1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on AWS
    5. Deploy the VM-Series Firewall on AWS
    6. Use the VM-Series Firewall CLI to Swap the Management Interface
    End-of-Life (EoL)

    Use the VM-Series Firewall CLI to Swap the Management Interface

    If you did not swap the management interface (MGT) with the dataplane interface (ethernet 1/1) when deploying the firewall, you can use the CLI to enable the firewall to receive dataplane traffic on the primary interface after launching the firewall.
    1. Complete Steps 1 through 7 in Launch the VM-Series Firewall on AWS.
      Before you proceed, verify that the firewall has a minimum of two ENIs (eth0 and eth1). If you launch the firewall with only one ENI, the interface swap command will cause the firewall to boot into maintenance mode.
    2. On the EC2 Dashboard, view the IP address of the eth1 interface and verify that the AWS Security Group rules allow connections (HTTPS and SSH) to the new management interface (eth1).
    3. Log in to the VM-Series firewall CLI and enter the following command:
      set system setting mgmt-interface-swap enable yes
    4. Confirm that you want to swap the interface and use the eth1 dataplane interface as the management interface.
    5. Reboot the firewall for the swap to take effect. Use the following command:
      request restart system
    6. Verify that the interfaces have been swapped. Use the following command:
      debug show vm-series interfaces all
       
Phoenix_interface   Base-OS_port   Base-OS_MAC        PCI-ID         Driver 
mgt(interface-swap) eth0   0e:53:96:91:ef:29   0000:00:04.0   ixgbevf 
Ethernet1/1           eth1    0e:4d:84:5f:7f:4d       0000:00:03.0   ixgbevf

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo