Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors

When you use a NetFlow collector (see NetFlow Monitoring) or SNMP manager (see SNMP Monitoring and Traps) to monitor the Palo Alto Networks firewall, an interface index (SNMP ifindex object) identifies the interface that carried a particular flow (see Figure 1). In contrast, the firewall web interface uses interface names as identifiers (for example, ethernet1/1), not indexes. To understand which statistics that you see in a NetFlow collector or SNMP manager apply to which firewall interface, you must be able to match the interface indexes with interface names.
Interface Indexes in an SNMP Manager
SNMP_interface_IDs.png
You can match the indexes with names by understanding the formulas that the firewall uses to calculate indexes. The formulas vary by platform and interface type: physical or logical.
Physical interface indexes have a range of 1-9999, which the firewall calculates as follows:
Firewall Platform
Calculation
Example Interface Index
Non-chassis based:
VM-Series, PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series
The PA-4000 Series platform supports SNMP but not NetFlow.
MGT port + physical port offset
  • MGT port—This is a constant that depends on the platform:
    • 2 for hardware-based firewalls (for example, the PA-5000 Series firewall)
    • 1 for the VM-Series firewall
  • Physical port offset—This is the physical port number.
PA-5000 Series firewall, Eth1/4 =
2 (MGT port) + 4 (physical port) =
6
Chassis based:
PA-7000 Series firewalls
This platform supports SNMP but not NetFlow.
(Max. ports * slot) + physical port offset + MGT port
  • Maximum ports—This is a constant of 64.
  • Slot—This is the chassis slot number of the network interface card.
  • Physical port offset—This is the physical port number.
  • MGT port—This is a constant of 5 for PA-7000 Series firewalls.
PA-7000 Series firewall, Eth3/9 =
[64 (max. ports) * 3 (slot)] + 9 (physical port) + 5 (MGT port) =
206
Logical interface indexes for all platforms are nine-digit numbers that the firewall calculates as follows:
Interface Type
Range
Digit 9
Digits 7-8
Digits 5-6
Digits 1-4
Example Interface Index
Layer 3 subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth1/5.22 = 100000000 (type) + 100000 (slot) + 50000 (port) + 22 (suffix) =
101050022
Layer 2 subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth2/3.6 = 100000000 (type) + 200000 (slot) + 30000 (port) + 6 (suffix) =
102030006
Vwire subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth4/2.312 = 100000000 (type) + 400000 (slot) + 20000 (port) + 312 (suffix) =
104020312
VLAN
200000001-200009999
Type: 2
00
00
VLAN suffix: 1-9999 (0001-9999)
VLAN.55 = 200000000 (type) + 55 (suffix) =
200000055
Loopback
300000001-300009999
Type: 3
00
00
Loopback suffix: 1-9999 (0001-9999)
Loopback.55 = 300000000 (type) + 55 (suffix) =
300000055
Tunnel
400000001-400009999
Type: 4
00
00
Tunnel suffix: 1-9999 (0001-9999)
Tunnel.55 = 400000000 (type) + 55 (suffix) =
400000055
Aggregate group
500010001-500089999
Type: 5
00
AE suffix: 1-8 (01-08)
Subinterface: suffix 1-9999 (0001-9999)
AE5.99 = 500000000 (type) + 50000 (AE Suffix) + 99 (suffix) =
500050099

Recommended For You