Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors

When you use a NetFlow collector (see NetFlow Monitoring ) or SNMP manager (see SNMP Monitoring and Traps ) to monitor the Palo Alto Networks firewall, an interface index (SNMP ifindex object) identifies the interface that carried a particular flow (see Interface Indexes in an SNMP Manager ). In contrast, the firewall web interface uses interface names as identifiers (for example, ethernet1/1), not indexes. To understand which statistics that you see in a NetFlow collector or SNMP manager apply to which firewall interface, you must be able to match the interface indexes with interface names.
Interface Indexes in an SNMP Manager
SNMP_interface_IDs.png
You can match the indexes with names by understanding the formulas that the firewall uses to calculate indexes. The formulas vary by platform and interface type: physical or logical.
Physical interface indexes have a range of 1-9999, which the firewall calculates as follows:
Firewall Platform
Calculation
Example Interface Index
VM-Series
Number of management ports + physical port offset
  • Number of management ports—This is a constant of 1.
  • Physical port offset—This is the physical port number.
VM-100 firewall, Eth1/4 =
1 (number of management ports) + 4 (physical port) = 5
PA-200, PA-500
Number of management ports + physical port offset
  • Number of management ports—This is a constant of 2.
  • Physical port offset—This is the physical port number.
PA-500 Series firewall, Eth1/4 =
2 (number of management ports) + 4 (physical port) = 6
PA-220, PA-800 Series, PA-3000 Series, PA-5000 Series, Pa-5200 Series
Number of management ports + physical port offset
  • Number of management ports—This is a constant of 5.
  • Physical port offset—This is the physical port number.
PA-5000 Series firewall, Eth1/4 =
5 (number of management ports) + 4 (physical port) = 9
PA-7000 Series firewalls
(Max. ports * slot) + physical port offset + number of management ports
  • Maximum ports—This is a constant of 64.
  • Slot—This is the chassis slot number of the network interface card.
  • Physical port offset—This is the physical port number.
  • Number of management ports—This is a constant of 5.
PA-7000 Series firewall, Eth3/9 =
[64 (max. ports) * 3 (slot)] + 9 (physical port) + 5 (number of management ports) = 206
Logical interface indexes for all platforms are nine-digit numbers that the firewall calculates as follows:
Interface Type
Range
Digit 9
Digits 7-8
Digits 5-6
Digits 1-4
Example Interface Index
Layer 3 subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth1/5.22 = 100000000 (type) + 100000 (slot) + 50000 (port) + 22 (suffix) = 101050022
Layer 2 subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth2/3.6 = 100000000 (type) + 200000 (slot) + 30000 (port) + 6 (suffix) = 102030006
Vwire subinterface
101010001-199999999
Type: 1
Interface slot: 1-9 (01-09)
Interface port: 1-9 (01-09)
Subinterface: suffix 1-9999 (0001-9999)
Eth4/2.312 = 100000000 (type) + 400000 (slot) + 20000 (port) + 312 (suffix) = 104020312
VLAN
200000001-200009999
Type: 2
00
00
VLAN suffix: 1-9999 (0001-9999)
VLAN.55 = 200000000 (type) + 55 (suffix) = 200000055
Loopback
300000001-300009999
Type: 3
00
00
Loopback suffix: 1-9999 (0001-9999)
Loopback.55 = 300000000 (type) + 55 (suffix) = 300000055
Tunnel
400000001-400009999
Type: 4
00
00
Tunnel suffix: 1-9999 (0001-9999)
Tunnel.55 = 400000000 (type) + 55 (suffix) = 400000055
Aggregate group
500010001-500089999
Type: 5
00
AE suffix: 1-8 (01-08)
Subinterface: suffix 1-9999 (0001-9999)
AE5.99 = 500000000 (type) + 50000 (AE Suffix) + 99 (suffix) = 500050099

Related Documentation