Ports Used for Active Directory Protocols and User-ID Communications to Firewall

Ports Used for Active Directory Protocols and User-ID Communications to Firewall

90330
Created On 09/26/18 13:50 PM - Last Modified 06/01/23 02:48 AM


Resolution


 The following information describes the ports used for communication between the Palo Alto Networks firewall,

User-ID Agent (as well as for agentless User-ID), and Active Directory Domain Controller communication

protocols.

 

Protocols

 

1. LDAP (Ports used to talk to > LDAP (for authentication and group mapping)

• TCP 389 > TCP port 389 and 636 for LDAPS (LDAP Secure)

• TCP 3268 > Global Catalog is available by default on ports 3268, and 3269 for LDAPs

 

LDAP.jpg

 

2. RADIUS: UDP port 1812 is used for RADIUS authentication. Some network access servers might use

UDP port 1645 for RADIUS authentication messages

 

3. Kerberos: Uses UDP port 88 by default

 

 

User-ID (Ports used to talk to User-ID Agent)

 

• TCP 5007 (The default Windows User-ID Agent service port number is 5007, though it is

changeable)

Ports Used for Active Directory Protocols and User-ID Communications to Firewall

 

User+ID+Agent.jpg

 

Agentless

 

• Agentless User-ID uses WMI to pull security logs that initially use port 389, but then negotiate

using dynamic random ports for data. Hence, allow all ports need to be allowed.

 

See Also

User-ID Best Practices - PAN-OS 5.0, 6.0

Additional Information


31 May 23 (Vijay) - Old article and needs update. Adding product category for the project. 
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsBCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language