The following table describes loopback interface settings.
Loopback Interface Setting
is set to
. In the adjacent field, enter a numeric suffix (1-9,999) to identify the interface.
Enter an optional description for the interface.
If you want to export unidirectional IP traffic that traverses an ingress interface to a NetFlow server, select the server profile or click
to define a new profile (see
Device > Server Profiles > NetFlow). Select
to remove the current NetFlow server assignment from the interface.
The PA-4000 Series and PA-7000 Series firewalls don’t support this feature.
Loopback Interface > Config
Assign a virtual router to the interface, or click
to define a new one (see
Network > Virtual Routers). Select
to remove the current virtual router assignment from the interface.
If the firewall supports multiple virtual systems and that capability is enabled, select a virtual system (vsys) for the interface or click
to define a new vsys.
Select a security zone for the interface, or click
to define a new zone. Select
to remove the current zone assignment from the interface.
Tunnel Interface > Advanced > Other Info
—Select a profile that defines the protocols (for example, SSH, Telnet, and HTTP) you can use to manage the firewall over this interface. Select
to remove the current profile assignment from the interface.
Enter the maximum transmission unit (MTU) in bytes for packets sent on this interface (576-9,192; default is 1,500). If machines on either side of the firewall perform Path MTU Discovery (PMTUD) and the interface receives a packet exceeding the MTU, the firewall returns an
ICMP fragmentation needed
message to the source indicating the packet is too large.
Adjust TCP MSS
Select this option to adjust the maximum segment size (MSS) to accommodate bytes for any headers within the interface MTU byte size. The MTU byte size minus the MSS Adjustment Size equals the MSS byte size, which varies by IP protocol:
IPv4 MSS Adjustment Size
—Range is 40-300; default is 40.
IPv6 MSS Adjustment Size
—Range is 60-300; default is 60.
Use these settings to address the case where a
through the network requires a smaller MSS. If a packet has more bytes than the MSS without fragmentation, this setting enables the adjustment.
Encapsulation adds length to headers, so it helps to configure the MSS adjustment size to allow bytes for such things as an MPLS header or tunneled traffic that has a VLAN tag.
For an IPv4 address
Loopback Interface > IPv4
Add, then perform one of the following steps to specify a static IP address and network mask for the interface.
Type the entry in Classless Inter-domain Routing (CIDR) notation using the format ip_address/mask.
IPv4 example: 192.168.2.0/24
IPv6 example: 2001:db8::/32
Select an existing address object of type
to create an address object of type
You can enter multiple IP addresses for the interface. The forwarding information base (FIB) your system uses determines the maximum number of IP addresses.
To delete an IP address, select the address and click
For an IPv6 address
Enable IPv6 on the interface
Loopback Interface > IPv6
Select this option to enable IPv6 addressing on this interface.
Enter the 64-bit extended unique identifier (EUI-64) in hexadecimal format (for example, 00:26:08:FF:FE:DE:4E:29). If you leave this field blank, the firewall uses the EUI-64 generated from the MAC address of the physical interface. If you enable the
Use interface ID as host portion
option when adding an address, the firewall uses the interface ID as the host portion of that address.
and configure the following parameters for each IPv6 address:
—Enter an IPv6 address and prefix length (for example, 2001:400:f00::1/64). You can also select an existing IPv6 address object or click
to create an address object.
Enable address on interface
—Select this option to enable the IPv6 address on the interface.
Use interface ID as host portion
—Select this option to use the
as the host portion of the IPv6 address.
—Select this option to include routing through the nearest node.