Configure a PA-7000 Series LPC for Logging per Virtual System
Create and configure an LPC subinterface for logging
on multi-vsys.
If you have enabled multi-vsys capability
on a PA-7000 Series firewall with a Log Processing Card (LPC) installed,
you can configure logging for different virtual systems as described
in the following workflow.
Create a Log Card subinterface.
Select
Network
Interfaces
Ethernet
and
select the interface to be the Log Card interface.
Enter the
Interface Name
.
For
Interface Type
, select
Log
Card
.
Click
OK
.
Add a subinterface for each tenant on the LPCs physical
interface.
Highlight the Ethernet interface that is
a Log Card interface type and click
Add Subinterface
.
For
Interface Name
, after the
period, enter the subinterface assigned to the tenant’s virtual
system.
For
Tag
, enter a VLAN tag value.
Make the tag the same as the subinterface
number for ease of use, but it could be a different number.
(
Optional
) Enter a
Comment
.
On the
Config
tab, in the
Assign
Interface to Virtual System
field, select the virtual
system to which the LPC subinterface is assigned. Alternatively,
you can click
Virtual Systems
to add a new
virtual system.
Click
OK
.
Enter the addresses assigned to the subinterface, and
configure the default gateway.
Select the
Log Card Forwarding
tab,
and do one or both of the following:
For the IPv4 section, enter the
IP Address
and
Netmask
assigned
to the subinterface. Enter the
Default Gateway
(the
next hop where packets will be sent that have no known next hop
address in the Routing Information Base [RIB]).
For the IPv6 section, enter the
IPv6 Address
assigned
to the subinterface. Enter the
IPv6 Default Gateway
.
Click
OK
.
Commit your changes.
Click
OK
and
Commit
.
If you haven’t already done so, configure the remaining
service routes for the virtual system.