Focus

Next-Generation Firewall

Configure a Virtual Wire

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1

About Virtual Wires

SD-WAN

Configure a Virtual Wire

Bind two interfaces to create a virtual wire.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

Create a virtual wire to bind two Ethernet interfaces together. This procedure assumes that you’ve already cabled the Ethernet interfaces you want to bind together.

Strata Cloud Manager

Create a Zone for each Ethernet interface you cabled.

Select

Manage

Configuration

NGFW and Prisma Access

Device Settings

Virtual Wire

and select the Configuration Scope where you want to create the virtual wire.

Select

Folders

to configure the virtual wire in a folder or select

Snippets

to configure the virtual wire in a snippet.

Adding a virtual wire in the firewall Configuration Scope isn’t currently supported.

Add Virtual Wire

Configure the Ethernet interface members of the virtual wire.

Enter a descriptive

Name

Select the Member 1

Interface

and

Zone

the interface is associated with.

Select the Member 2

Interface

and

Zone

the interface is associated with.

Configure the virtual wire

Advanced Settings

(Optional) Select

Multicast Firewalling

if you want to be able to apply Security policy rules to multicast traffic going across the virtual wire. Otherwise, multicast traffic is transparently forwarded across the virtual wire.

Select

Link State Pass Through

if you want the firewall to function transparently. When the firewall detects a link down state for a link of the virtual wire, it brings down the other interface in the virtual wire pair. Thus, devices on both sides of the firewall see a consistent link state, as if there were no firewall between them. If you don’t select this option, link status isn’t propagated across the virtual wire.

Select

LLDP

if you want to advertise the device attributes to neighboring devices.

For

Tag Allowed

, enter

to indicate untagged traffic is allowed. The absence of a tag implies tag

. Enter additional allowed tag integers or ranges of tags, separated by commas (default is

; range is

4,094

Configure the Link Settings.

Select the interface

Link Speed

Auto

is selected by default and allows the firewall to determine the speed.

Select the interface

Link Duplex

transmission mode.

Auto

is selected by default to allow the firewall to negotiate the transmission mode automatically.

Select the interface

Link State

Auto detect is selected by default to allow the firewall to determine the link state.

Save

About Virtual Wires

SD-WAN

Next-Generation Firewall Docs

Configure a Virtual Wire

Next-Generation Firewall Docs

Configure a Virtual Wire

Recommended For You

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner