Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
Table of Contents
Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors
When you use a NetFlow collector (see NetFlow
Monitoring) or SNMP manager (see SNMP
Monitoring and Traps) to monitor the Palo Alto Networks firewall,
an interface index (SNMP ifindex object) identifies the interface
that carried a particular flow (see Interface
Indexes in an SNMP Manager). In contrast, the firewall web
interface uses interface names as identifiers (for example, ethernet1/1),
not indexes. To understand which statistics that you see in a NetFlow
collector or SNMP manager apply to which firewall interface, you
must be able to match the interface indexes with interface names.
You can match the indexes with names by understanding the formulas
that the firewall uses to calculate indexes. The formulas vary by
platform and interface type: physical or logical.
Physical interface indexes have a range of 1-9999, which the
firewall calculates as follows:
Firewall Platform | Calculation | Example Interface Index |
|---|---|---|
| VM-Series | Number of management ports + physical port
offset
| VM-100 firewall, Eth1/4 = 1 (number
of management ports) + 4 (physical port) = 5 |
| PA-220, PA-220R, PA-800 Series | Number of management ports + physical port
offset
| PA-5200 Series firewall, Eth1/4 = 5
(number of management ports) + 4 (physical port) = 9 |
| PA-3200 Series, PA-5200 Series | Number of management ports + physical port
offset
| PA-5200 Series firewall, Eth1/4 = 4
(number of management ports) + 4 (physical port) = 8 |
PA-7000 Series | (Max. ports * slot) + physical port offset
+ number of management ports
| PA-7000 Series firewall, Eth3/9 = [64
(max. ports) * 3 (slot)] + 9 (physical port) + 5 (number of management ports)
= 206 |
Logical interface indexes for all platforms are nine-digit numbers
that the firewall calculates as follows:
Interface Type | Range | Digit 9 | Digits 7-8 | Digits 5-6 | Digits 1-4 | Example Interface
Index |
|---|---|---|---|---|---|---|
Layer 3 subinterface | 101010001-199999999 | Type: 1 | Interface slot: 1-9 (01-09) | Interface port: 1-9 (01-09) | Subinterface: suffix 1-9999 (0001-9999) | Eth1/5.22 = 100000000 (type) + 100000 (slot)
+ 50000 (port) + 22 (suffix) = 101050022 |
Layer 2 subinterface | 101010001-199999999 | Type: 1 | Interface slot: 1-9 (01-09) | Interface port: 1-9 (01-09) | Subinterface: suffix 1-9999 (0001-9999) | Eth2/3.6 = 100000000 (type) + 200000 (slot)
+ 30000 (port) + 6 (suffix) = 102030006 |
Vwire subinterface | 101010001-199999999 | Type: 1 | Interface slot: 1-9 (01-09) | Interface port: 1-9 (01-09) | Subinterface: suffix 1-9999 (0001-9999) | Eth4/2.312 = 100000000 (type) + 400000 (slot)
+ 20000 (port) + 312 (suffix) = 104020312 |
VLAN | 200000001-200009999 | Type: 2 | 00 | 00 | VLAN suffix: 1-9999 (0001-9999) | VLAN.55 = 200000000 (type) + 55 (suffix)
= 200000055 |
Loopback | 300000001-300009999 | Type: 3 | 00 | 00 | Loopback suffix: 1-9999 (0001-9999) | Loopback.55 = 300000000 (type) + 55 (suffix)
= 300000055 |
Tunnel | 400000001-400009999 | Type: 4 | 00 | 00 | Tunnel suffix: 1-9999 (0001-9999) | Tunnel.55 = 400000000 (type) + 55 (suffix)
= 400000055 |
Aggregate group | 500010001-500089999 | Type: 5 | 00 | AE suffix: 1-8 (01-08) | Subinterface: suffix 1-9999 (0001-9999) | AE5.99 = 500000000 (type) + 50000 (AE Suffix)
+ 99 (suffix) = 500050099 |