Device > Setup > Interfaces
Use this page to configure connection settings, allowed services, and administrative access for the management (MGT) interface on all firewall models and for the auxiliary interfaces (AUX-1 and AUX-2) on PA-5200 Series firewalls.
Palo Alto Networks recommends that you always specify the IP address and netmask (for IPv4) or prefix length (for IPv6) and the default gateway for every interface. If you omit any of these settings for the MGT interface (such as the default gateway), you can access the firewall only through the console port for future configuration changes.
MGT interface only)
If you select
DHCP Client, optionally click
Show DHCP Client Runtime Infoto view the dynamic IP interface status:
Optionally, you can
Renewthe DHCP lease for the IP address assigned to the MGT interface. Otherwise,
Aux 1 / Aux 2
PA-5200 Series firewalls only)
Select any of the following options to enable an auxiliary interface. These interfaces provide 10Gbps (SFP+) throughput for:
Enable HTTPS instead of HTTP for the web interface and enable SSH instead of Telnet for the CLI.
IP Address (IPv4)
If your network uses IPv4, assign an IPv4 address to the interface. Alternatively, you can assign the IP address of a loopback interface for firewall management (see Network > Interfaces > Loopback). By default, the IP address you enter is the source address for log forwarding.
If you assigned an IPv4 address to the interface, you must also enter a network mask (for example, 255.255.255.0).
If you assigned an IPv4 address to the interface, you must also assign an IPv4 address to the default gateway (the gateway must be on the same subnet as the interface).
IPv6 Address/Prefix Length
If your network uses IPv6, assign an IPv6 address to the interface. To indicate the netmask, enter an IPv6 prefix length (for example, 2001:400:f00::1/64).
Default IPv6 Gateway
If you assigned an IPv6 address to the interface, you must also assign an IPv6 address to the default gateway (the gateway must be on the same subnet as the interface).
Configure a data rate and duplex option for the interface. The choices include 10Mbps, 100Mbps, and 1Gbps at full or half duplex. Use the default auto-negotiate setting to have the firewall determine the interface speed.
This setting must match the port settings on the neighboring network equipment. To ensure matching settings, select auto-negotiate if the neighboring equipment supports that option.
Enter the maximum transmission unit (MTU) in bytes for packets sent on this interface (range is 576 to 1,500; default is 1,500).
Administrative Management Services
Select the services you want to enable on the interface:
Permitted IP Addresses
Enter the IP addresses from which administrators can access the firewall through the interface. An empty list (default) specifies that access is available from any IP address.
Do not leave the list blank; specify only the IP addresses of firewall administrators to prevent unauthorized access.
Configure the Management Interface as a DHCP Client
Configure the Management Interface as a DHCP Client The management interface on the firewall supports DHCP client for IPv4, which allows the management interface to ...
Perform Initial Configuration
Perform Initial Configuration By default, the firewall has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you must change these ...
Panorama > Setup > Interfaces
Panorama > Setup > Interfaces Select Panorama Setup Interfaces to configure the interfaces that Panorama uses to manage firewalls and Log Collectors, deploy software and ...
Log Collector Interface Settings
Log Collector Interface Settings Panorama > Managed Collectors > Interfaces By default, Dedicated Log Collectors (M-Series appliances in Log Collector mode) use the management (MGT) ...
Configure an Interface as a DHCP Server
Configure an Interface as a DHCP Server The prerequisites for this task are: Configure a Layer 3 Ethernet or Layer 3 VLAN interface. Assign the ...
DHCP Client Network > Interfaces > Ethernet > IPv4 Network > Interfaces > VLAN > IPv4 Before configuring a firewall interface as a DHCP client ...
Configure Layer 3 Interfaces
Configure Layer 3 Interfaces The following procedure is required to configure Layer 3 Interfaces (Ethernet, VLAN, loopback, and tunnel interfaces) with IPv4 or IPv6 addresses ...
Perform Initial Configuration of the M-Series Appliance
Perform Initial Configuration of the M-Series Appliance By default, Panorama has an IP address of 192.168.1.1 and a username/password of admin/admin. For security reasons, you ...
DHCP Server Network > DHCP > DHCP Server The following section describes each component of the DHCP server. Before you configure a DHCP server, you ...