Common Building Blocks for Firewall Interfaces

Select
Network
Interfaces
to display and configure the components that are common to most interface types.
For a description of components that are unique or different when you configure interfaces on a PA-7000 Series firewall, or when you use Panorama™ to configure interfaces on any firewall, see Common Building Blocks for PA-7000 Series Firewall Interfaces.
Firewall Interface Building Blocks
Description
Interface (Interface Name)
The interface name is predefined and you cannot change it. However, you can append a numeric suffix for subinterfaces, aggregate interfaces, VLAN interfaces, loopback interfaces, and tunnel interfaces.
Interface Type
For Ethernet interfaces (
Network
Interfaces
Ethernet
), you can select the interface type:
  • Tap
  • HA
  • Decrypt Mirror
    (Supported on all firewalls except on the VM-Series NSX, Citrix SDX, AWS, and Azure.)
  • Virtual Wire
  • Layer 2
  • Layer 3
  • Log Card
    (PA-7000 Series firewall only)
  • Aggregate Ethernet
Management Profile
Select a
Management Profile
(
Network
Interfaces
<if-config
Advanced
Other Info
) that defines the protocols (such as SSH, Telnet, and HTTP) you can use to manage the firewall over this interface.
Link State
For Ethernet interfaces, Link State indicates whether the interface is currently accessible and can receive traffic over the network:
  • Green
    —Configured and up
  • Red
    —Configured but down or disabled
  • Gray
    —Not configured
Hover over the link state to display a tool tip that indicates the link speed and duplex settings for that interface.
IP Address
(
Optional
) Configure the IPv4 or IPv6 address of the Ethernet, VLAN, loopback, or tunnel interface. For an IPv4 address, you can also select the addressing mode (
Type
) for the interface:
Static
,
DHCP Client
, or
PPPoE
.
Virtual Router
Assign a virtual router to the interface or click
Virtual Router
to define a new one (see Network > Virtual Routers). Select
None
to remove the current virtual router assignment from the interface.
Tag (
Subinterface only
)
Enter the VLAN tag (1-4,094) for the subinterface.
VLAN
Select
Network
Interfaces
VLAN
and modify an existing
VLAN
or
Add
a new one (see Network > VLANs). Select
None
to remove the current VLAN assignment from the interface. To enable switching between Layer 2 interfaces, or to enable routing through a VLAN interface, you must configure a VLAN object.
Virtual System
If the firewall supports multiple virtual systems and that capability is enabled, select a virtual system (vsys) for the interface or click
Virtual System
to define a new vsys.
Security Zone
Select a
Security Zone
(
Network
Interfaces
<if-config
Config
) for the interface, or select
Zone
to define a new one. Select
None
to remove the current zone assignment from the interface.
Features
For Ethernet interfaces, this column indicates whether the following features are enabled:
icon_dhcp.png DHCP Client
DNS_proxy_icon.png DNS Proxy
icon_globalprotect.png GlobalProtect™ gateway enabled
icon_lacp_enabled.png Link Aggregation Control Protocol (LACP)
icon_lldp.png Link Layer Discovery Protocol (LLDP)
NDP_monitor_icon.png NDP Monitor
icon_netflow.png NetFlow profile
icon_qos.png Quality of Service (QoS) profile
Comment
A description of the interface function or purpose.

Related Documentation