Common Building Blocks for Firewall Interfaces
Select NetworkInterfaces to display and configure the components that are common to most interface types.
For a description of components that are unique or different when you configure interfaces on a PA-7000 Series firewall, or when you use Panorama™ to configure interfaces on any firewall, see Common Building Blocks for PA-7000 Series Firewall Interfaces.
Firewall Interface Building Blocks
Interface (Interface Name)
The interface name is predefined and you cannot change it. However, you can append a numeric suffix for subinterfaces, aggregate interfaces, VLAN interfaces, loopback interfaces, and tunnel interfaces.
For Ethernet interfaces (NetworkInterfacesEthernet), you can select the interface type:
Select a Management Profile (NetworkInterfaces<if-configAdvancedOther Info) that defines the protocols (such as SSH, Telnet, and HTTP) you can use to manage the firewall over this interface.
For Ethernet interfaces, Link State indicates whether the interface is currently accessible and can receive traffic over the network:
Hover over the link state to display a tool tip that indicates the link speed and duplex settings for that interface.
(Optional) Configure the IPv4 or IPv6 address of the Ethernet, VLAN, loopback, or tunnel interface. For an IPv4 address, you can also select the addressing mode (Type) for the interface: Static, DHCP Client, or PPPoE.
Assign a virtual router to the interface or click Virtual Router to define a new one (see Network > Virtual Routers). Select None to remove the current virtual router assignment from the interface.
Tag (Subinterface only)
Enter the VLAN tag (1-4,094) for the subinterface.
Select NetworkInterfacesVLAN and modify an existing VLAN or Add a new one (see Network > VLANs). Select None to remove the current VLAN assignment from the interface. To enable switching between Layer 2 interfaces, or to enable routing through a VLAN interface, you must configure a VLAN object.
If the firewall supports multiple virtual systems and that capability is enabled, select a virtual system (vsys) for the interface or click Virtual System to define a new vsys.
Select a Security Zone (NetworkInterfaces<if-configConfig) for the interface, or select Zone to define a new one. Select None to remove the current zone assignment from the interface.
For Ethernet interfaces, this column indicates whether the following features are enabled:
GlobalProtect™ gateway enabled
Link Aggregation Control Protocol (LACP)
Link Layer Discovery Protocol (LLDP)
Quality of Service (QoS) profile
A description of the interface function or purpose.
Network > Interfaces
Network > Interfaces Firewall interfaces (ports) enable a firewall to connect with other network devices and with other interfaces within the firewall. The following topics ...
Common Building Blocks for PA-7000 Series Firewall Interfac...
Common Building Blocks for PA-7000 Series Firewall Interfaces The following table describes the components of the Network Interfaces Ethernet page that are unique or different ...
PA-7000 Series Layer 2 Subinterface
PA-7000 Series Layer 2 Subinterface Network > Interfaces > Ethernet For each Ethernet port configured as a physical Layer 2 interface, you can define an ...
PA-7000 Series Layer 2 Interface
PA-7000 Series Layer 2 Interface Network > Interfaces > Ethernet Select Network Interfaces Ethernet to configure a Layer 2 interface. click the name of an ...
Configure the Network Interfaces
Configure the Network Interfaces Configure an aggregate Ethernet interface, member interfaces, and subinterface that your firewall uses to connect to the ACI leaf switches. If ...
Configure the Network Interfaces
Configure the Network Interfaces Configure the Ethernet interfaces that connect the firewall to the ACI leaf switches. The VLAN ID number used in this configuration ...
Firewall Interfaces Overview
Firewall Interfaces Overview The interface configurations of firewall data ports enable traffic to enter and exit the firewall. A Palo Alto Networks® firewall can operate ...
NetFlow Support for PA-7000 Series Firewalls
NetFlow Support for PA-7000 Series Firewalls PA-7000 Series firewalls now have the same ability as other Palo Alto Networks firewalls to export session-based NetFlow records ...
Create a VLAN Pool and Domain
Create a VLAN Pool and Domain Configure the VLAN pool that will be used to allocate VLANs to the firewall when you attach interfaces to ...