Device > Log Forwarding Card
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Device > Log Forwarding Card
Log Forwarding Card Features and Description
- Device > Log Forwarding Card
The Log Forwarding Card (LFC) is a high-performance log card
that forwards all dataplane logs (traffic and threat for example)
from the firewall to one or more external logging systems, such
as Panorama, Firewall Data Lake, or a syslog server. Because the
dataplane logs are no longer available on the local firewall, the
ACC tab is removed from the management web interface and MonitorLogs contain
only management logs (Configuration, System, and Alarms).
You need to configure the ports for the LFC. If you configure
LFC 1/1 using a breakout cable, you have access to up to eight 10G
breakout ports. This auto-configures ports 1-4 in the first interface
and auto-configures ports 5-8 in the second interface. You can use
one or both interfaces to provide up to 40G or 80G connectivity respectively.
The linked device must be set to use LAG for all ports attached
to the LFC.
If you configure LFC 1/9, you have access to up to two 40G ports.
This auto-configures port 9 in the first interface and auto-configures
port 10 in the second interface. You can use one or both interfaces
to provide up to 40G or 80G connectivity respectively. The linked
device must be set to use LAG for all ports attached to the LFC.
The LFC does not currently support LACP.
Configure the ports in Device CardLog Forwarding. The firewall uses
these ports to forward all dataplane logs to an external system,
such as Panorama or a syslog server.
See the PA-7000 Series Hardware Reference Guide for
information about the LFC requirements and components.
For an LFC interface, configure the settings described in the
following table.
LFC Interface Settings | Description |
---|---|
Name | Enter an interface name. For an LFC, you
must select lfc1/1 or lfc1/9 from the
drop-down menu. |
Comment | Enter an optional description for the interface. |
IPv4 | If your network uses IPv4, define the following:
|
IPv6 | If your network uses IPv6, define the following:
|
Link Speed | Select the interface speed in Mbps (10000 or 40000),
or select auto (default) to have the firewall
automatically determine the speed based on the connection. The interface
speed available is dependent on the Name used (lfc1/1 or lfc1/9).
For interfaces that have a non-configurable speed, auto is
the only option. |
Link State | Select whether the interface status is enabled (up),
disabled (down), or determined automatically
based on the connection (auto). The default
is auto. |
LACP Port Priority | LACP is currently not supported on the LFC. |
Subinterfaces are available if you have multi-vsys enabled. To configure an LFC subinterface,
add a subinterface and use the setting described in the following
table.
Log forwarding to an external server is not yet supported
on LFC subinterfaces. To forward logs to an external server, you
must use the main LFC interface.
LFC Subinterface Settings | Description |
---|---|
Interface Name | Interface Name (read-only)
displays the name of the log card interface you selected. In the
adjacent field, enter a numeric suffix (1-9,999) to identify the
subinterface. |
Comment | Enter an optional description for the interface. |
Tag | Enter the VLAN Tag (0-4,094)
for the subinterface. Make the tag
the same as the subinterface number for ease of use. |
Virtual System | Select the virtual system (vsys) to which
the Log Forwarding Card (LFC) subinterface is assigned. Alternatively,
you can click Virtual Systems to add a new
vsys. Once an LFC subinterface is assigned to a vsys, that interface
is used as the source interface for all services that forward logs
(syslog, email, SNMP) from the log card. |
IPv4 | If your network uses IPv4, define the following:
|
IPv6 | If your network uses IPv6, define the following:
|