05-07-2018 11:45 AM - edited 05-07-2018 11:46 AM
First, I have to mention that it is probably a bad idea to put firewall management on a public interface. I highly recommend against doing that.
If you must, please restrict it to the IPs you're using and ideally lock it down to multi-factor auth.
edit: Here's the official best practices for management of the devices:
That said, if you do want to put GlobalProtect (GP) as the same interface as a dataplane port for which you have enabled management, the firewall will automatically shift the management listener to port 4443 while keeping GP on 443. It's not something that can be customized so you'll need to make do with those ports, but will allow you to access the management service and still provide GP functionality.
