This port doesn’t need
to be open on the Palo Alto Networks firewall. You must configure
the Simple Network Management Protocol (SNMP) manager to listen
on this port. For details, refer to the documentation of your SNMP
management software.
161
UDP
Port the firewall listens on for polling
requests (GET messages) from the SNMP manager.
514
514
6514
TCP
UDP
SSL
Port that the firewall, Panorama, or a Log
Collector uses to send logs to a syslog server if you Configure
Syslog Monitoring, and the ports that the PAN-OS integrated User-ID
agent or Windows-based User-ID agent listens on for authentication
syslog messages.
2055
UDP
Default port the firewall uses to send NetFlow
records to a NetFlow collector if you Configure
NetFlow Exports, but this is configurable.
5008
TCP
Port the GlobalProtect Mobile Security Manager
listens on for HIP requests from the GlobalProtect gateways.
If
you are using a third-party MDM system, you can configure the gateway
to use a different port as required by the MDM vendor.
6081
6082
TLS 1.2
TCP
Ports used for User-ID™ Authentication
Portal: 6081 for Authentication Portal without an SSL/TLS Server
Profile, and 6082 for Authentication Portal with an SSL/TLS Server
Profile.
10443
SSL
Port that the firewall and Panorama use to
provide contextual information about a threat or to seamlessly shift
your threat investigation to the Threat Vault and AutoFocus.
