Panorama > Setup > Interfaces
- Panorama > Setup > Interfaces
Select to configure the
interfaces that Panorama uses to manage firewalls and Log Collectors,
deploy software and content updates to firewalls and Log Collectors,
collect logs from firewalls, and communicate with Collector Groups.
By default, Panorama uses the management (MGT) interface for all
communication with firewalls and Log Collectors.
To reduce traffic on the MGT interface,
configure other interfaces to deploy updates, collect logs, and
communicate with Collector Groups. In an environment with heavy
log traffic, you can configure several interfaces for log collection.
Additionally, to improve the security of management traffic, you
can define a separate subnet (IPv4
Netmask
or
IPv6 Prefix Length
) for the MGT interface
that is more private than the subnets for the other interfaces.The available interfaces vary based on the Panorama model.
Interface | Maximum Speed | M-500 Appliance | Panorama Virtual Appliance |
|---|---|---|---|
Management (MGT) | 1Gbps | 
|
|
Ethernet1 (Eth1) | 1Gbps |
| — |
Ethernet2 (Eth2) | 1Gbps |
| — |
Ethernet3 (Eth3) | 1Gbps |
| — |
Ethernet4 (Eth4) | 10Gbps |
| — |
Ethernet5 (Eth5) | 10Gbps |
| — |
To configure an interface, click the Interface Name and configure
the settings described in the following table.
Always specify the IP address, the netmask
(for IPv4) or prefix length (for IPv6), and the default gateway
for the MGT interface. If you omit values for some settings (such
as the default gateway), you can access Panorama only through the
console port for future configuration changes. You cannot commit
the configurations for other interfaces unless you specify all three
settings.
Interface Settings | Description |
|---|---|
Eth1 / Eth2 / Eth3 / Eth4 / Eth5 | You must enable an interface to configure
it. The exception is the MGT interface, which is enabled by default. |
IP Address (IPv4) | If your network uses IPv4 addresses, assign
an IPv4 address to the interface. |
Netmask (IPv4) | If you assigned an IPv4 address to the interface,
you must also enter a network mask (such as 255.255.255.0). |
Default Gateway (IPv4) | If you assigned an IPv4 address to the interface,
you must also assign an IPv4 address to the default gateway (the
gateway must be on the same subnet as the interface). |
IPv6 Address/Prefix Length | If your network uses IPv6 addresses, assign
an IPv6 address to the interface. To indicate the netmask, enter
an IPv6 prefix length (such as 2001:400:f00::1/64). An
IPv6 address is supported for the MGT interface on all M-Series appliances
and Panorama virtual appliances deployed in a private cloud environment
(ESXi, vCloud Air, KVM, or Hyper-V). An IPv6 address is not supported
for the MGT interface on a Panorama virtual appliance deployed in
a public cloud environment (Amazon Web Services (AWS), AWS GovCloud,
Microsoft Azure, or Google Cloud Platform). |
Default IPv6 Gateway | If you assigned an IPv6 address to the interface,
you must also assign an IPv6 address to the default gateway (the
gateway must be on the same subnet as the interface). An
IPv6 address is supported for the MGT interface on all M-Series appliances
and Panorama virtual appliances deployed in a private cloud environment
(ESXi, vCloud Air, KVM, or Hyper-V). An IPv6 address is not supported
for the MGT interface on a Panorama virtual appliance deployed in
a public cloud environment (Amazon Web Services (AWS), AWS GovCloud,
Microsoft Azure, or Google Cloud Platform). |
Speed | Set the speed for the interface to 10Mbps,
100Mbps, 1Gbps, or 10Gbps (Eth4 and Eth5 only) at full or half duplex.
Use the default auto-negotiate setting to have Panorama determine
the interface speed. This setting must
match the interface settings on neighboring network equipment. To
ensure matching settings, select auto-negotiate if the neighboring
equipment supports that option. |
MTU | Enter the maximum transmission unit (MTU)
in bytes for packets sent on this interface (range is 576 to 1,500;
default is 1,500). |
Device Management and Device Log Collection | Enable the interface (enabled by default
on the MGT interface) for managing firewalls and Log Collectors
and collecting their logs. You can enable multiple interfaces to
perform these functions. |
Collector Group Communication | Enable the interface for Collector Group
communication (the default is the MGT interface). Only one interface
can perform this function. |
Syslog Forwarding | Enable the interface for forwarding syslogs
(the default is the MGT interface). Only one interface can perform
this function. |
Device Deployment | Enable the interface for deploying software
and content updates to firewalls and Log Collectors (the default
is the MGT interface). Only one interface can perform this function. |
Administrative Management Services |
|
Network Connectivity Services | The Ping service
is available on any interface. You can use ping to test connectivity
between the Panorama interface and external services. In a high
availability (HA) deployment, HA peers use ping to exchange heartbeat
backup information.The following services are available only
on the MGT interface:
|
Permitted IP Addresses | Enter the IP addresses from which administrators
can access Panorama on this interface. An empty list (default) specifies
that access is available from any IP address. Do
not leave this list blank; specify the IP addresses of Panorama
administrators (only) to prevent unauthorized access. |
