Configure a Log Card Port on a PA-7000 Series Firewall
A log card port is required if
you configure the firewall to forward logs to an external system
or if you configure a WildFire™ forwarding profile. You configure
the log card port on one available port on a Network Processing
Card (NPC) using the type Log Card. This is required because the
traffic processing and logging capabilities of a PA-7000 Series
firewall exceeds the capabilities of the management port, which is
the port used for these services on other firewall models.
configuring an LFC interface for HA, ensure that you configure different
IP addresses on the peers.
This special port is used
by the firewall for the following log forwarding functions: syslog,
emails generated by the firewall, SNMP, WildFire file forwarding,
and Panorama log forwarding. Log forwarding to Panorama requires
PAN-OS 8.0 or later. In PAN-OS 7.1 and earlier releases, Panorama
queries logs stored on the PA-7000 Series firewall.
can set only one NPC port on the firewall to the type Log Card.
If you enable log forwarding and this port is not configured, a
commit error occurs. Also ensure that this port can reach the servers
that will receive content from the firewall. For example, if you
configure a log forwarding profile for a syslog server, this port
must be able to reach the syslog server. As another example, if
you enable WildFire file forwarding, the interface must be able
to reach the WildFire cloud server or if applicable, a private WF-500
When selecting the
NPC port to use as the log card port, you must use a 1 Gbps port
connection or higher to ensure that the firewall can maintain log
and click the
For example, to configure ethernet2/1, expand Slot 2 and click on
If multiple virtual systems are enabled, select the desired
virtual system in the