Lost Newbie - TAP Interface

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Lost Newbie - TAP Interface

Not applicable

We bought a PA-500 just to start kicking the tires. I was ready to see a Juniper style GUI but was quickly lost in the PA Interface. Here is what I am looking to do, maybe someone can give me a quick list of configuration steps.

All we want to do is to see the traffic for now. It would be nice if we could do the LDAP Integration to see who is doing what.

I want to use a TAP Interface. I already have a mirrored interface of a firewall that I would like to use.

I want 1 interface to manage the Box, I'm assuming I can just use the MGMT Interface for this. (duh)

I may in the future want an interface to inject TCP-Resets for traffic we dont like.

What do I need to set up? Do I need to setup new zones, virtual routers, etc ?



L4 Transporter

Doc to get you started

https://live.paloaltonetworks.com/docs/DOC-1445- For LDAP

You use the dedicated mgt interface for OOB. In order to send TCP resets, you will have to deploy in either vwire/l2/l3 mode

L4 Transporter

> I want to use a TAP Interface. I already have a mirrored interface of  a firewall that I would like to use.

This part is easy.  Under the Device Tab, click on one of the interfaces and another window will pop up allowing you to define what type of interface it is.  In the first drop down box select "Tap" and then at the bottom select a zone.  I recommend clicking the "New" link and creating a new zone called "Tapzone."  Hit OK on that page and you're set for the zone, OK on the prior page and you've created your tap port.  Now hit Commit in the top right corner to make your changes active.  Also, you may want to make a security policy (Policies Tab).  Just create a new policy from Tapzone to Tapzone allowing all.  You can create profiles here to alert on all URL's, vulnerabilities, viruses so you can generate more log entries and see more logs there, too.

> I want 1 interface to manage the Box, I'm assuming I can just use the  MGMT Interface for this.

Yes, that's it.  By default the IP address of the device is, but to change this, you can console in, type "configure" at the first prompt and you will be in configuration mode.  Use the following CLI command to make your changes:

> set deviceconfig system ip-address netmask default-gateway dns-primary ntp-server-1

> commit

I'll defer to others on the LDAP nd TCP reset stuff (I think someone already replied), but if not, check out the admin guide on that, there's some good info there.


Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!