Palo Alto Networks Knowledgebase: General Port/Interface Information

General Port/Interface Information

Created On 09/26/18 13:52 PM - Last Updated 02/07/19 23:39 PM
Mobile Network Infrastructure

Default configuration for a PA500 (as an example)  is as follows:

Eth1/1 = Vwire, Zone = untrust
Eth1/2 = Vwire, Zone = trust
Eth1/3 = Unconfigured
Eth1/4 = Unconfigured
Eth1/5 = Unconfigured
Eth1/6 = Unconfigured
Eth1/7 = Unconfigured
Eth1/8 = Unconfigured

Once you configure a port as a L2 or L3 or Vwire interface you can not simply set the interface back to "None". If you were to connect a device to one of these ports, link would come up but the ports would not pass traffic. Ports require a Zone and a securiy rule that specifically allows traffic for any packets to pass through the box.

If you do want to set an interface back to default, simply select the interface and then choose to "delete" it from the bottom of the screen.

You can also issue the delete command from the CLI: > delete network interface ethernet <ethernet 1/x>

The  firewall does not do Spanning tree so no Bridging PDU packets would be generated by a PAN port with a link state = UP.  Once an Interface is configured for L2, it will pass BPDUs.

Without a configured IP address, none of the ports will respond to ARP.

Even with a L3 interface and a zone configured you would need to create a "Management Profile" to allow the interface to respond to PING or SSH.

owner: skrall

  • Print
  • Copy Link

Choose Language