End-of-Life (EoL)
Device > Setup > Interfaces
Use this page to configure connection settings, allowed
services, and administrative access for the management (MGT) interface
on all firewall models and for the auxiliary interfaces (AUX-1 and
AUX-2) on PA-5200 Series firewalls.
Palo Alto Networks recommends that you always specify the IP
address and netmask (for IPv4) or prefix length (for IPv6) and the
default gateway for every interface. If you omit any of these settings
for the MGT interface (such as the default gateway), you can access
the firewall only through the console port for future configuration
changes.
To configure the MGT interface on the M-100 or M-500 appliance,
or the Panorama virtual appliance, see Panorama
> Setup > Interfaces.
You can use a loopback interface
as an alternative to the MGT interface for firewall management (Network
> Interfaces > Loopback).
Item | Description |
---|---|
Type ( MGT interface only ) | Select one:
If
you select DHCP Client , optionally click Show
DHCP Client Runtime Info to view the dynamic IP interface
status:
Optionally,
you can Renew the DHCP lease for the IP address assigned
to the MGT interface. Otherwise, Close the
window. |
Aux 1 / Aux 2 ( PA-5200 Series firewalls only ) | Select any of the following options to enable
an auxiliary interface. These interfaces provide 10Gbps (SFP+) throughput
for:
Enable
HTTPS instead of HTTP for the web interface and enable SSH instead
of Telnet for the CLI.
|
IP Address (IPv4) | If your network uses IPv4, assign an IPv4
address to the interface. Alternatively, you can assign the IP address
of a loopback interface for firewall management (see Network
> Interfaces > Loopback). By default, the IP address you
enter is the source address for log forwarding. |
Netmask (IPv4) | If you assigned an IPv4 address to the interface,
you must also enter a network mask (for example, 255.255.255.0). |
Default Gateway | If you assigned an IPv4 address to the interface,
you must also assign an IPv4 address to the default gateway (the
gateway must be on the same subnet as the interface). |
IPv6 Address/Prefix Length | If your network uses IPv6, assign an IPv6
address to the interface. To indicate the netmask, enter an IPv6
prefix length (for example, 2001:400:f00::1/64). |
Default IPv6 Gateway | If you assigned an IPv6 address to the interface,
you must also assign an IPv6 address to the default gateway (the
gateway must be on the same subnet as the interface). |
Speed | Configure a data rate and duplex option
for the interface. The choices include 10Mbps, 100Mbps, and 1Gbps
at full or half duplex. Use the default auto-negotiate setting to
have the firewall determine the interface speed. This setting must match the port settings
on the neighboring network equipment. To ensure matching settings,
select auto-negotiate if the neighboring equipment supports that
option. |
MTU | Enter the maximum transmission unit (MTU)
in bytes for packets sent on this interface (range is 576 to 1,500;
default is 1,500). |
Services | Select the services you want to enable on
the interface:
HTTP uses plaintext, which is not as secure
as HTTPS. Therefore, Palo Alto Networks recommend you enable HTTPS instead of
HTTP for management traffic on the interface.
Telnet
uses plaintext, which is not as secure as SSH. Therefore, Palo Alto
Networks recommend you enable SSH instead of Telnet for management
traffic on the interface.
|
Permitted IP Addresses | Enter the IP addresses from which administrators
can access the firewall through the interface. An empty list (default)
specifies that access is available from any IP address. Do not leave the list blank; specify only
the IP addresses of firewall administrators to prevent unauthorized
access. |
Recommended For You
Recommended Videos
Recommended videos not found.