In this post; I will walk you through the steps for installing and configuring the VM Palo Alto firewall on VMware workstation.
I will walk you through the steps for configuring the firewall interfaces, defining zones, Create Virtual Router, creating Interface Management profil
New let’s start to install PA firewall and build the infrastructure, then configure interfaces, Management profile, defining zones, create Role and Account, Create Virtual Router,NAT, Static and OSPF Routing and more.
I hope this guide is useful to some people that would like to use the Palo Firewall
In my next post; I will walk you through the steps for PA implementation in real environment with devices from different vendors.
I will cover in this post:
1- Create Virtual Network on VMware Workstation
2- Import Palo Alto Firewall Image
3- Add additional 2 Interface and modify MAC address
4- Verify the Palo Alto interfaces
5- Login to CL and Web interface
Created Virtual Networks
Created the following Virtual Networks on your workstation:
VMnet0 host-only interface on the subnet 192.168.1.0 as the Management network
VMnet1 host-only interface on the subnet 10.128.1.0/24 as internal network
VMnet2 host-only interface on the subnet 50.0.0.0/24 as external network
VMnet3 host-only interface on the subnet 172.16.1.0/24 as DMZ network
Note: I will use (VMnet1, VMnet3, VMnet4, and VMnet5) network, because network mentioned above occupied on my VMware enviroment.
Import Palo Alto
You will need to import the PA image
File –> Open
after importt the PA VM will only have 2 interfaces – You need to add 2 more interfaces
Before you start the VM Firewall you need to edit the .VMX
Edit .vmx file and change for all Ethernet ethernet”X”.virtualDev = “e1000” to “vmxnet3”
Modify MAC address
PAN VM uses hard-coded MAC addresses, map these in your lab VMware virtual machine network interfaces settings, until you license the product.
Select the interface –> Advance and type the MAC address
Mac address should assign as below:
VMnet0 –> 00:0C:29:9F:6A:93
VMnet1 –> BA:DB:EE:FB:AD:10
VMnet2 –> BA:DB:EE:FB:AD:11
VMnet3 –> BA:DB:EE:FB:AD:12
Verify the Palo Alto interface
Boot up the Palo Alto VM, once it has loaded successfully you will see the console login
Login using admin/admin to get to the CLI
1_ Verify the management interface is indeed defaulted to 192.168.1.1/24
“Show interface management”
2_Verify the data interface
Execute the “show interface hardware command to list the interfaces with their hardware attributes:
Use the computer that connected to management network; then use the web browser to navigate https://192.168.1.1 (Remember the “s” on https://)
Login using admin/admin
Bonus
By default the management interface is configured to 192.168.1.1/24, use command below to change to whatever network.in my example the 192.168.2.0/24 subnet:
configure
set deviceconfig system ip-address 192.168.2.1
commit
exit
show interface management
PA VM’s management interface now set to 192.168.2.1 and you should be able to to navigate https://192.168.2.1 in-order to manage PA firewall
Thank Man…I have been scratching my head on this.
LikeLiked by 1 person
Hello,
I would like to install 2 Palo Alto vm to implement the HA but as the mac-addresses are the same on each vm, it’s not possible to make them being able to communicate with each other.
To this end, is there a way to modify the mac-addresses of the vm for each interface ?
LikeLike
When i happened above the following different site and believed My partner and i should check points out there.
LikeLike
c na pas marché pas de interfaces hardware
LikeLike