SD-WAN Administrator’s Guide
    : Configure Layer 3 Subinterfaces for SD-WAN
    Focus
    Download PDF
    Focus
    1. Home
    2. SD-WAN
    3. SD-WAN Administrator’s Guide
    4. Configure SD-WAN
    5. Configure Layer 3 Subinterfaces for SD-WAN
    Download PDF

    SD-WAN Administrator’s Guide

    Configure Layer 3 Subinterfaces for SD-WAN

    Table of Contents

    Configure Layer 3 Subinterfaces for SD-WAN

    Configure Layer 3 subinterfaces for SD-WAN.
    Firewalls running PAN-OS 10.1 and SD-WAN Plugin 2.1.0 support SD-WAN on Layer 3 subinterfaces so that the firewall can segment traffic using VLAN tags. The following task shows how to create a Layer3 subinterface that uses a static IP address and how to create one that uses DHCP to get its address. It shows how to assign a VLAN tag to the subinterface and enable SD-WAN on the subinterface. Create an SD-WAN interface profile to define each ISP connection and assign the profile to the corresponding subinterface (a virtual SD-WAN interface).
    If you configure SD-WAN Layer 3 subinterfaces on VM-Series firewalls, the VMware configuration must have respective portgroups attached to those interfaces that allow all VLANs.
    PPPoE is not supported on subinterfaces.
    1. Configure an SD-WAN Interface Profile for each ISP connection (subinterface) to define its link attributes.
    2. Create a Layer 3 subinterface that uses a static IP address.
      1. Select NetworkInterfacesEthernet and in the Template field select a template.
      2. Select an interface.
      3. For Interface Type, select Layer3 and click OK.
      4. Highlight the interface and click Add Subinterface at the bottom of the screen.
      5. After the Interface Name and period, enter the subinterface number.
      6. Enter a Tag for the subinterface (range is 1 to 4,094). For ease of use, make the tag the same number as the subinterface ID.
      7. On the IPv4 tab, Enable SD-WAN.
      8. Select the Type of address: Static.
      9. Add the IP address and subnet mask.
      10. Enter the IP address of the Next Hop Gateway.
      11. Click OK.
    3. Alternatively, create a Layer 3 subinterface that uses DHCP to get its address.
      1. Select NetworkInterfacesEthernet and in the Template field, select a template stack (not a template).
      2. Select an interface.
      3. For Interface Type, select Layer3 and click OK.
      4. Highlight the interface and click Add Subinterfaces at the bottom of the screen.
      5. Highlight the subinterface and click Override.
      6. Highlight the subinterface and after the Interface Name and period, enter the subinterface number.
      7. Enter a Tag for the subinterface (range is 1 to 4,094). For ease of use, make the tag the same number as the subinterface ID.
      8. On the IPv4 tab, Enable SD-WAN.
      9. Select Type of address: DHCP Client and Enable.
      10. Uncheck (do not select) Automatically create default route pointing to default gateway provided by server.
      11. Select the Advanced tab and then the DDNS tab.
      12. Select Settings and Enable. The Hostname is automatically generated by the Panorama SD-WAN plugin.
      13. Select the Vendor as Palo Alto Networks DDNS.
      14. Click OK.
    4. Apply an SD-WAN Interface Profile to the subinterface.
      1. Highlight the subinterface you created and select the SD-WAN tab.
      2. Select the SD-WAN Interface Profile you created for this link or create a new profile.
      3. Click OK.
    5. Repeat the prior steps to add more subinterfaces to the interface.
    6. Commit.

    © 2024 Palo Alto Networks, Inc. All rights reserved.