Panorama and Hyper-V

Reply
L4 Transporter

Panorama and Hyper-V

 

Hello,

 

We’re currently looking at a VMWare to Hyper-V migration. One of our concerns is that it appears our Panorama virtual appliance isn’t supported to run on Hyper-V.

 

Do you know if Palo Alto are adding support for this anytime soon?

 

I notice that they’ve released support for the VM series firewall on Hyper-V, so I assume Panorama support is on the way.

 

Thanks in advance.

L7 Applicator

Re: Panorama and Hyper-V

Hi @Farzana

 

I am waiting for this since 2 years. Hopefully support for hyper-v is on the way, but an official statement you probably only get from your SE. (Hyper-V support for VM-Series is around since about 2 years already).

 

Regards,

Remo

L7 Applicator

Re: Panorama and Hyper-V

PAN notes full support for Hyper V. 

Is there some MS certification or other that is missing?

 

https://www.paloaltonetworks.com/products/secure-the-cloud/vm-series-on-hyper-v

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L4 Transporter

Re: Panorama and Hyper-V

Hi @pulukas

 

Customer is after Panorama virtual appliance to run on Hyper-V. is this supported?

L7 Applicator

Re: Panorama and Hyper-V

Sorry, I did miss that it was Panorama not VM series.

You are correct this is not currently supported.

 

I remember this being in development late 2016, so you might want to check with your Sales Engineer for an NDA discussion on time lines.  I would think it will be close now.  Especially with the full cloud push by PAN to be in all spaces including Azure.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L7 Applicator

Re: Panorama and Hyper-V

Probably not that helpful in your case, but already Panorama with PAN-OS 8.0.x runs perfectly on Hyper-V...

Highlighted
L1 Bithead

Re: Panorama and Hyper-V

Attempting to run converted VMDK (extracted from OVA) to VHD image of Panorama 8.0.2 on Hyper-V does not seem to work. As pointed out in this Reddit thread the Panorma VM goes into a reboot loop. Diving into maintenance mode ("maint" from boot prompt) the "vm_agent" service is the cause of the boot loop -- which is likely the Panorama integrated VMware Tools Service not finding an ESXi host and bailing out.

 

However, the recently released (early March 2018) Panoroama 8.1.0 OVA (and extracted VMDK) do work on Hyper-V after conversion to VHD. No reboot loop!

 

This is likely due to Panorama 8.1's new native Azure support which brings Hyper Guest Services support to Panorama 8.1 in addition to VMware Tools Support which allows the "vm_agent" within Panorama to be content with a Hyper-V host. Seemingly all paravirtualization toolsets are in the Panorama 8.1.0 OVA/VMDK image.

 

2018-03-16 10_06_46-20180316PRAMA81 on AE-LP-JFU - Virtual Machine Connection.png2018-03-16 10_10_48-Panorama.png

 

I have not yet tried to get this thing licensed yet but network connectivity using the current Hyper-V networking (not legacy) NIC's works fine. Can ping in and out, Web UI functions fine.

 

  • I am currently running Windows 10 Enterprise 1709 with Hyper-V role enabled.
  • Extract the contents of the Panorama-ESX-8.1.0.ova using 7-zip (or other) to get at the VMDK inside.
  • Convert the Panorama-ESX-8.1.0-disk1.vmdk to VHD using Starwinds V2V Converter (free).
  • Build new VM in Hyper-V and reference the VHD. Changed to 4 vCPU and 8 GiB vRAM.
  • Boot it up and configure management interface networking from Panorama CLI!

 

I wouldn't recommend running it in production until Hyper-V is officially blessed sometime during a future 8.1.x release but from a lab perspective I am interested in Panorama Hyper-V support -- no longer have to install VMware Workstation (a Type 2 hypervisor) when my Windows 10 workstation has a perfectly functional and fast Type 1 hypervisor already built-in.

 

-John

L7 Applicator

Re: Panorama and Hyper-V

Hi @johnurbanek

 

Try starting Panorama on 8.0.x in debug mode (when started in maintenace mode) and the boot loop is gone ;)

Everything then works:

  • Adding Disks to local Log collector
  • Removing Disks from local log collector
  • Softwareupgrades
  • And everything else that panorama does...
L1 Bithead

Re: Panorama and Hyper-V

Thank you for reply @vsys_remo.

 

Instead of Panorama 8.0.x debug mode in Hyper-V, I'll stick with Panorama 8.1.0 for my on-laptop lab environment as it does not require debug mode to function on Hyper-V.

 

As an update I was able to successfully license an eval license of Panorama 8.1.0 on Hyper-V. The Panorama virtual appliance running on Hyper-V took the serial number and was able to pull down eval licensing and support details from the support portal just fine. Tested downloading and installing dynamic updates (in Panorama itself) and managing devices. Works with Panorama 8.1.0 without issue -- thus far.

 

I was also able to drop from 8 GiB vRAM to 4.5 GiB vRAM (supported for legacy mode only) which is helpful given local laptop resources.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!