How to setup a Layer3 data Interface for the Firewall Management

How to setup a Layer3 data Interface for the Firewall Management

16774
Created On 09/25/18 17:58 PM - Last Modified 06/08/23 02:37 AM


Environment


  • Palo Alto Firewall
  • PAN-OS 8.1 and above.
  • Firewall management using Layer3 Interfaces.

Resolution


Steps

  1. Go to Network > Network Profiles > Interface Mgmt to define an Interface Management profile.
  2. Select the Services needed to be allowed from the list.
  3. (Optional) Select the source IP addresses to configure the firewall.
    5-30-2012 9-25-01 AM.png
  4. Associate the Interface Management profile with the Interface (Network > Interfaces > Ethernet > Advanced Tab > Other Info).
    5-30-2012 9-25-52 AM.png
  5. Commit.

To have granular control of the IP addresses that can access the different management services, security policies can be configured to allow/deny this traffic. For example, Allow_SNMP rule, in the example below, allows only SNMP traffic from 100.100.100.100 to 1.1.1.1, which is the firewall interface. The rule Allow_SSH_HTTPS_Ping allows ping, ssh, and ssl to the interface address from any source.

Policy.png

 

owner: akwaimandan
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClM4CAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language