Device > Log Forwarding Card

Log Forwarding Card Features and Description
  • Device > Log Forwarding Card
The Log Forwarding Card (LFC) is a high-performance log card that forwards all dataplane logs (traffic and threat for example) from the firewall to one or more external logging systems, such as Panorama or a syslog server. Because the dataplane logs are no longer available on the local firewall, the ACC tab is removed from the management web interface and Monitor > Logs contain only management logs (Configuration, System, and Alarms).
You need to configure the ports for the LFC. Port 1 operates at 10Gbps and Port 9 operates at 40Gbps. Configure the ports in
Device > Log Forwarding Card
. The firewall uses these ports to forward all dataplane logs to an external system, such as Panorama or a syslog server.
See the PA-7000 Series Hardware Reference Guide for information about the LFC requirements and components.
For an LFC interface, configure the settings described in the following table.
LFC Interface Settings
Description
Name
Enter an interface name. For an LFC, you must select
lfc1/1
or
lfc1/9
.
Comment
Enter an optional description for the interface.
IPv4
If your network uses IPv4, define the following:
  • IP address
    —The IPv4 address of the port.
  • Netmask
    —The network mask for the IPv4 address of the port.
  • Default Gateway
    —The IPv4 address of the default gateway for the port.
IPv6
If your network uses IPv6, define the following:
  • IP address
    —The IPv6 address of the port.
  • Default Gateway
    —The IPv6 address of the default gateway for the port.
Link Speed
Select the interface speed in Mbps (
10000
or
40000
), or select
auto
(default) to have the firewall automatically determine the speed based on the connection. The interface speed available is dependent on the port used (lfc1/1 or lfc1/9). For interfaces that have a non-configurable speed,
auto
is the only option.
Link State
Select whether the interface status is enabled (
up
), disabled (
down
), or determined automatically based on the connection (
auto
). The default is
auto
.
LACP Port Priority
The firewall only uses this field if you enabled Link Aggregation Control Protocol (LACP) for the aggregate group. If the number of interfaces you assign to the group exceeds the number of active interfaces (the Max Ports field), the firewall uses the LACP port priorities of the interfaces to determine which are in standby mode. The lower the numeric value, the higher the priority (range is 1-65,535; default is 32,768).
Subinterfaces are available if you have multi-vsys enabled. To configure an LFC subinterface, add a subinterface and use the setting described in the following table.
LFC Subinterface Settings
Description
Interface Name
Interface Name
(read-only) displays the name of the log card interface you selected. In the adjacent field, enter a numeric suffix (1-9,999) to identify the subinterface.
Comment
Enter an optional description for the interface.
Tag
Enter the VLAN
Tag
(0-4,094) for the subinterface.
Make the tag the same as the subinterface number for ease of use.
Virtual System
Select the virtual system (vsys) to which the Log Forwarding Card (LFC) subinterface is assigned. Alternatively, you can click
Virtual Systems
to add a new vsys. Once an LFC subinterface is assigned to a vsys, that interface is used as the source interface for all services that forward logs (syslog, email, SNMP) from the log card.
IPv4
If your network uses IPv4, define the following:
  • IP address
    —The IPv4 address of the port.
  • Netmask
    —The network mask for the IPv4 address of the port.
  • Default Gateway
    —The IPv4 address of the default gateway for the port.
IPv6
If your network uses IPv6, define the following:
  • IP address
    —The IPv6 address of the port.
  • Default Gateway
    —The IPv6 address of the default gateway for the port.

Related Documentation