Palo Alto lab in VMware Workstation

Reply
Highlighted
L1 Bithead

Palo Alto lab in VMware Workstation

Hi guys,

I need some help with configuring network in VMware Workstation and Palo Alto. I tried to build VMware lab using both Udemy and CBT Nuggets video courses:


The problem is that I can't have my Palo Alto to have an access to the Internet. It doesn't matter what type of network adapter I use NAT or BRIDGE. Below are my network settings:
Network adapter 1 - Vmnet2 (Host-only) for Managament interface
Network adapter 2 - Vmnet0 (Bridged) OR Vmnet8 (NAT) for Internet interface
Network adapter 3 - LAN Segment for LAN interface

IP address of my physical WI-FI adapter is 192.168.0.1
IP address of my NAT adapter (Vmnet8) is 192.168.27.1

In Palo Alto:
e1/1 - internet 192.168.0.254 (if Bridged) OR 192.168.27.254 (if NAT)
e1/2 - LAN 172.16.1.1

Could you please help me or share or configuration.


Accepted Solutions
Highlighted
L7 Applicator

Your issue is that as you mentioned your management interface is host only.

>> Network adapter 1 - Vmnet2 (Host-only) for Managament interface

 

All requests that go out from Palo by default use management interface.

And as this interface is connected to host-only network DNS requests never get out.

 

You should either configure management interface into NAT network or even better under

Device > Setup > Services > Service Route Configuration

Choose option "customize" and change DNS requests to go out from external interface.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI

View solution in original post


All Replies
Highlighted
Cyber Elite

Actually it's now some months ago since I last used a VMWare WS Lab but I think I had the same or similar issue.

 

Open the *.vmx file of your vm and check what virtual Device type your network interfaces are:

Search for lines like this:

ethernet1.virtualDev = "vmxnet3"

When I add a new interface to the vm I get the following interface devicetype:

ethernet2.virtualDev = "e1000"

So if you now have all on e1000 try to change them to vmxnet3.

Highlighted
L1 Bithead

Hi AXI_IIEN_Remo,

 

It's done so it's not a reason of the issue.

 

Thanks.

Highlighted
L7 Applicator

To exclude nat issues log to firewall with cli and ping outside world.

For example in bridged mode command is probably this:

ping source 192.168.0.254 host 192.168.0.1

 

Do you have reply?

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
Cyber Elite

Could you maybe also clarify: Is the problem with the internet access of your PA-VM or are you talking about the internet access from your LAN subnet?

Highlighted
L1 Bithead

Hi Raido,

 

I tried this command ping source 192.168.0.254 host 192.168.0.1 but still no luck. I get:

ping: unknown host www.google.com

L1 Bithead

Hi AXI_IIEN_Remo,

 

Unfortunately I have an issue with Internet access from both LAN and PA firewall itself.

Highlighted
L1 Bithead

Guys, I attached some screenshots. I hope it will shed some light on my problem. Just some information about my network adapters:

custom (vmnet2) - 192.168.128/24 for management

bridged - for Internet (192.168.0.1 - WI-Fi router, 192.168.0.254 - Internet interface)

LAN segment - for LAN

LAN segment - for DMZ

 

pa1.jpg

 

pa3.jpg

 

pa4.jpg

Please, let me know if you would like me to make some other screenshots.

 

Thanks.

Highlighted
L1 Bithead

Another two screenshots. 

 

pa2.jpg

 

pa5.jpg

Highlighted
Cyber Elite

did you really use the command proposed by Raido?

because the output you posted here looks like you tried to ping www.google.com

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!