Palo Alto Networks Knowledgebase: How to Configure a Palo Alto Networks Device for Tap Mode Operation

How to Configure a Palo Alto Networks Device for Tap Mode Operation

(1749 Views)
Created On 09/25/18 18:01 PM - Last Updated 09/25/18 23:11 PM
Categories:  Content Release,  Deployment

Issue:


Solution:


The factory default configuration places e1/1 and e1/2 into a virtual wire.  Keep this configuration and configure e1/3 as Tap mode.

  1. Go to Network tab > Zones.  Create a new zone, zone type of Tap. give it a name (example, tapzone, intranetzone, etc).
        tap_1.JPG
  2. Go to Network > Interfaces. Select the interface to be configured for Tap.  In this example, e1/1 is used.  Edit the interface and change the type to Tap. Then, assign the zone created in step 1.
          tap_2.JPG
  3. Go to Policies > Security Rules. Create a single rule and select the zone created in step 1 for the source and destination zone.
    For example:
    • Name = TAP_Allow
    • Source zone = Tap_Zone
    • Destination zone = Tap_Zone
    • Rule: any any any any any action = allow
  4. Optionally, create a threat profile (antivirus, spyware, etc.) and assign it to the rule:
    tap_3.JPG

 

owner: jnguyen

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMzCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: