Multiple options to integrate the Palo Alto Firewall into your:
- Network
- Layer 2 interfaces and VLAN interfaces
- Layer 3 interfaces
- Tap interfaces
- Loopback and tunnel interfaces
- HA interfaces
Type 1 - Layer 2 interfaces:
- Allows a Trunk interface to transmit
- Tagged VLAN‘s which can be assigned to VLAN interfaces
- Can be allocated in port channels (link aggregation with LACP)
Configure a Layer2 interface with Wired-VLAN20.
Add a layer2 subinterface.
Add a Wireless-VLAN30 subinterface.
Type2 - Layer 3 interfaces:
- Carries end-to-end Layer 3 traffic with an assigned IP address.
- Can be allocated in port channels(link aggregation with LACP)
- Can be sub-divided in L3 Subinterfaces.
Add a layer3 interface.
Type3 - Tunnel and loopback interfaces:
- Used to logically assign attributes to tunnel entry/exit points
- Loopbacks: Create always-on logical interfaces for required applications.
Configure a tunnel.
Confiture Loopback
Configure Virtual Router
Configure IPsec Tunnels here.
Typer 4 - HA(High availability interfaces):
- Allows connectively between two Palo Alto Firewalls to establish a highly available Firewall setup
- HA links will carry required information to build the cluster, and sync routing/configuration across the members.
Configure HA interface.
Enable HA setup.
Configure the Control Link.
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/high-availability/set-up-activepassive-ha/configure-activepassive-ha
Cyber Security - Palo Alto Firewall Interface Types
原文:https://www.cnblogs.com/keepmoving1113/p/12483100.html
