>
    Configure Interfaces and Zones (SCM)
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Perform the Initial Setup and Configuration for NGFWs
    4. Segment Your Network for a Reduced Attack Surface
    5. Configure Interfaces and Zones
    6. Configure Interfaces and Zones (SCM)
    Download PDF
    Next-Generation Firewall

    Configure Interfaces and Zones (SCM)

    Table of Contents

    Configure Interfaces and Zones (SCM)

    Configure interfaces and zones on your NGFW to segment your network in Strata Cloud Manager.

    Create an Interface

    Interfaces serve as the fundamental building blocks of your firewall's network connectivity, defining how traffic enters, exits, and flows through your security infrastructure. In Strata Cloud Manager, you can create and configure various types of interfaces to match your specific network architecture and deployment requirements, whether you're implementing network segmentation, connecting to different network zones, or establishing connectivity between network segments. Each interface type serves distinct purposes and operates at different layers of the network stack, from simple traffic monitoring and forwarding to complex routing and switching functions.
    The interface configuration determines how the firewall processes traffic, applies security policies, and integrates with your existing network infrastructure. Choose the appropriate interface type based on your network topology, traffic flow requirements, and the level of packet inspection and processing needed for your deployment:
    • Routing and Interfaces
      • Configure a Layer 2 Interface
      • Configure a Layer 2 Interface

    Create a Zone

    Assign one or more firewall interfaces to a zone to segment your network to control protection for each zone individually.
    1. Log in to Strata Cloud Manager.
    2. Configure your NGFW interfaces.
    3. Select ManageConfigurationNGFW and Prisma AccessDevice SettingsInterfaces and select the Configuration Scope where you want to create the zone.
      You can select a folder or firewall from your Folders or select Snippets to configure the zone in a snippet.
    4. Add Zone.
    5. Configure the zone.
      1. Select the Interface Type.
        Select Layer2 if you want to add Layer 2 interfaces to the zone or Layer 3 to add Layer 3 interfaces.
      2. Add one or more interfaces to the zone.
      3. (Optional) Select a Zone Protection Profile to specify how the firewall responds to attack from this zone.
        Select Create New to create a new Zone Protection Profile inline.
      4. (Optional) Confirm you want to Enable Packet Buffer Protection.
        This setting is enabled by default. The firewall applies Packet Buffer Protection to the ingress zone only to protect the zone from DoS attacks and aggressive sessions and sources.
      5. (Optional) Enable User ID ACL.
        This setting is disabled by default. When disabled, the firewall applies user mapping information it discovers to all traffic of this zone for use in logs, reports, and policy rules. When enabled, the firewall
      6. (Optional) Enable Device ID ACL.
        This setting is disabled by default.
    6. Save.

    © 2025 Palo Alto Networks, Inc. All rights reserved.