PA-1400 Series Front Panel
Table of Contents
PA-1400 Series Front Panel
Learn about the PA-1400 Series firewall front-panel components.
The following image shows the front panel of the PA-1410
and PA-1420 firewalls and the table describes each front panel component.
Item | Component | Description |
|---|---|---|
1 | Ethernet ports 1 through 12 | Twelve RJ-45 ports for network traffic.
The link speed and link duplex are auto-negotiate only. PA-1410
PA-1420
On both the PA-1410 and PA-1420, port 1 is a Zero Touch Provisioning
(ZTP) port. The ZTP port can be used to automate the on-boarding of
new firewalls to a Panorama management server. To use the ZTP port,
read how to boot the firewall in ZTP
mode. On
both the PA-1410 and PA-1420, ports 9, 10, 11, and 12 are Power
Over Ethernet (PoE) ports. They can be configured to transfer power
to a connected device. Refer to the PAN-OS Networking Admin Guide for
PoE configuration information. |
2 | SFP+ ports 13 through 22 | Ten SFP (1Gbps) or SFP+ (10Gbps) ports based on
the installed transceiver. PA-1410
PA-1420
The SFP
ports can be remapped as HA-1 ports via PAN-OS or Panorama. These remapped
HA-1 ports offer high availability connectivity over a longer distance
than what is permitted by the HA1-A and HA1-B ports listed below. |
3 | HSCI port | One SFP+ (10Gbps) port (supports both SFP and
SFP+ transceivers or cables). Use this port to connect two
PA-1400 Series firewalls in a high availability (HA) configuration
as follows:
The
HSCI ports must be connected directly between the two firewalls
in the HA configuration (without a switch or router between them).
When directly connecting the HSCI ports between two PA-1400 Series
firewalls that are physically located near each other, Palo Alto
Networks recommends that you use a passive SFP+ cable. For
installations where the two firewalls are not near each other and
you cannot use a passive SFP+ cable, use a standard SFP+ transceiver
and the appropriate cable length. |
4 | HA1-A and HA1-B ports | Two RJ-45 10Mbps/100Mbps/1000Mbps ports for
high availability (HA) control. If the firewall dataplane
restarts due to a failure or manual restart, the HA1-B link will also
restart. If this occurs and the HA1-A link is not connected and
configured, then a split brain condition occurs. Therefore, we recommend
that you connect and configure the HA1-A ports and the HA1-B ports
to provide redundancy and to avoid split brain issues. |
5 | MGT port | Use this Ethernet 10Mbps/100Mbps/1000Mbps port
to access the management web interface and perform administrative
tasks. The firewall also uses this port for management services,
such as retrieving licenses and updating threat and application signatures.
The Management port cannot be
used to configure HA1 or HA1 backup. You must use the dedicated
HA1-A and HA1-B ports. |
6 | CONSOLE port (RJ-45) | Use this port to connect a management computer
to the firewall using a 9-pin serial-to-RJ-45 cable and terminal
emulation software. The console connection provides access
to firewall boot messages, the Maintenance Recovery Tool (MRT),
and the command line interface (CLI). If your management
computer does not have a serial port, use a USB-to-serial converter.
|
| 7 | USB port | A USB port that accepts a USB flash drive
with a bootstrap bundle (PAN-OS configuration). Bootstrapping
speeds up the process of configuring and licensing the firewall
to make it operational on the network with or without internet access. |
| 8 | CONSOLE port (Micro USB) | Use this port to connect a management computer
to the firewall using a standard Type-A USB-to-micro USB cable. The
console connection provides access to firewall boot messages, the
Maintenance Recovery Tool (MRT), and the command line interface (CLI). Refer to the Micro USB Console Port page for more
information and to download the Windows driver or to learn how to
connect from a Mac or Linux computer. |
| 9 | LED status indicators | Nine LEDs that indicate the status of the firewall
hardware components (see Interpret the PA-1400 Series Status LEDs). |