Ports Used for Management Functions

The firewall and Panorama use the following ports for management functions.
Destination Port
Protocol
Description
22
TCP
Used for communication from a client system to the firewall CLI interface.
80
TCP
The port the firewall listens on for Online Certificate Status Protocol (OCSP) updates when acting as an OCSP responder.
123
UDP
Port the firewall uses for NTP updates.
443
TCP
Used for communication from a client system to the firewall web interface. This is also the port the firewall and User-ID agent listens on for updates when you Enable VM Monitoring to Track Changes on the Virtual Network.
For monitoring an AWS environment, this is the only port that is used.
For monitoring a VMware vCenter/ESXi environment, the listening port defaults to 443, but it is configurable.
162
UDP
Port the firewall, Panorama, or a Log Collector uses to Forward Traps to an SNMP Manager.
This port doesn’t need to be open on the Palo Alto Networks firewall. You must configure the Simple Network Management Protocol (SNMP) manager to listen on this port. For details, refer to the documentation of your SNMP management software.
161
UDP
Port the firewall listens on for polling requests (GET messages) from the SNMP manager.
514
514
6514
TCP
UDP
SSL
Port that the firewall, Panorama, or a Log Collector uses to send logs to a syslog server if you Configure Syslog Monitoring, and the ports that the PAN-OS integrated User-ID agent or Windows-based User-ID agent listens on for authentication syslog messages.
2055
UDP
Default port the firewall uses to send NetFlow records to a NetFlow collector if you Configure NetFlow Exports, but this is configurable.
5008
TCP
Port the GlobalProtect Mobile Security Manager listens on for HIP requests from the GlobalProtect gateways.
If you are using a third-party MDM system, you can configure the gateway to use a different port as required by the MDM vendor.
6080
6081
6082
TCP
TLS 1.2
TCP
Ports used for User-ID™ Captive Portal: 6080 for NT LAN Manager (NTLM) authentication, 6081 for Captive Portal without an SSL/TLS Server Profile, and 6082 for Captive Portal with an SSL/TLS Server Profile.
10443
SSL
Port that the firewall and Panorama use to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus.

Related Documentation