Configure a VLAN

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Configure an Aggregate Interface Group

Configure a Loopback Interface

Configure a VLAN

Configure a Layer 2 interfaces with a VLAN for switching and traffic separation.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

When your organization wants to divide a LAN into separate virtual LANs (VLANs) to keep traffic and policy rules for different departments separate, you can logically group Layer 2 hosts into VLANs and thus divide a Layer 2 network segment into broadcast domains. For example, you can create VLANs for the Finance and Engineering departments.

The firewall acts as a switch to forward a frame with an Ethernet header containing a VLAN ID, and the destination interface must have a subinterface with that VLAN ID in order to receive that frame and forward it to the host. You configure a Layer 2 interface on the firewall and configure one or more logical subinterfaces for the interface, each with a VLAN tag (ID).

Log in to Strata Cloud Manager.
(Best Practices) Configure a Zone Protection Profile to Increase Network Security.
Configure a Layer 2 Interface.
VLANs support Layer 2 interfaces only.
Configure a Subinterface for the Layer 2 interface.
Be sure to set the VLAN Tag for the subinterface.
Select ManageConfigurationNGFW and Prisma AccessDevice SettingsInterfacesVLAN and select the Configuration Scope where you want to create the VLAN.

Select a firewall from your Folders or select Snippets to configure the VLAN in a snippet.

If you select a folder or select a snippet, you create a VLAN variable that must be assigned at the device level.
Enter the Interface Name.
By default, all VLANs are prefixed with vlan.
(Optional) Enter a Description.
(Folders and Snippets only; Optional) Assign the VLAN to a Logical Router.
See Configure a Logical Router for more information.
(Folders and Snippets only; Optional) Assign the interface to a Zone.
Create New to create a new zone. See Zone Protection and DoS Protection for more information.
Add the Layer 2 Ethernet Interfaces you created in the previous step.
Configure the VLAN IP settings.
1. Select the VLAN IP Type.
- Static IPv4 Address.
  Add the IPv4 IP addresses for the interfaces in the VLAN.
- Activate the DHCP Client on the VLAN.
  See Configure an Interface as a DHCP Client for more information on configuring the VLAN as a DHCP client.
Save.
Push Config to push your configuration changes.

Configure an Aggregate Interface Group

Configure a Loopback Interface

Next-Generation Firewall Docs

Configure a VLAN

Next-Generation Firewall Docs

Configure a VLAN

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner