Palo alto FW for home/lab


Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

L1 Bithead

Palo alto FW for home/lab



I would like to ask you regarding PA firewall for Home/Lab. I worked like Network engineer, mostly with Cisco devices in ISP (MPLS, BGP, IPSEC, QinQ), and now I desided to learn new things. Which things I can learn, study with PA200 PAN OS 8.0  without license ? I am trying to find any cheeper devices with licence but it is impossible for now. 

Thank you in advance :):):)




L3 Networker



Palo Alto firewalls without license will:

1. Security profiles (Anti-Virus, Anti-Spyware, URL Filtering, Wildfire) will not work

2. Clientless GlobalProtect, HIP will not work

3. All the updates will not work (software and dynamic)


You should be able to set up network interfaces & routing, NAT & security rules without problems but not use the above profiles in them. You will also be able to do Application based (layer-7) rules.


You could also go down the VM-series path instead of the older PA-200. The VM will give you better management performance compared to PA-200, but read this about unlicensed VMs:


FYI Palo Alto provides a LAB license but I have no idea as to it's cost.




Cyber Elite


Contact your sales team for a price ofr a lab unit. At last chekc the PA-220 was around $500, but dont quote me on that.




Cyber Elite


As @OtakarKlier mentioned you really want to be looking at a LAB unit for something like this. Cheaper hardware and you can license the thing for a minimal amount of money on a yearly basis. A PA-220 (don't go for a 200 at this point) is going to run you $495.99 or less (US Pricing). The license renewal depends a lot on how you are buying it, I would really recommend you reach out to your sales team for accurate pricing on that. 

L1 Bithead

Hello Team :)


I bought one PA-500, with licence till end of January 2019. We will see, it has ver 8.0.13 verision.
I hope so this was good choise :)

What you think guys?

L3 Networker



Quite frankly, it is a solid machine with a good (recommended) PAN-OS version.

Your main issue will be the long commit times on that device, that can take 5 minutes.


If you are new to Palo Alto Firewalls, create a guest account on the learning center:

search for EDU-110, request and view it (~9 hours).



L7 Applicator

You can also grab one on Azure/AWS. 


AWS has a bundle for about US$1/hour that will let you play with most things on the firewall without having to do a dedicated lab. I think Azure is similar, but haven't set it up myself yet.


It might not be exactly what you need, but might be a cheap way to get your feet wet with the platform.


L1 Bithead

Hello @ShaiW


I managed to configurure a few things , still I am looking what is what, and where to find. I have one more firewall Juniper SRX 240, and now I am trying to configure basic routing, like Static and OSPF. 
This is big change for me because what I see till now, primary way to configure PA devices is web GUI,
and I have hard time because I used to use console to configure Cisco/linux devices.
I tried to use console with my Linux laptop but something is not working properly, output is not right after I enter commands in console.


Do you know what can be issue with console/serial access?

L3 Networker



I use the Cyan Cisco cable with putty (set to serial, 9600 baud, no parity, xon/xoff flow control) without any problems.

The console port is a must if you want or need to factory reset a device. Once the device has booted up normally, the serial behaves the same as SSH to the management IP. The Management port is a dedicated & out-of-band.


In order to set the management IP from serial, issue these commands (change IP as needed):


set deviceconfig system ip-address netmask default-gateway dns-settings servers primary


exit (after commit is finished)


Hope this helps,



L1 Bithead



I managed to configure OSPF between Juniper and Palo Alto firewall :), but I am not able to ping PA interfaces from Juniper,
see mac address in ARP table, must be security policy.
I can open another topic regarding this problem.

Is it same configuration for Cisco and Palo alto console, I think it is same, but I am not sure, my console works for cisco and juniper without issues, I can open Palo Alto console, but like I said, when I press enter, I don't have good output, but if I press ? I can see properly options.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!