Focus

Next-Generation Firewall

Configure a Subinterface

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Configure an Aggregate Ethernet Interface Variable

Configure an Aggregate Interface Group

Configure a Subinterface

Configure a Layer 2 or Layer 3 subinterface.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

You can configure a Layer 2 or Layer 3 subinterface to divide the physical interface configured for a zone.

Strata Cloud Manager

Select

Manage

Configuration

NGFW and Prisma Access

Device Settings

Interfaces

Ethernet

and select the Configuration Scope where you want to create the subinterface.

Select a firewall from your

Folders

or select

Snippets

to configure the subinterface in a snippet.

If you select a folder or select a snippet, you create a subinterface variable that must be assigned at the device level.

Configure an interface.

Configure a Layer 2 Interface

Configure a Layer 3 Interface

Add the subinterface. Select (check) the interface you created and

Add Sub Interface

You can configure a

Sub Interface (Layer 2)

or a

Sub Interface (Layer 3)

. Before you configure the subinterface, review the zone you want to associate the subinterface with. The interface type and zone interface type must match.

Folders and Snippets
—Select (check) the interface you created and select

Add Interface

Add Sub Interface

Firewalls
—Select (check) the interface you created and select

Add

Add Sub Interface

Enter the

Interface Name

The subinterface name is a numeric suffix of the interface that you selected. Supported interface names values are

—4094.

Enter the VLAN

Tag

(

—4094).

For ease of use, use the same number as a numeric suffix for the

Interface Name

(Optional) Enter a

Description

(Folders and Snippets for a Layer 3 subinterface only; Optional) Assign the interface to a

Logical Router

See Configure a Logical Router for more information.

(Folders and Snippets only; Optional) Assign the subinterface to a

Zone

Create New

to create a new zone. See Zone Protection and DoS Protection for more information.

(Layer 3 subinterface only) Configure subinterface IP settings.

Select the interface IP

Type.

Static

IPv4 Address.

Add

the IPv4 IP addresses for the interface.

Activate the

DHCP Client

on the subinterface.

See Configure an Interface as a DHCP Client for more information on configuring the subinterface as a DHCP client.

Save

Push Config

to push your configuration changes.

Configure an Aggregate Ethernet Interface Variable

Configure an Aggregate Interface Group

Next-Generation Firewall Docs

Configure a Subinterface

Next-Generation Firewall Docs

Configure a Subinterface

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner