Device > Log Forwarding Card
Table of Contents
Expand all | Collapse all
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > GTP Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Decryption > Forwarding Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Device Block List
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Scheduled Config Export
End-of-Life (EoL)
Device > Log Forwarding Card
Log Forwarding Card Features and Description
- Device > Log Forwarding Card
The Log Forwarding Card (LFC) is a high-performance log card
that forwards all dataplane logs (traffic and threat for example)
from the firewall to one or more external logging systems, such
as Panorama or a syslog server. Because the dataplane logs are no
longer available on the local firewall, the ACC tab is removed from the
management web interface and Monitor > Logs contain only management
logs (Configuration, System, and Alarms).
You need to configure the ports for the LFC. Configuring the
LFC as lfc1/1 operates the first interface as port 1 at 10G. Configuring
the LFC as lfc1/9 operates the first interface as port 9 at 40G.
The second interface is not used in either configuration.
The LFC does not support LACP or LAG.
Configure the ports in Device > Log Forwarding Card. The
firewall uses these ports to forward all dataplane logs to an external
system, such as Panorama or a syslog server.
See the PA-7000 Series Hardware Reference Guide for
information about the LFC requirements and components.
For an LFC interface, configure the settings described in the
following table.
LFC Interface Settings | Description |
---|---|
Name | For an LFC, you must select lfc1/1 or lfc1/9 from
the drop-down menu. |
Comment | Enter an optional description for the interface. |
IPv4 | If your network uses IPv4, define the following:
|
IPv6 | If your network uses IPv6, define the following:
|
Link Speed | Select the interface speed in Mbps (10000 or 40000),
or select auto (default) to have the firewall
automatically determine the speed based on the connection. The interface
speed available is dependent on the Name used (lfc1/1 or lfc1/9).
For interfaces that have a non-configurable speed, auto is
the only option. |
Link State | Select whether the interface status is enabled (up),
disabled (down), or determined automatically
based on the connection (auto). The default
is auto. |
LACP Port Priority | LACP is currently not supported on the LFC. |
Subinterfaces are available if you have multi-vsys enabled. To configure an LFC subinterface,
add a subinterface and use the setting described in the following
table.
Log forwarding to an external server is
not yet supported on LFC subinterfaces. To forward logs to an external
server, you must use the main LFC interface.
LFC Subinterface Settings | Description |
---|---|
Interface Name | Interface Name (read-only)
displays the name of the log card interface you selected. In the
adjacent field, enter a numeric suffix (1-9,999) to identify the
subinterface. |
Comment | Enter an optional description for the interface. |
Tag | Enter the VLAN Tag (0-4,094)
for the subinterface. Make the tag
the same as the subinterface number for ease of use. |
Virtual System | Select the virtual system (vsys) to which
the Log Forwarding Card (LFC) subinterface is assigned. Alternatively,
you can click Virtual Systems to add a new
vsys. Once an LFC subinterface is assigned to a vsys, that interface
is used as the source interface for all services that forward logs
(syslog, email, SNMP) from the log card. |
IPv4 | If your network uses IPv4, define the following:
|
IPv6 | If your network uses IPv6, define the following:
|