Ports Used for Panorama
Panorama uses the following ports.
Used for communication from a client system to the Panorama CLI interface.
Used for communication from a client system to the Panorama web interface.
Used for communication from the WF-500 Wildfire appliance to the:
|444||TCP||Used for communication between Panorama and the Logging Service and the GlobalProtect cloud service.|
Used for communication between Panorama and managed firewalls or managed collectors or the Logging Service, as well as for communication among managed collectors in a Collector Group:
Used for managed devices (firewalls, Wildfire appliances and Log Collectors) to retrieve software and content updates from Panorama.
Only devices that run PAN-OS 8.x and later releases retrieve updates from Panorama over this port. For devices running earlier releases, Panorama pushes the update packages over port 3978.
Used on the WildFire appliance to communicate with the firewall and Panorama running 8.0.1 and later.
28769 (5.1 and later)
28260 (5.0 and later)
49160 (5.0 and earlier)
Used for the HA connectivity and synchronization between Panorama HA peers using clear text communication. Communication can be initiated by either peer.
Used for the HA connectivity and synchronization between Panorama HA peers using encrypted communication (SSH over TCP). Communication can be initiated by either peer.
28270 (6.0 and later)
49190 (5.1 and earlier)
Used for communication among Log Collectors in a Collector Group for log distribution.
Used by the Panorama virtual appliance to write logs to the NFS datastore.
23000 to 23999
TCP, UDP, or SSL
Used for Syslog communication between Panorama and the Traps ESM components.
Verify Panorama Port Usage
Verify Panorama Port Usage To ensure that Panorama can communicate with managed firewalls, Log Collectors, and WildFire appliances and appliance clusters, and its high availability ...
Ingest Traps ESM Logs on Panorama
Ingest Traps ESM Logs on Panorama Visibility is a critical first step in preventing and reducing the impact of an attack. To help you meet ...
Set Up the M-Series Appliance as a Log Collector
Set Up the M-Series Appliance as a Log Collector If you want a dedicated appliance for log collection, configure an M-100 or M-500 appliance in ...
Configure Panorama for Network Segmentation
Configure Panorama for Network Segmentation To offload Panorama services from the MGT interface to other interfaces, start by configuring the interfaces on the Panorama management ...
Communication Settings Panorama > Managed Collectors > Communication To configure custom certificate-based authentication between Log Collectors and Panorama, firewalls, and other Log Collectors, configure the ...
Panorama HA Prerequisites
Panorama HA Prerequisites To configure Panorama in HA, you require a pair of identical Panorama servers with the following requirements on each: The same form ...
Deploy Panorama with Dedicated Log Collectors
Deploy Panorama with Dedicated Log Collectors The following figures illustrate Panorama in a distributed log collection deployment. In these examples, the Panorama management server comprises ...
Traps Log Ingestion on Panorama
Traps Log Ingestion on Panorama Panorama can now serve as a Syslog receiver that can ingest logs from the Traps ESM components using Syslog over ...
Configure Authentication Using Custom Certificates on Managed Devices
Configure Authentication Using Custom Certificates on Managed Devices Complete the following procedure to configure the client side (firewall or Log Collector) to use custom certificates ...