>
    Configure a PA-7000 Series LPC for Logging per Virtual System
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Virtual Systems
    4. Customize Service Routes for a Virtual System
    5. Configure a PA-7000 Series Firewall for Logging Per Virtual System
    6. Configure a PA-7000 Series LPC for Logging per Virtual System
    Download PDF

    Configure a PA-7000 Series LPC for Logging per Virtual System

    Table of Contents

    Configure a PA-7000 Series LPC for Logging per Virtual System

    Create and configure an LPC subinterface for logging on multi-vsys.
    If you have enabled multi-vsys capability on a PA-7000 Series firewall with a Log Processing Card (LPC) installed, you can configure logging for different virtual systems as described in the following workflow.
    1. Create a Log Card subinterface.
      1. Select NetworkInterfacesEthernet and select the interface to be the Log Card interface.
      2. Enter the Interface Name.
      3. For Interface Type, select Log Card.
      4. Click OK.
    2. Add a subinterface for each tenant on the LPCs physical interface.
      1. Highlight the Ethernet interface that is a Log Card interface type and click Add Subinterface.
      2. For Interface Name, after the period, enter the subinterface assigned to the tenant’s virtual system.
      3. For Tag, enter a VLAN tag value.
        Make the tag the same as the subinterface number for ease of use, but it could be a different number.
      4. (Optional) Enter a Comment.
      5. On the Config tab, in the Assign Interface to Virtual System field, select the virtual system to which the LPC subinterface is assigned. Alternatively, you can click Virtual Systems to add a new virtual system.
      6. Click OK.
    3. Enter the addresses assigned to the subinterface, and configure the default gateway.
      1. Select the Log Card Forwarding tab, and do one or both of the following:
        • For the IPv4 section, enter the IP Address and Netmask assigned to the subinterface. Enter the Default Gateway (the next hop where packets will be sent that have no known next hop address in the Routing Information Base [RIB]).
        • For the IPv6 section, enter the IPv6 Address assigned to the subinterface. Enter the IPv6 Default Gateway.
      2. Click OK.
    4. Commit your changes.
      Click OK and Commit.
    5. If you haven’t already done so, configure the remaining service routes for the virtual system.
      Customize Service Routes for a Virtual System.

    © 2024 Palo Alto Networks, Inc. All rights reserved.