1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on Google Cloud Platform
    5. Deploy the VM-Series Firewall on Google Cloud Platform
    6. Use the VM-Series Firewall CLI to Swap the Management Interface

    Use the VM-Series Firewall CLI to Swap the Management Interface

    This task is only required if your architecture places the VM-Series firewall behind the Google Cloud Platform internal load balancer.
    If you did not specify metadata to swap the management interface (MGT) with the dataplane interface when you deployed the firewall, you can use the CLI to enable the firewall to receive dataplane traffic on the primary interface.
    1. Before you proceed, verify that the firewall has a minimum of two network interfaces (eth0 and eth1). If you launch the firewall with only one interface, the interface swap command causes the firewall to boot into maintenance mode.
    2. On the Google Cloud Console, view the VM instance details to verify the network interface IP addresses of the eth1 interface and verify that any security rules allow connections (HTTPS and SSH) to the new management interface (eth1).
    3. Log in to the VM-Series firewall CLI and enter the following command:
      set system setting mgmt-interface-swap enable yes
      You can view the default mapping from the command line interface. The output is similar to this:
      > debug show vm-series interfaces all
      
Interface_name  Base-OS_port
  mgt              eth0
  Ethernet1/1      eth1
  Ethernet1/2      eth2
    4. Confirm that you want to swap the interface (use the eth1 dataplane interface as the management interface).
    5. Reboot the firewall for the swap to take effect:
      request restart system
    6. Verify that the interfaces have been swapped:
      debug show vm-series interfaces all

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo