routing Engine
- Create BGP Routing Profiles
- Create Filters for the Advanced Routing Engine
- Configure OSPFv2 on an Advanced Routing Engine
- Create OSPF Routing Profiles
- Configure OSPFv3 on an Advanced Routing Engine
- Create OSPFv3 Routing Profiles
- Configure RIPv2 on an Advanced Routing Engine
- Create RIPv2 Routing Profiles
- Create BFD Profiles
- Configure IPv4 Multicast
- Configure MSDP
- Create Multicast Routing Profiles
- Create an IPv4 MRoute
-
-
PAN-OS 11.2
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
- Cloud Management and AIOps for NGFW
Something went wrong please try again later
Ports Used for Management Functions
The firewall and Panorama use the following ports for
management functions.
Destination Port | Protocol | Description |
|---|---|---|
22 | TCP | Used for communication from a client system
to the firewall CLI interface. |
80 | TCP | The port the firewall listens on for Online
Certificate Status Protocol (OCSP) updates when acting as
an OCSP responder. Port 80 is also used for OCSP verification
if specified in the server certificate. |
123 | UDP | Port the firewall uses for NTP updates. |
443 | TCP | Used for communication from a client system
to the firewall web interface. This is also the port the firewall
and User-ID agent listens on for updates when you Enable
VM Monitoring to Track Changes on the Virtual Network.
Used for outbound communications from the firewall to the Palo Alto
Networks Update Server. For
monitoring an AWS environment, this is the only port that is used. For
monitoring a VMware vCenter/ESXi environment, the listening port
defaults to 443, but it is configurable. |
4443 | TCP | Used as an alternative SSL port for HTTPS. |
162 | UDP | Port the firewall, Panorama, or a Log Collector
uses to Forward
Traps to an SNMP Manager. This port doesn’t need
to be open on the Palo Alto Networks firewall. You must configure
the Simple Network Management Protocol (SNMP) manager to listen
on this port. For details, refer to the documentation of your SNMP
management software. |
161 | UDP | Port the firewall listens on for polling
requests (GET messages) from the SNMP manager. |
514 514 6514 | TCP UDP SSL | Port that the firewall, Panorama, or a Log
Collector uses to send logs to a syslog server if you Configure
Syslog Monitoring, and the ports that the PAN-OS integrated
User-ID agent or Windows-based User-ID agent listens on for authentication
syslog messages. |
2055 | UDP | Default port the firewall uses to send NetFlow
records to a NetFlow collector if you Configure
NetFlow Exports, but this is configurable. |
5008 | TCP | Port the GlobalProtect Mobile Security Manager
listens on for HIP requests from the GlobalProtect gateways. If
you are using a third-party MDM system, you can configure the gateway
to use a different port as required by the MDM vendor. |
6080 6081 6082 | TCP TLS 1.2 TCP | Ports used for User-ID™ Authentication
Portal:
|
| 10443 | SSL | Port that the firewall and Panorama use to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus. |