Port used by the user id agent to talk to AD server

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Port used by the user id agent to talk to AD server

Cyber Elite
Cyber Elite

We have PA user id agent running on the windows server.

Need to confirm Port used by the User id agent to talk to AD for user to ip mappings

is this port tcp 5006?

 

where should i look for?

MP

Help the community: Like helpful comments and mark solutions.
1 accepted solution

Accepted Solutions

Our Windows based user agents are using TCP 445 to all our DC's.

 

View solution in original post

9 REPLIES 9

Cyber Elite
Cyber Elite

Hello,

By default, its port 5007. It will initiate from the client/server to the PAN on the management interface. You should be able to see it connect if you go to the Device tab -> User Identification ->User-ID agent subtab. The ball should be green. Also if you have the local firewall turned on on the server, make sure you are allowing port 5007/tcp outbound.

 

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/user-identification/device-us...

 

Regards,

Think the question was what port the UserID agent uses to talk to AD (not the Palo).

UserID to AD servers port usage is referenced here:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reference-port-num...

 

I have gone through that link so need to confirm if port used is 5006?

MP

Help the community: Like helpful comments and mark solutions.

Thanks for replying.

Need to confirm port used between user id agent running on Windows server and AD?

MP

Help the community: Like helpful comments and mark solutions.

Our Windows based user agents are using TCP 445 to all our DC's.

 

how can I verify that from user id agent running on windows server?

MP

Help the community: Like helpful comments and mark solutions.

On the windows server run a command prompt and use

 

netstat -an

 

look for established connections from  agent server to ad server, 

 

Will try that

MP

Help the community: Like helpful comments and mark solutions.

Tested it is using port 445.

Thanks for help

MP

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 7474 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!