Sub-Interface Configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Sub-Interface Configuration

L4 Transporter

Hi All,

Please help. I never configured Sub-Interface in PA. There is a new requirement to configure a sub-interface under already configured interface. So my doubt is how this Sub-interface if we already configured the physical interface with the IP address? What is the use of Sub-interface is it similar to the VLAN interfaces in Checkpoint and ASA? In what situations we use Sub-interfaces? What is the use of VLAN if sub interfaces act as VLAN interfaces?

Also can we configure 2 interfaces with the IP addresses in the same subnet? Like 1.1.1.1/29 on one interface and 1.1.1.2/29 on other interface and attach different VRs to both those interfaces?

Regards,

Sanjay S

1 accepted solution

Accepted Solutions

Community Team Member

Hi @Sanjay_Ramaiah ,

 

Think of sub-interfaces as a way to divide one physical network connection into multiple virtual connections. It's like having several mini-networks within a single network connection.

 

For example, let's say you have three VLANs: VLAN 10, VLAN 20, and VLAN 30. Instead of needing three separate physical ports on the firewall, you can create three sub-interfaces on a single physical port. Each sub-interface is associated with one VLAN.

 

By doing this, you can treat each sub-interface as if it were a separate network port. You can apply different security rules, policies, and routing configurations to each sub-interface. It helps in isolating traffic between different VLANs or subnets and controlling how they communicate with each other.

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

1 REPLY 1

Community Team Member

Hi @Sanjay_Ramaiah ,

 

Think of sub-interfaces as a way to divide one physical network connection into multiple virtual connections. It's like having several mini-networks within a single network connection.

 

For example, let's say you have three VLANs: VLAN 10, VLAN 20, and VLAN 30. Instead of needing three separate physical ports on the firewall, you can create three sub-interfaces on a single physical port. Each sub-interface is associated with one VLAN.

 

By doing this, you can treat each sub-interface as if it were a separate network port. You can apply different security rules, policies, and routing configurations to each sub-interface. It helps in isolating traffic between different VLANs or subnets and controlling how they communicate with each other.

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1 accepted solution
  • 1552 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!