VM-Series firewall on VirtualBox

Reply
L1 Bithead

VM-Series firewall on VirtualBox

Hi,

I know that VM-Series firewall requires VMware ESXi running vSphere 4.1 or 5.0.

But I don't have VMware right now on my laptop and only I have is Oracle VirtualBox 4.2.6 - just for tests and presentations (not for commercial purpose)

On VirtualBox I've already imported vmdk file  but when I launch PA-VM I see: 'Welcome to the PanOS Bootloader. Hit any key to stop autoboot...' and nothing happens.

Does anyone knows how to run VM-Series firewall on VirtualBox?

L4 Transporter

Re: VM-Series firewall on VirtualBox

I am betting you've got to get the disk controller and drive settings exactly right... I've booted VMs designed for VMware on Virtualbox before, and I remember having to tweak the drive controller settings in VirtualBox.

I'll pull down the PANOS VM and give it a shot on my laptop... if I can get it to boot I'll reply here

L1 Bithead

Re: VM-Series firewall on VirtualBox

I'm running a PA-VM in VMware workstation 9. It is important that your network adapters supports vmxnet3.

It runs smootly.


L1 Bithead

Re: VM-Series firewall on VirtualBox

You're right. I've installed VMWorkstation 9 on my laptop and then VM-300. Now I have access to console of VM-300 and I can do some changes.

Hovewer I have networks porblems :smileysad: and I can't upgrade VM-300 and update it.

On my lapotp I have only one physical ethernet card.

My physical laptop ip adrress is: 192.168.0.25/24, default gateway is 192.168.0.1.

VM-300 on Vmware has two interfaces: Network Adapter, Network Adapter2

On VMware settings for VM-300 I've set

- Network Adapter as Bridged (Automatic)

- Network Adapter2 as NAT

After login to VM-300 through console I've set up IP address, netmask, default-gateway and dns server fir management interface:

set deviceconfig system ip-address 192.168.0.26 netmask 255.255.255.0 default-gateway 192.168.0.1 dns-setting servers primary 192.168.0.92

of course I do commit,,,

But still when I try to ping my physical laptop address (ping host 192.168.0.25) from VM-300, I get: host unreachable and I don't have access to web-gui VM-300 (https://192,168.0.26) from my laptop.

What I'm doing wrong?

Highlighted
L1 Bithead

Re: VM-Series firewall on VirtualBox

Normally you should have 3 network adapters. One for management, one for e1/1 and one for e1/2. Probarly you've configured your trusted ethernet adapter and not the management interface.

The first network adapter in vmware is your management adapter

Be sure that your vmx file contains the correct adapter settings:

ethernet0.virtualdev="vmxnet3"

Because by default when you add ethernet adapters into vmware it is set to e1000.

Register your device on the PA portal. After entering the auth code, the license file is available. Download this file and import this file into your VM, reboot.

whithout this file, routing is not possible.

Also have a look at this: https://live.paloaltonetworks.com/docs/DOC-4200

L1 Bithead

Re: VM-Series firewall on VirtualBox

Thanks for your advice.

As you notice, by default I had two interfaces: management and e1/1.

For Layer3 deployment I added 3rd network adapter (in preferences of Palo Alto VM), and manualy set to vmxnet3. Palo Alto VM recognize this adater as an e1/2 interface.

I need also another one interface, but when I add network adapter and set as an vmxnet3, Palo Alto VM doesn't recognize this interface at all. This adapter does'nt even appeared on the list of interfaces.

What's the problem, what I'm doing wrong?

L1 Bithead

Re: VM-Series firewall on VirtualBox

You cannot add interfaces while the VM is running. Shut down your VM series firewall, add a network adapter and power-on your VM FW.

L1 Bithead

Re: VM-Series firewall on VirtualBox

I did this. I even shut down whole VMware Workstation, but after restart interface doesn't appears on PAN VM.

Maybe there is limitation regarding virtual network adapters/interface on VMWare Workstation 9.0 or in PAN VM?

L1 Bithead

Re: VM-Series firewall on VirtualBox

The only limitation is het one from VMware. When you go to interfaces in your WEB UI, can het assign an IP address to the interface and change the status to up ?

L1 Bithead

Re: VM-Series firewall on VirtualBox

All is working now :smileywink:

For the records - the interface will not appear (even in 'show interfaces all' report command) unless it will be not configured.

Thanks for your support

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!