Used for communication from a client system to the Panorama web interface.
Used for communication from the WF-500 Wildfire appliance to the:
Used for communication between Panorama and the Logging Service and the GlobalProtect cloud service.
Used for communication between Panorama and managed firewalls or managed collectors or the Logging Service, as well as for communication among managed collectors in a Collector Group:
Used for managed devices (firewalls, Wildfire appliances and Log Collectors) to retrieve software and content updates from Panorama.
Only devices that run PAN-OS 8.x and later releases retrieve updates from Panorama over this port. For devices running earlier releases, Panorama pushes the update packages over port 3978.
Used on the WildFire appliance to communicate with the firewall and Panorama running 8.0.1 and later.
28769 (5.1 and later)
28260 (5.0 and later)
49160 (5.0 and earlier)
Used for the HA connectivity and synchronization between Panorama HA peers using clear text communication. Communication can be initiated by either peer.
Used for the HA connectivity and synchronization between Panorama HA peers using encrypted communication (SSH over TCP). Communication can be initiated by either peer.
28270 (6.0 and later)
49190 (5.1 and earlier)
Used for communication among Log Collectors in a Collector Group for log distribution.
Used by the Panorama virtual appliance to write logs to the NFS datastore.
23000 to 23999
TCP, UDP, or SSL
Used for Syslog communication between Panorama and the Traps ESM components.