Log Collector Interface Settings
Table of Contents
9.1 (EoL)
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
End-of-Life (EoL)
Log Collector Interface Settings
- Panorama > Managed Collectors > Interfaces
By default, Dedicated Log Collectors (M-Series appliances in
Log Collector mode) use the management (MGT) interface for management
traffic, log collection, and Collector Group communication. However,
Palo Alto Networks recommends that you assign separate interfaces
for log collection and Collector Group communication to reduce traffic
on the MGT interface. You can improve security by defining a separate
subnet for the MGT interface that is more private than the subnets
for the other interfaces. To use separate interfaces, you must first
configure them on the Panorama management server (see Device
> Setup > Management). The interfaces that are available
for log collection and Collector Group communication vary based
on the Log Collector appliance model. For example, the M-500 appliance
has the following interfaces: Ethernet1 (1Gbps), Ethernet2 (1Gbps),
Ethernet3 (1Gbps), Ethernet4 (10Gbps) Ethernet5 (10Gbps)
To configure an interface, select the link and configure the
settings as described in the following table.
To complete the configuration of the MGT interface, you must
specify the IP address, netmask (for IPv4) or prefix length (for
IPv6), and default gateway. If you commit a partial configuration
(for example, you might omit the default gateway), you can only
access the firewall or Panorama through the console port for future
configuration changes.
Always commit a complete MGT interface
configuration. You cannot commit the configurations for other interfaces
unless you specify the IP address, netmask (for IPv4) or prefix
length (for IPv6), and default gateway.
Log Collector Interface Settings | Description |
|---|---|
Eth1 / Eth2 / Eth3 / Eth4 / Eth5 | You must enable an interface to configure
it. The exception is the MGT interface, which is enabled by default. |
Speed and Duplex | Configure a data rate and duplex option
for the interface. The choices include 10Mbps, 100Mbps, 1Gbps, and 10Gbps
(Eth4 and Eth5 only) at full or half duplex. Use the default auto-negotiate setting
to have the Log Collector determine the interface speed. This setting must match the interface settings
on the neighboring network equipment. |
IP Address (IPv4) | If your network uses IPv4, assign an IPv4
address to the interface. |
Netmask (IPv4) | If you assigned an IPv4 address to the interface,
you must also enter a network mask (such as 255.255.255.0). |
Default Gateway (IPv4) | If you assigned an IPv4 address to the interface,
you must also assign an IPv4 address to the default gateway (the gateway
must be on the same subnet as the MGT interface). |
IPv6 Address/Prefix Length | If your network uses IPv6, assign an IPv6
address to the interface. To indicate the netmask, enter an IPv6
prefix length (such as 2001:400:f00::1/64). |
Default IPv6 Gateway | If you assigned an IPv6 address to the interface,
you must also assign an IPv6 address to the default gateway (the gateway
must be on the same subnet as the interface). |
MTU | Enter the maximum transmission unit (MTU)
in bytes for packets sent on this interface (range is 576 to 1,500;
default is 1,500). |
Device Log Collection | Enable the interface for collecting logs
from firewalls. For a deployment with high log traffic, you can
enable multiple interfaces to perform this function. This function
is enabled by default on the MGT interface. |
Collector Group Communication | Enable the interface for Collector Group communication.
Only one interface can perform this function (default is MGT interface). |
Network Connectivity Services | The Ping service
is available on any interface, and enables you to test connectivity between
the Log Collector interface and external services. The following
services are available only on the MGT interface:
|
Permitted IP Addresses | Enter the IP addresses of the client systems
that can access the Log Collector through this interface. An
empty list (default) specifies that access is available to any client
system. Palo Alto Networks recommends that
you do not leave this list blank; specify the client systems of Panorama
administrators to prevent unauthorized access. |