This port doesn’t need
to be open on the Palo Alto Networks firewall. You must configure
the Simple Network Management Protocol (SNMP) manager to listen
on this port. For details, refer to the documentation of your SNMP
management software.
161
UDP
TCP
Port the firewall listens on for polling
requests (GET messages) from the SNMP manager.
514
514
6514
TCP
UDP
SSL
Port that the firewall, Panorama, or a Log
Collector uses to send logs to a syslog server if you Configure
Syslog Monitoring, and the ports that the PAN-OS integrated User-ID
agent or Windows-based User-ID agent listens on for authentication
syslog messages.
2055
UDP
Default port the firewall uses to send NetFlow
records to a NetFlow collector if you Configure
NetFlow Exports, but this is configurable.
5008
TCP
Port the GlobalProtect Mobile Security Manager
listens on for HIP requests from the GlobalProtect gateways.
If
you are using a third-party MDM system, you can configure the gateway
to use a different port as required by the MDM vendor.
6080
6081
6082
TCP
TLS 1.2
TCP
Ports used for User-ID™ Authentication
Portal:
6080 for NT LAN Manager (NTLM) authentication
6081 for Authentication Portal without an SSL/TLS Server
Profile
6082 for Authentication Portal with an SSL/TLS Server Profile
10443
SSL
Port that the firewall and Panorama use
to provide contextual information about a threat or to seamlessly
shift your threat investigation to the Threat Vault and AutoFocus.
9300
9301
9302
TCP
Port used by log collectors to listen to ElasticSearch
clustering.