Ports Used for Management Functions
The firewall and Panorama use the following ports for management functions.
Used for communication from a client system to the firewall CLI interface.
The port the firewall listens on for Online Certificate Status Protocol (OCSP) updates when acting as an OCSP responder.
Port the firewall uses for NTP updates.
Used for communication from a client system to the firewall web interface. This is also the port the firewall and User-ID agent listens on for updates when you Enable VM Monitoring to Track Changes on the Virtual Network.
For monitoring an AWS environment, this is the only port that is used.
For monitoring a VMware vCenter/ESXi environment, the listening port defaults to 443, but it is configurable.
Port the firewall, Panorama, or a Log Collector uses to Forward Traps to an SNMP Manager.
This port doesn’t need to be open on the Palo Alto Networks firewall. You must configure the Simple Network Management Protocol (SNMP) manager to listen on this port. For details, refer to the documentation of your SNMP management software.
Port the firewall listens on for polling requests (GET messages) from the SNMP manager.
Port that the firewall, Panorama, or a Log Collector uses to send logs to a syslog server if you Configure Syslog Monitoring, and the ports that the PAN-OS integrated User-ID agent or Windows-based User-ID agent listens on for authentication syslog messages.
Default port the firewall uses to send NetFlow records to a NetFlow collector if you Configure NetFlow Exports, but this is configurable.
Port the GlobalProtect Mobile Security Manager listens on for HIP requests from the GlobalProtect gateways.
If you are using a third-party MDM system, you can configure the gateway to use a different port as required by the MDM vendor.
Ports used for User-ID™ Captive Portal: 6080 for NT LAN Manager (NTLM) authentication, 6081 for Captive Portal without an SSL/TLS Server Profile, and 6082 for Captive Portal with an SSL/TLS Server Profile.
|10443||SSL||Port that the firewall and Panorama use to provide contextual information about a threat or to seamlessly shift your threat investigation to the Threat Vault and AutoFocus.|
Ports Used for User-ID
Ports Used for User-ID User-ID is a feature that enables mapping of user IP addresses to usernames and group memberships, enabling user- or group-based policy ...
Use Interface Management Profiles to Restrict Access
Use Interface Management Profiles to Restrict Access An Interface Management profile protects the firewall from unauthorized access by defining the protocols, services, and IP addresses ...
Network > Network Profiles > Interface Mgmt
Network > Network Profiles > Interface Mgmt An Interface Management profile protects the firewall from unauthorized access by defining the services and IP addresses that ...
Firewall Interface Identifiers in SNMP Managers and NetFlow...
Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors When you use a NetFlow collector (see NetFlow Monitoring ) or SNMP manager (see SNMP Monitoring ...
Configure Access to Monitored Servers
Configure Access to Monitored Servers Use the Server Monitoring section to Add server profiles that specify the servers the firewall will monitor. Configure at least ...
Reference: Port Number Usage
Reference: Port Number Usage The following tables list the ports that firewalls and Panorama use to communicate with each other, or with other services on ...
Network > GlobalProtect > MDM
Network > GlobalProtect > MDM If you are using a Mobile Security Manager to manage end user mobile endpoints and you are using HIP-enabled policy ...
Configure Access to User-ID Agents
Configure Access to User-ID Agents Each firewall and Panorama management server can connect to a maximum of 100 User-ID agents or User-ID redistribution points (or ...
Configure the PAN-OS Integrated User-ID Agent as a Syslog L...
Configure the PAN-OS Integrated User-ID Agent as a Syslog Listener To configure the PAN-OS Integrated User-ID agent to create new user mappings and remove outdated ...