Ports Used for Management Functions
Focus
Focus

Ports Used for Management Functions

Table of Contents
End-of-Life (EoL)

Ports Used for Management Functions

The firewall and Panorama use the following ports for management functions.
Destination Port
Protocol
Description
22
TCP
Used for communication from a client system to the firewall CLI interface.
80
TCP
The port the firewall listens on for Online Certificate Status Protocol (OCSP) updates when acting as an OCSP responder.
Port 80 is also used for OCSP verification if specified in the server certificate.
123
UDP
Port the firewall uses for NTP updates.
443
TCP
Used for communication from a client system to the firewall web interface. This is also the port the firewall and User-ID agent listens on for updates when you Enable VM Monitoring to Track Changes on the Virtual Network.
Used for outbound communications from the firewall to the Palo Alto Networks Update Server.
For monitoring an AWS environment, this is the only port that is used.
For monitoring a VMware vCenter/ESXi environment, the listening port defaults to 443, but it is configurable.
4443
TCP
Used as an alternative SSL port for HTTPS.
162
UDP
Port the firewall, Panorama, or a Log Collector uses to Forward Traps to an SNMP Manager.
This port doesn’t need to be open on the Palo Alto Networks firewall. You must configure the Simple Network Management Protocol (SNMP) manager to listen on this port. For details, refer to the documentation of your SNMP management software.
161
UDP
TCP
Port the firewall listens on for polling requests (GET messages) from the SNMP manager.
514
514
6514
TCP
UDP
SSL
Port that the firewall, Panorama, or a Log Collector uses to send logs to a syslog server if you Configure Syslog Monitoring, and the ports that the PAN-OS integrated User-ID agent or Windows-based User-ID agent listens on for authentication syslog messages.
2055
UDP
Default port the firewall uses to send NetFlow records to a NetFlow collector if you Configure NetFlow Exports, but this is configurable.
5008
TCP
Port the GlobalProtect Mobile Security Manager listens on for HIP requests from the GlobalProtect gateways.
If you are using a third-party MDM system, you can configure the gateway to use a different port as required by the MDM vendor.
6080
6081
6082
TCP
TLS 1.2
TCP
Ports used for User-ID™ Authentication Portal:
  • 6080 for NT LAN Manager (NTLM) authentication
  • 6081 for Authentication Portal without an SSL/TLS Server Profile
  • 6082 for Authentication Portal with an SSL/TLS Server Profile
10443
SSL
Port that the firewall and Panorama use to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus.