Configure a Virtual Wire

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
AIOps
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

About Virtual Wires

SD-WAN

Configure a Virtual Wire

Bind two interfaces to create a virtual wire.

Contact your account team to enable Cloud Management for NGFWs using Strata Cloud Manager.

Where Can I Use This?	What Do I Need?
`NGFW (Managed by Strata Cloud Manager)` `VM-Series, funded with Software NGFW Credits`	`AIOps for NGFW Premium license (use the Strata Cloud Manager app)`

Create a virtual wire to bind two Ethernet interfaces together. This procedure assumes that you’ve already cabled the Ethernet interfaces you want to bind together.

Log in to Strata Cloud Manager.
Create a Zone for each Ethernet interface you cabled.
Select ManageConfigurationNGFW and Prisma AccessDevice SettingsVirtual Wire and select the Configuration Scope where you want to create the virtual wire.

Select Folders to configure the virtual wire in a folder or select Snippets to configure the virtual wire in a snippet.

Adding a virtual wire in the firewall Configuration Scope isn’t currently supported.
Add Virtual Wire.
Configure the Ethernet interface members of the virtual wire.
1. Enter a descriptive Name.
2. Select the Member 1 Interface and Zone the interface is associated with.
3. Select the Member 2 Interface and Zone the interface is associated with.
Configure the virtual wire Advanced Settings.
1. (Optional) Select Multicast Firewalling if you want to be able to apply Security policy rules to multicast traffic going across the virtual wire. Otherwise, multicast traffic is transparently forwarded across the virtual wire.
2. Select Link State Pass Through if you want the firewall to function transparently. When the firewall detects a link down state for a link of the virtual wire, it brings down the other interface in the virtual wire pair. Thus, devices on both sides of the firewall see a consistent link state, as if there were no firewall between them. If you don’t select this option, link status isn’t propagated across the virtual wire.
3. Select LLDP if you want to advertise the device attributes to neighboring devices.
4. For Tag Allowed, enter 0 to indicate untagged traffic is allowed. The absence of a tag implies tag 0. Enter additional allowed tag integers or ranges of tags, separated by commas (default is 0; range is 0 to 4,094).
5. Configure the Link Settings.
  1. Select the interface Link Speed.
    
    Auto is selected by default and allows the firewall to determine the speed.
  2. Select the interface Link Duplex transmission mode.
    
    Auto is selected by default to allow the firewall to negotiate the transmission mode automatically.
  3. Select the interface Link State
    
    Auto detect is selected by default to allow the firewall to determine the link state.
Save.

About Virtual Wires

SD-WAN

Next-Generation Firewall Docs

Configure a Virtual Wire

Next-Generation Firewall Docs

Configure a Virtual Wire

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner