Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
Focus
Focus

Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors

Table of Contents

Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors

When you use a NetFlow collector (see NetFlow Monitoring) or SNMP manager (see SNMP Monitoring and Traps) to monitor the Palo Alto Networks firewall, an interface index (SNMP ifindex object) identifies the interface that carried a particular flow (see Interface Indexes in an SNMP Manager). In contrast, the firewall web interface uses interface names as identifiers (for example, ethernet1/1), not indexes. To understand which statistics that you see in a NetFlow collector or SNMP manager apply to which firewall interface, you must be able to match the interface indexes with interface names.
Interface Indexes in an SNMP Manager
You can match the indexes with names by understanding the formulas that the firewall uses to calculate indexes. The formulas vary by platform and interface type: physical or logical.
Physical interface indexes have a range of 1-9999, which the firewall calculates as follows:
Firewall Platform
Calculation
Example Interface Index
VM-Series
Number of management ports + physical port offset
  • Number of management ports
    —This is a constant of 1.
  • Physical port offset
    —This is the physical port number.
VM-100 firewall, Eth1/4 =
1 (number of management ports) + 4 (physical port) =
5
PA-220, PA-220R, PA-800 Series
Number of management ports + physical port offset
  • Number of management ports
    —This is a constant of 5.
  • Physical port offset
    —This is the physical port number.
PA-5200 Series firewall, Eth1/4 =
5 (number of management ports) + 4 (physical port) =
9
PA-3200 Series, PA-5200 Series
Number of management ports + physical port offset
  • Number of management ports
    —This is a constant of 4.
  • Physical port offset
    —This is the physical port number.
PA-5200 Series firewall, Eth1/4 =
4 (number of management ports) + 4 (physical port) =
8
PA-7000 Series
(Max. ports * slot) + physical port offset + number of management ports
  • Maximum ports
    —This is a constant of 64.
  • Slot
    —This is the chassis slot number of the network interface card.
  • Physical port offset
    —This is the physical port number.
  • Number of management ports
    —This is a constant of 5.
PA-7000 Series firewall, Eth3/9 =
[64 (max. ports) * 3 (slot)] + 9 (physical port) + 5 (number of management ports) =
206
Logical interface indexes for all platforms are nine-digit numbers that the firewall calculates as follows:
Interface Type
Range
Digit 9
Digits 7-8
Digits 5-6
Digits 1-4
Example Interface Index
Layer 3 subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth1/5.22 = 100000000 (type) + 100000 (slot) + 50000 (port) + 22 (suffix) =
101050022
Layer 2 subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth2/3.6 = 100000000 (type) + 200000 (slot) + 30000 (port) + 6 (suffix) =
102030006
Vwire subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth4/2.312 = 100000000 (type) + 400000 (slot) + 20000 (port) + 312 (suffix) =
104020312
VLAN
200000001-200009999
Type: 2
00
00
VLAN suffix: 1-9999 (0001-9999)
VLAN.55 = 200000000 (type) + 55 (suffix) =
200000055
Loopback
300000001-300009999
Type: 3
00
00
Loopback suffix: 1-9999 (0001-9999)
Loopback.55 = 300000000 (type) + 55 (suffix) =
300000055
Tunnel
400000001-400009999
Type: 4
00
00
Tunnel suffix: 1-9999 (0001-9999)
Tunnel.55 = 400000000 (type) + 55 (suffix) =
400000055
Aggregate group
500010001-500089999
Type: 5
00
AE suffix: 1-8 (01-08)
Subinterface: suffix 1-9999 (0001-9999)
AE5.99 = 500000000 (type) + 50000 (AE Suffix) + 99 (suffix) =
500050099

Recommended For You