>
    Configure a Subinterface
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Set Up Firewalls
    4. Routing and Interfaces
    5. Configure Interfaces
    6. Configure a Subinterface
    Download PDF
    Next-Generation Firewall

    Configure a Subinterface

    Table of Contents

    Configure a Subinterface

    Configure a Layer 2 or Layer 3 subinterface.
    Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.
    Where Can I Use This?What Do I Need?
    One of these:
    You can configure a Layer 2 or Layer 3 subinterface to divide the physical interface configured for a zone.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationNGFW and Prisma AccessDevice SettingsInterfacesEthernet and select the Configuration Scope where you want to create the subinterface.
      Select a firewall from your Folders or select Snippets to configure the subinterface in a snippet.
      If you select a folder or select a snippet, you create a subinterface variable that must be assigned at the device level.
    3. Configure an interface.
    4. Add the subinterface. Select (check) the interface you created and Add Sub Interface.
      You can configure a Sub Interface (Layer 2) or a Sub Interface (Layer 3). Before you configure the subinterface, review the zone you want to associate the subinterface with. The interface type and zone interface type must match.
      • Folders and Snippets—Select (check) the interface you created and select Add InterfaceAdd Sub Interface.
      • Firewalls—Select (check) the interface you created and select AddAdd Sub Interface.
    5. Enter the Interface Name.
      The subinterface name is a numeric suffix of the interface that you selected. Supported interface names values are 1—4094.
    6. Enter the VLAN Tag (1—4094).
      For ease of use, use the same number as a numeric suffix for the Interface Name.
    7. (Optional) Enter a Description.
    8. (Folders and Snippets for a Layer 3 subinterface only; Optional) Assign the interface to a Logical Router.
      See Configure a Logical Router for more information.
      Selecting a global router will prompt a message asking if you want to override and remove the inherited objects. Click Yes to confirm.
    9. (Folders and Snippets only; Optional) Assign the subinterface to a Zone.
      Create New to create a new zone. See Zone Protection and DoS Protection for more information.
      Selecting an inherited zone overrides the previous settings and removes any inherited objects. Any changes made to the global folder are no longer inherited in a top-down manner. A message appears, indicating that the interface settings will be overridden and the inherited objects from the parent folder will be removed on all firewalls. When you save your changes, a confirmation message appears. If you confirm, the zone is overridden.
    10. (Layer 3 subinterface only) Configure subinterface IP settings.
      1. Select the interface IP Type.
      • Static IPv4 Address.
        Add the IPv4 IP addresses for the interface.
      • Activate the DHCP Client on the subinterface.
        See Configure an Interface as a DHCP Client for more information on configuring the subinterface as a DHCP client.
    11. Save.
    12. Push Config to push your configuration changes.

    © 2024 Palo Alto Networks, Inc. All rights reserved.