Cyber Security - Palo Alto Firewall Interface Types

Multiple options to integrate the Palo Alto Firewall into your:

  • Network
  • Layer 2 interfaces and VLAN interfaces
  • Layer 3 interfaces
  • Tap interfaces
  • Loopback and tunnel interfaces
  • HA interfaces

Type 1 - Layer 2 interfaces:

  • Allows a Trunk interface to transmit
  • Tagged VLAN's which can be assigned to VLAN interfaces
  • Can be allocated in port channels (link aggregation with LACP)

 

 

 

 Configure a Layer2 interface with Wired-VLAN20.

 

 

 Add a layer2 subinterface.

 

 

 

Add a Wireless-VLAN30 subinterface.

 

 

 

Type2 - Layer 3 interfaces:

  • Carries end-to-end Layer 3 traffic with an assigned IP address.
  • Can be allocated in port channels(link aggregation with LACP)
  • Can be sub-divided in L3 Subinterfaces.

Add a layer3 interface.

 

 Type3 - Tunnel and loopback interfaces:

  • Used to logically assign attributes to tunnel entry/exit points
  • Loopbacks: Create always-on logical interfaces for required applications.

 

 

 Configure a tunnel.

 

 Confiture Loopback

 

 

 

 

 

 Configure Virtual Router

 

 Configure IPsec Tunnels here.

 

 

Typer 4 - HA(High availability interfaces):

  • Allows connectively between two Palo Alto Firewalls to establish a highly available Firewall setup
  • HA links will carry required information to build the cluster, and sync routing/configuration across the members.

 

 Configure HA interface.

 

 Enable HA setup.

 

 Configure the Control Link.

 https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/high-availability/set-up-activepassive-ha/configure-activepassive-ha

posted @ 2020-03-14 17:20  晨风_Eric  阅读(385)  评论(0编辑  收藏  举报