Multiple options to integrate the Palo Alto Firewall into your:

• Network
• Layer 2 interfaces and VLAN interfaces
• Layer 3 interfaces
• Tap interfaces
• Loopback and tunnel interfaces
• HA interfaces

Type 1 - Layer 2 interfaces:

• Allows a Trunk interface to transmit
• Tagged VLAN's which can be assigned to VLAN interfaces
• Can be allocated in port channels (link aggregation with LACP)

Configure a Layer2 interface with Wired-VLAN20.

Add a layer2 subinterface.

Add a Wireless-VLAN30 subinterface.

Type2 - Layer 3 interfaces:

• Carries end-to-end Layer 3 traffic with an assigned IP address.
• Can be allocated in port channels(link aggregation with LACP)
• Can be sub-divided in L3 Subinterfaces.

Add a layer3 interface.

Type3 - Tunnel and loopback interfaces:

• Used to logically assign attributes to tunnel entry/exit points
• Loopbacks: Create always-on logical interfaces for required applications.

Configure a tunnel.

Confiture Loopback

Configure Virtual Router

Configure IPsec Tunnels here.

Typer 4 - HA(High availability interfaces):

• Allows connectively between two Palo Alto Firewalls to establish a highly available Firewall setup
• HA links will carry required information to build the cluster, and sync routing/configuration across the members.

Configure HA interface.

Enable HA setup.

Configure the Control Link.

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/high-availability/set-up-activepassive-ha/configure-activepassive-ha