Configure an Ethernet Interface (REST API)
Table of Contents
11.0 (EoL)
Expand all | Collapse all
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
-
- Asynchronous and Synchronous Requests to the PAN-OS XML API
- Run Operational Mode Commands (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
- Get Version Info (API)
-
- PAN-OS REST API
- Access the PAN-OS REST API
- Resource Methods and Query Parameters (REST API)
- PAN-OS REST API Request and Response Structure
- PAN-OS REST API Error Codes
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Create a Tag (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
End-of-Life (EoL)
Configure an Ethernet Interface (REST API)
REST API example(s) to configure an Ethernet interface
There are multiple deployment options for
Ethernet interfaces on firewalls. Three common options are: Tap,
Virtual Wire, and Layer 3.
The following example shows how
to configure a Layer 3 Ethernet interface. Configuration of a Layer
3 Ethernet interface on a firewall involves two REST API requests:
(1) A request to configure the interface and (2) a request to import
the interface into the virtual system.
The example includes
the creation of an interface management profile that you assign
to the Layer 3 Ethernet interface. While an interface management
profile is optional for configuring the interface, this profile
has an important role because it provides protection from unauthorized
access.
- Configure an interface management profile (Optional).An interface management profile protects the firewall from unauthorized access by defining the services and IP addresses that a firewall interface permits. The following example creates an interface management profile that allows only ping and response pages. This example restricts IP addresses that can access the interface to 192.168.1.0/24, but if there are no IP restrictions required, then don’t add entries to thepermitted-ip list.curl -X POST https://<firewall>/restapi/v11.0/network/interfacemanagementnetworkprofiles?name=ping-and-response-pages' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "ping-and-response-pages", "http": "no", "http-ocsp": "no", "https": "no", "permitted-ip": { "entry": [ { "@name": "192.168.1.0/24" } ] }, "ping": "yes", "response-pages": "yes", "snmp": "no", "ssh": "no", "telnet": "no", "userid-service": "no", "userid-syslog-listener-ssl": "no", "userid-syslog-listener-udp": "no" } }'Code copied to clipboardUnable to copy due to lack of browser support.
- Configure a Layer 3 Ethernet interface.The following is an example of an API request to configure a Layer 3 Ethernet interface that uses DHCP for IP address assignment. The configuration includes application of the interface management profile you configured in step 1.curl -X POST https://<firewall>/restapi/v11.0/network/ethernetinterfaces?name=ethernet1/3' -H 'X-PAN-KEY: <api key> -d '{ "entry": { "@name": "ethernet1/3", "layer3": { "dhcp-client": { "create-default-route": "yes", "default-route-metric": 10, "enable": "yes", "send-hostname": { "enable": "no", "hostname": "system-hostname" } }, "interface-management-profile": "ping-and-response-pages" } } }'Code copied to clipboardUnable to copy due to lack of browser support.
- Import the Ethernet interface into your virtual system (vsys).The following example updates the import section of the firewall virtual systemvsys1 with the Ethernet interface you configured in step 2.curl -X POST https://<firewall>/restapi/v11.0/device/virtualsystems?name=vsys1' -H 'X-PAN-KEY: <api key> -d '{ "entry": [ { "@name": "vsys1", "import": { "network": { "interface": { "member": [ "ethernet1/3" ] } } } } ] }'Code copied to clipboardUnable to copy due to lack of browser support.
- Add this interface to a security zone.The steps above complete the configuration of the Ethernet interface, but for the interface to process network traffic, you must add the interface to a security zone. See Update a Security Zone for an example of REST API requests to add an Ethernet interface to an existing security zone.
- Add the Ethernet interface to an existing virtual router, like the default virtual router.The firewall requires a virtual router to obtain routes to other subnets through either participating L3 routing protocols (dynamic routes) or static routes. See Update a Virtual Router (REST API) for an example of REST API requests to add an interface to a virtual router.