Focus

Next-Generation Firewall

Configure a VLAN

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

Configure an Aggregate Interface Group

Configure a Loopback Interface

Configure a VLAN

Configure a Layer 2 interfaces with a VLAN for switching and traffic separation.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

When your organization wants to divide a LAN into separate virtual LANs (VLANs) to keep traffic and policy rules for different departments separate, you can logically group Layer 2 hosts into VLANs and thus divide a Layer 2 network segment into broadcast domains. For example, you can create VLANs for the Finance and Engineering departments.

The firewall acts as a switch to forward a frame with an Ethernet header containing a VLAN ID, and the destination interface must have a subinterface with that VLAN ID in order to receive that frame and forward it to the host. You configure a Layer 2 interface on the firewall and configure one or more logical subinterfaces for the interface, each with a VLAN tag (ID).

Strata Cloud Manager

(Best Practices) Configure a Zone Protection Profile to Increase Network Security.

Configure a Layer 2 Interface.

VLANs support Layer 2 interfaces only.

Configure a Subinterface for the Layer 2 interface.

Be sure to set the VLAN

Tag

for the subinterface.

Select

Manage

Configuration

NGFW and Prisma Access

Device Settings

Interfaces

VLAN

and select the Configuration Scope where you want to create the VLAN.

Select a firewall from your

Folders

or select

Snippets

to configure the VLAN in a snippet.

If you select a folder or select a snippet, you create a VLAN variable that must be assigned at the device level.

Enter the

Interface Name

By default, all VLANs are prefixed with

vlan

(Optional) Enter a

Description

(Folders and Snippets only; Optional) Assign the VLAN to a

Logical Router

See Configure a Logical Router for more information.

(Folders and Snippets only; Optional) Assign the interface to a

Zone

Create New

to create a new zone. See Zone Protection and DoS Protection for more information.

Add

the Layer 2

Ethernet Interfaces

you created in the previous step.

Configure the VLAN IP settings.

Select the VLAN IP

Type.

Static

IPv4 Address.

Add

the IPv4 IP addresses for the interfaces in the VLAN.

Activate the

DHCP Client

on the VLAN.

See Configure an Interface as a DHCP Client for more information on configuring the VLAN as a DHCP client.

Save

Push Config

to push your configuration changes.

Configure an Aggregate Interface Group

Configure a Loopback Interface

Next-Generation Firewall Docs

Configure a VLAN

Next-Generation Firewall Docs

Configure a VLAN

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner