Used for communication from a client system to the Panorama web interface.
Used for communication between Panorama and Cortex Data Lake and GlobalProtect cloud service.
Used for communication between Panorama and managed firewalls or managed collectors, as well as for communication among managed collectors in a Collector Group:
Used for managed devices (firewalls and Log Collectors) to retrieve software and content updates from Panorama.
Only devices that run PAN-OS 8.x and later releases retrieve updates from Panorama over this port. For devices running earlier releases, Panorama pushes the update packages over port 3978.
28769 (5.1 and later)
28260 (5.0 and later)
49160 (5.0 and earlier)
Used for the HA connectivity and synchronization between Panorama HA peers using clear text communication. Communication can be initiated by either peer.
Used for the HA connectivity and synchronization between Panorama HA peers using encrypted communication (SSH over TCP). Communication can be initiated by either peer.
Used for communication between Log Collectors in a Collector Group for log distribution.
28270 (6.0 and later)
49190 (5.1 and earlier)
Used for communication among Log Collectors in a Collector Group for log distribution.
Used by the Panorama virtual appliance to write logs to the NFS datastore.
Port that Panorama uses to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus.
23000 to 23999
TCP, UDP, or SSL
Used for Syslog communication between Panorama and the Traps ESM components.