Common Building Blocks for Firewall Interfaces
Select NetworkInterfaces to display and configure the components that are common to most interface types.
For a description of components that are unique or different when you configure interfaces on a PA-7000 Series firewall, or when you use Panorama™ to configure interfaces on any firewall, see Common Building Blocks for PA-7000 Series Firewall Interfaces.
Firewall Interface Building Blocks
Interface (Interface Name)
The interface name is predefined and you cannot change it. However, you can append a numeric suffix for subinterfaces, aggregate interfaces, VLAN interfaces, loopback interfaces, and tunnel interfaces.
For Ethernet interfaces (NetworkInterfacesEthernet), you can select the interface type:
Select a Management Profile (NetworkInterfaces<if-configAdvancedOther Info) that defines the protocols (such as SSH, Telnet, and HTTP) you can use to manage the firewall over this interface.
For Ethernet interfaces, Link State indicates whether the interface is currently accessible and can receive traffic over the network:
Hover over the link state to display a tool tip that indicates the link speed and duplex settings for that interface.
(Optional) Configure the IPv4 or IPv6 address of the Ethernet, VLAN, loopback, or tunnel interface. For an IPv4 address, you can also select the addressing mode (Type) for the interface: Static, DHCP Client, or PPPoE.
Assign a virtual router to the interface or click Virtual Router to define a new one (see Network > Virtual Routers). Select None to remove the current virtual router assignment from the interface.
Tag (Subinterface only)
Enter the VLAN tag (1-4,094) for the subinterface.
Select NetworkInterfacesVLAN and modify an existing VLAN or Add a new one (see Network > VLANs). Select None to remove the current VLAN assignment from the interface. To enable switching between Layer 2 interfaces, or to enable routing through a VLAN interface, you must configure a VLAN object.
If the firewall supports multiple virtual systems and that capability is enabled, select a virtual system (vsys) for the interface or click Virtual System to define a new vsys.
Select a Security Zone (NetworkInterfaces<if-configConfig) for the interface, or select Zone to define a new one. Select None to remove the current zone assignment from the interface.
For Ethernet interfaces, this column indicates whether the following features are enabled:
GlobalProtect™ gateway enabled
Link Aggregation Control Protocol (LACP)
Link Layer Discovery Protocol (LLDP)
Quality of Service (QoS) profile
A description of the interface function or purpose.
Network > Interfaces
Network > Interfaces Firewall interfaces (ports) enable a firewall to connect with other network devices and with other interfaces within the firewall. The following topics ...
Common Building Blocks for PA-7000 Series Firewall Interfac...
Common Building Blocks for PA-7000 Series Firewall Interfaces The following table describes the components of the Network Interfaces Ethernet page that are unique or different ...
PA-7000 Series Layer 2 Subinterface
PA-7000 Series Layer 2 Subinterface Network > Interfaces > Ethernet For each Ethernet port configured as a physical Layer 2 interface, you can define an ...
PA-7000 Series Layer 2 Interface
PA-7000 Series Layer 2 Interface Network > Interfaces > Ethernet Select Network Interfaces Ethernet to configure a Layer 2 interface. click the name of an ...
Configure the Network Interfaces
Configure the Network Interfaces Configure an aggregate Ethernet interface, member interfaces, and subinterface that your firewall uses to connect to the ACI leaf switches. If ...
Configure the Network Interfaces
Configure the Network Interfaces Configure the Ethernet interfaces that connect the firewall to the ACI leaf switches. The VLAN ID number used in this configuration ...
Firewall Interfaces Overview
Firewall Interfaces Overview The interface configurations of firewall data ports enable traffic to enter and exit the firewall. A Palo Alto Networks® firewall can operate ...
Configure NetFlow Exports
Configure NetFlow Exports To use a NetFlow collector for analyzing the network traffic on firewall interfaces, perform the following steps to configure NetFlow record exports. ...
Use Case: Non-IP Protocol Protection Within a Security Zone on Layer 2 Interfaces
Use Case: Non-IP Protocol Protection Within a Security Zone on Layer 2 Interfaces If you don’t implement a Zone Protection profile with non-IP protocol protection, ...