Configure Layer 3 Subinterfaces for SD-WAN
Table of Contents
Configure Layer 3 Subinterfaces for SD-WAN
Configure Layer 3 subinterfaces for SD-WAN.
Firewalls running PAN-OS 10.1 and SD-WAN Plugin
2.1.0 support SD-WAN on Layer 3 subinterfaces so that the firewall
can segment traffic using VLAN tags. The following task shows how
to create a Layer3 subinterface that uses a static IP address and
how to create one that uses DHCP to get its address. It shows how
to assign a VLAN tag to the subinterface and enable SD-WAN on the
subinterface. Create an SD-WAN interface profile to define each
ISP connection and assign the profile to the corresponding subinterface
(a virtual SD-WAN interface).
If you configure SD-WAN
Layer 3 subinterfaces on VM-Series firewalls, the VMware configuration
must have respective portgroups attached to those interfaces that
allow all VLANs.
PPPoE is not supported on subinterfaces.
- Configure an SD-WAN Interface Profile for each ISP connection (subinterface) to define its link attributes.
- Create a Layer 3 subinterface that uses a static IP address.
- Select and in theTemplatefield select a template.
- Select an interface.
- ForInterface Type, selectLayer3and clickOK.
- Highlight the interface and clickAdd Subinterfaceat the bottom of the screen.
- After theInterface Nameand period, enter the subinterface number.
- Enter aTagfor the subinterface (range is 1 to 4,094). For ease of use, make the tag the same number as the subinterface ID.
- On theIPv4tab,Enable SD-WAN.
- Select theTypeof address:Static.
- AddtheIPaddress and subnet mask.
- Enter the IP address of theNext Hop Gateway.
- ClickOK.
- Alternatively, create a Layer 3 subinterface that uses DHCP to get its address.
- Select and in theTemplatefield, select a template stack (not a template).
- Select an interface.
- ForInterface Type, selectLayer3and clickOK.
- Highlight the interface and clickAdd Subinterfacesat the bottom of the screen.
- Highlight the subinterface and clickOverride.
- Highlight the subinterface and after theInterface Nameand period, enter the subinterface number.
- Enter aTagfor the subinterface (range is 1 to 4,094). For ease of use, make the tag the same number as the subinterface ID.
- On theIPv4tab,Enable SD-WAN.
- SelectTypeof address:DHCP ClientandEnable.
- Uncheck (do not select)Automatically create default route pointing to default gateway provided by server.
- Select theAdvancedtab and then theDDNStab.
- SelectSettingsandEnable. TheHostnameis automatically generated by the Panorama SD-WAN plugin.
- Select theVendorasPalo Alto Networks DDNS.
- ClickOK.
- Apply an SD-WAN Interface Profile to the subinterface.
- Highlight the subinterface you created and select theSD-WANtab.
- Select theSD-WAN Interface Profileyou created for this link or create a new profile.
- ClickOK.
- Repeat the prior steps to add more subinterfaces to the interface.
- Commit.