Used for communication from a client system to the firewall CLI interface.
Port the firewall uses for NTP updates.
Used for communication from a client system to the firewall web interface. This is also the port the firewall and User-ID agent listens on for VM Information source updates.
For monitoring an AWS environment, this is the only port that is used.
For monitoring a VMware vCenter/ESXi environment, the listening port defaults to 443, but it is configurable.
Port the firewall, Panorama, or a Log Collector uses to Forward Traps to an SNMP Manager.
This port doesn’t need to be open on the Palo Alto Networks firewall. You must configure the Simple Network Management Protocol (SNMP) manager to listen on this port. For details, refer to the documentation of your SNMP management software.
Port the firewall listens on for polling requests (GET messages) from the SNMP manager.
Port that the firewall, Panorama, or a Log Collector uses to send logs to a syslog server if you Configure Syslog Monitoring, and the ports that the PAN-OS integrated User-ID agent or Windows-based User-ID agent listens on for authentication syslog messages if you Configure User-ID to Receive User Mappings from a Syslog Sender.
Port the GlobalProtect Mobile Security Manager listens on for HIP requests from the GlobalProtect gateways.
If you are using a third-party MDM system, you can configure the gateway to use a different port as required by the MDM vendor.