Ports Used for Management Functions
The firewall and Panorama use the following ports for management functions.
Used for communication from a client system to the firewall CLI interface.
Port the firewall uses for NTP updates.
Used for communication from a client system to the firewall web interface. This is also the port the firewall and User-ID agent listens on for updates when you Enable VM Monitoring to Track Changes on the Virtual Network.
For monitoring an AWS environment, this is the only port that is used.
For monitoring a VMware vCenter/ESXi environment, the listening port defaults to 443, but it is configurable.
Port the firewall, Panorama, or a Log Collector uses to Forward Traps to an SNMP Manager.
This port doesn’t need to be open on the Palo Alto Networks firewall. You must configure the Simple Network Management Protocol (SNMP) manager to listen on this port. For details, refer to the documentation of your SNMP management software.
Port the firewall listens on for polling requests (GET messages) from the SNMP manager.
Port that the firewall, Panorama, or a Log Collector uses to send logs to a syslog server if you Configure Syslog Monitoring, and the ports that the PAN-OS integrated User-ID agent or Windows-based User-ID agent listens on for authentication syslog messages.
Port the GlobalProtect Mobile Security Manager listens on for HIP requests from the GlobalProtect gateways.
If you are using a third-party MDM system, you can configure the gateway to use a different port as required by the MDM vendor.
Ports used for User-ID™ Captive Portal: 6080 for NT LAN Manager (NTLM) authentication, 6081 for Captive Portal without an SSL/TLS Server Profile, and 6082 for Captive Portal with an SSL/TLS Server Profile.
Port that the firewall and Panorama use to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus.