Our previous article explained how Palo Alto Firewalls make use of Security Zones to process and enforce security policies. This article will explain the different configuration options for physical Ethernet and logical interfaces available on the Palo Alto Firewall.
Itâ€™s easy to mix and match the interface types and deployment options in real world deployments and this seems to be the strongest selling point of Palo Alto Networks Next-Generation Firewalls. Network segmentation becomes easier due to the flexibility offered by a single pair of Palo Alto appliances.
Below is a list of the configuration options available for Ethernet (physical) interfaces:
- Tap Mode
- Virtual Wire
- Layer 2
- Layer 3
- Aggregate Interfaces
Following are the Logical interface options available:
- Decrypt Mirror
The various interface types offered by Palo Alto Networks Next-Generation Firewalls provide flexible deployment options.