Multiple
Interfaces for Network Segmentation Example
Figure 1 illustrates
a deployment that uses multiple interfaces on M-500 appliances in Panorama
mode and Log Collector mode. In this example, the interfaces support network
segmentation as follows:
- Panorama management network—To protect the Panorama web interface, CLI, and XML API from unauthorized access, the MGT interface on Panorama connects to a subnetwork that only administrators can access.
- Internet—Panorama uses the MGT interface to communicate with external services such as the Palo Alto Networks Update Server.
- Perimeter GatewayandData Center—Panorama uses a separate pair of interfaces to manage the firewalls and Log Collectors in each of these subnetworks. Managing firewalls typically generates less traffic than querying Log Collectors for report information. Therefore, Panorama uses 1Gbps interfaces (Eth1 and Eth2) for managing the firewalls and uses 10Gbps interfaces (Eth4 and Eth5) for querying and managing the Log Collectors. Each Log Collector uses its MGT interface to respond to the queries but uses its Eth4 and Eth5 interfaces for the heavier traffic associated with collecting logs from the firewalls.
- Software and content updates—The firewalls and Log Collectors in both subnetworks retrieve software and content updates over the Eth3 interface on Panorama.
Multiple Panorama Interfaces
