Monday, May 23, 2016

Palo Alto interface types

PANOS supports various interfaces. Just like in  juniper SRX, the interface is assigned to a zone. A interface can be in only one zone but a zone could have multiple interfaces.

Here's a few interfaces

  • Mgt = for management of the device, does not carry user traffic
  • loopback = used for dynamic router router-ids
  • vlan =  802.1q tagged interfaces
  • vwire = uses no switching has a ingress and egress , can be used with vlan-tags
  • layer2 = used in vwire carries no layer3 address , has a vlan object define
  • latey3 = has either a ipv4 or ipv6 address or both, can be used with 802.1q tags
  • PPPoE = used for DSL pppoe services
  • TAPs =  a passive monitor that's used for inspection and does not route or switch traffic aka as a "one-arm"

note: The "tap" interface policy  src and dst zones are always the same.

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

1 comment: