For Traffic, HIP Match, Threat, and WildFire
log types, the PA-7000 Series firewall does not use service routes
for SNMP Trap, Syslog, and email services. Instead, the PA-7000
Series firewall supports using a logging card.
Depending on
your firewall configuration, you might have one of the following card
types:
Log Processing Card (LPC)—Supports virtual system-specific
paths from LPC subinterfaces to an on-premise switch to the respective
service on a server. For System and Config logs, the PA-7000 Series firewall
uses global service routes, and not the LPC. If your firewall has
an LPC installed, you need to configure a log card port.
Log Forwarding Card (LFC)—Supports high-speed log forwarding
of all dataplane logs to an external log collector (for example, Panorama
and syslog servers). If your firewall has an LFC installed, you
do not need to configure a log card port.
Log forwarding
to an external server is not yet supported on LFC subinterfaces.
In
other Palo Alto Networks models, the dataplane sends logging service
route traffic to the management plane, which sends the traffic to
logging servers. In a PA-7000 Series firewall, the LPC or LFC have
only one interface, and dataplanes for multiple virtual systems
send logging server traffic (types mentioned above) to the PA-7000
Series firewall logging card. The logging card is configured with
multiple subinterfaces, over which the platform sends the logging
service traffic out to a customer’s switch, which can be connected
to multiple logging servers.
Each subinterface can be configured
with a subinterface name and a dotted subinterface number. The subinterface
is assigned to a virtual system, which is configured for logging
services. The other service routes on a PA-7000 Series firewall function
similarly to service routes on other Palo Alto Networks platforms.
For information about the LPC or LFC, see the
PA-7000 Series Hardware Reference Guide.