What is the Communication Direction for User-ID?
The direction of communication (who initiates the session) is needed for the following User-ID functionalities:
- TCP 389/636 [LDAP] for Group mapping connection between the Palo Alto Networks device and Domain controller.
Direction: LDAP from Firewall to Domain Controller.
- TCP 5007 (or any configured port) between the Palo Alto Networks device and User-ID agent.
Direction: 5007 [or any configured port] from firewall to Agent.
- TCP 5006 (or any configured port) connection between Agent and the User-ID script.
Direction: 5006 [or any configured port] from where the script runs to the Agent.