Focus

Layer 3 Interfaces

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Manage Per-VLAN Spanning Tree (PVST+) BPDU Rewrite

Configure Layer 3 Interfaces

Layer 3 Interfaces

In a Layer 3 deployment, the firewall routes traffic between multiple ports. Before you can Configure Layer 3 Interfaces, you must configure the virtual router that you want the firewall to use to route the traffic for each Layer 3 interface.

If you’re using security group tags (SGTs) in a Cisco TrustSec network, it’s a best practice to deploy inline firewalls in either Layer 2 or virtual wire mode. However, if you need to use a Layer 3 firewall in a Cisco TrustSec network, you should deploy the Layer 3 firewall between two SGT exchange protocol (SXP) peers, and configure the firewall to allow traffic between the SXP peers.

The following topics describe how to configure Layer 3 interfaces, and how to use Neighbor Discovery Protocol (NDP) to provision IPv6 hosts and view the IPv6 addresses of devices on the link local network to quickly locate devices.

Manage Per-VLAN Spanning Tree (PVST+) BPDU Rewrite

Configure Layer 3 Interfaces

Next-Generation Firewall Docs

Layer 3 Interfaces

Next-Generation Firewall Docs

Layer 3 Interfaces

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner