Panorama > Setup > Interfaces

Select
Panorama
Setup
Interfaces
to configure the interfaces that Panorama uses to manage firewalls and Log Collectors, deploy software and content updates to firewalls and Log Collectors, collect logs from firewalls, and communicate with Collector Groups. By default, Panorama uses the MGT interface for all communication with firewalls and Log Collectors.
To reduce traffic on the MGT interface, configure other interfaces to deploy updates, collect logs, and communicate with Collector Groups. In an environment with heavy log traffic, you can configure several interfaces for log collection. Additionally, to improve the security of management traffic, you can define a separate subnet (IPv4
Netmask
or IPv6
Prefix Length
) for the MGT interface that is more private than the subnets for the other interfaces.
The available interfaces vary based on the Panorama model.
Interface
Maximum Speed
M-500 Appliance
Panorama Virtual Appliance
Management (MGT)
1Gbps
green-check-mark.png
green-check-mark.png
Ethernet1 (Eth1)
1Gbps
green-check-mark.png
Ethernet2 (Eth2)
1Gbps
green-check-mark.png
Ethernet3 (Eth3)
1Gbps
green-check-mark.png
Ethernet4 (Eth4)
10Gbps
green-check-mark.png
Ethernet5 (Eth5)
10Gbps
green-check-mark.png
To configure an interface, click the Interface Name and configure the settings described in the following table.
Always specify the IP address, netmask (for IPv4) or prefix length (for IPv6), and default gateway for the MGT interface. If you omit values for some settings (such as the default gateway), you can only access Panorama through the console port for future configuration changes. You cannot commit the configurations for other interfaces unless you specify all three settings.
Interface Settings
Description
Eth1 / Eth2 / Eth3 / Eth4 / Eth5
You must enable an interface to configure it. The exception is the MGT interface, which is enabled by default.
IP Address (IPv4)
If your network uses IPv4, assign an IPv4 address to the interface.
Netmask (IPv4)
If you assigned an IPv4 address to the interface, you must also enter a network mask (such as 255.255.255.0).
Default Gateway (IPv4)
If you assigned an IPv4 address to the interface, you must also assign an IPv4 address to the default gateway (the gateway must be on the same subnet as the interface).
IPv6 Address/Prefix Length
If your network uses IPv6, assign an IPv6 address to the interface. To indicate the netmask, enter an IPv6 prefix length (such as 2001:400:f00::1/64).
Default IPv6 Gateway
If you assigned an IPv6 address to the interface, you must also assign an IPv6 address to the default gateway (the gateway must be on the same subnet as the interface).
Speed
Set the speed for the interface to 10Mbps, 100Mbps, 1Gbps, or 10Gbps (Eth4 and Eth5 only) at full or half duplex. Use the default auto-negotiate setting to have Panorama determine the interface speed.
This setting must match the interface settings on neighboring network equipment. To ensure matching settings, select auto-negotiate if the neighboring equipment supports that option.
MTU
Enter the maximum transmission unit (MTU) in bytes for packets sent on this interface (range is 576 to 1,500; default is 1,500).
Device Management and Device Log Collection
Enable the interface (enabled by default on the MGT interface) for managing firewalls and Log Collectors and collecting their logs. You can enable multiple interfaces to perform these functions.
Collector Group Communication
Enable the interface for Collector Group communication (the default is the MGT interface). Only one interface can perform this function.
Device Deployment
Enable the interface for deploying software and content updates to firewalls and Log Collectors (the default is the MGT interface). Only one interface can perform this function.
Administrative Management Services
  • HTTP
    —Enables access the Panorama web interface. HTTP uses plaintext, which is not as secure as HTTPS.
    Enable
    HTTPS
    instead of HTTP for management traffic on the interface.
  • Telnet
    —Enables access the Panorama CLI. Telnet uses plaintext, which is not as secure as SSH.
  • HTTPS
    —Enables secure access to the Panorama web interface.
    Enable
    SSH
    instead of Telnet for management traffic on the interface.
  • SSH
    —Enables secure access to the Panorama CLI.
Network Connectivity Services
The
Ping
service is available on any interface. You can use ping to test connectivity between the Panorama interface and external services. In a high availability (HA) deployment, HA peers use ping to exchange heartbeat backup information.
The following services are available only on the MGT interface:
  • SNMP
    —Enables Panorama to process statistics queries from an SNMP manager. For details, see Enable SNMP Monitoring.
  • User-ID
    —Enables Panorama to redistribute user mapping information received from User-ID agents.
Permitted IP Addresses
Enter the IP addresses from which administrators can access Panorama on this interface. An empty list (default) specifies that access is available from any IP address.
Do not leave this list blank; specify the IP addresses of Panorama administrators (only) to prevent unauthorized access.

Related Documentation