- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-31-2016 04:06 AM
Hi guys,
I need some help with configuring network in VMware Workstation and Palo Alto. I tried to build VMware lab using both Udemy and CBT Nuggets video courses:
The problem is that I can't have my Palo Alto to have an access to the Internet. It doesn't matter what type of network adapter I use NAT or BRIDGE. Below are my network settings:
Network adapter 1 - Vmnet2 (Host-only) for Managament interface
Network adapter 2 - Vmnet0 (Bridged) OR Vmnet8 (NAT) for Internet interface
Network adapter 3 - LAN Segment for LAN interface
IP address of my physical WI-FI adapter is 192.168.0.1
IP address of my NAT adapter (Vmnet8) is 192.168.27.1
In Palo Alto:
e1/1 - internet 192.168.0.254 (if Bridged) OR 192.168.27.254 (if NAT)
e1/2 - LAN 172.16.1.1
Could you please help me or share or configuration.
06-03-2016 04:57 PM
Your issue is that as you mentioned your management interface is host only.
>> Network adapter 1 - Vmnet2 (Host-only) for Managament interface
All requests that go out from Palo by default use management interface.
And as this interface is connected to host-only network DNS requests never get out.
You should either configure management interface into NAT network or even better under
Device > Setup > Services > Service Route Configuration
Choose option "customize" and change DNS requests to go out from external interface.
05-31-2016 05:23 AM
Actually it's now some months ago since I last used a VMWare WS Lab but I think I had the same or similar issue.
Open the *.vmx file of your vm and check what virtual Device type your network interfaces are:
Search for lines like this:
ethernet1.virtualDev = "vmxnet3"
When I add a new interface to the vm I get the following interface devicetype:
ethernet2.virtualDev = "e1000"
So if you now have all on e1000 try to change them to vmxnet3.
05-31-2016 03:18 PM
Hi AXI_IIEN_Remo,
It's done so it's not a reason of the issue.
Thanks.
05-31-2016 03:52 PM
To exclude nat issues log to firewall with cli and ping outside world.
For example in bridged mode command is probably this:
ping source 192.168.0.254 host 192.168.0.1
Do you have reply?
05-31-2016 11:35 PM
Could you maybe also clarify: Is the problem with the internet access of your PA-VM or are you talking about the internet access from your LAN subnet?
06-01-2016 02:36 AM - edited 06-01-2016 02:36 AM
Hi Raido,
I tried this command ping source 192.168.0.254 host 192.168.0.1 but still no luck. I get:
ping: unknown host www.google.com
06-01-2016 02:38 AM
Hi AXI_IIEN_Remo,
Unfortunately I have an issue with Internet access from both LAN and PA firewall itself.
06-01-2016 02:45 AM - edited 06-01-2016 02:53 AM
Guys, I attached some screenshots. I hope it will shed some light on my problem. Just some information about my network adapters:
custom (vmnet2) - 192.168.128/24 for management
bridged - for Internet (192.168.0.1 - WI-Fi router, 192.168.0.254 - Internet interface)
LAN segment - for LAN
LAN segment - for DMZ
Please, let me know if you would like me to make some other screenshots.
Thanks.
06-01-2016 02:57 AM
Another two screenshots.
06-01-2016 03:20 AM
did you really use the command proposed by Raido?
because the output you posted here looks like you tried to ping www.google.com
06-01-2016 03:53 AM
Sorry guys, just mistyped. So, in my previous post I tried to ping www.google.com. Now I'm trying to ping 192.168.0.1 and I get reponse. But why I can't ping the rest of the world and why I can't ping my router without specifying source address?
06-03-2016 04:57 PM
Your issue is that as you mentioned your management interface is host only.
>> Network adapter 1 - Vmnet2 (Host-only) for Managament interface
All requests that go out from Palo by default use management interface.
And as this interface is connected to host-only network DNS requests never get out.
You should either configure management interface into NAT network or even better under
Device > Setup > Services > Service Route Configuration
Choose option "customize" and change DNS requests to go out from external interface.
06-06-2016 06:44 AM
+ 1 Raido.
Hi Guys,
l would use this configuration:
On VMware workstation:
network adapter = BRIDGED. This is actually your management interface and you don't see it in the network TAB of the device
network adapter 2 = VMnet(X) This is actually your first interface = ethernet1/1
network adapter 3 = VMnet(X) This is actually your first interface = ethernet1/2
network adapter 4 = VMnet(X) This is actually your first interface = ethernet1/3
Worked for me 100 times. Need assistance, let me know. Can do a quick remote session.
Cheers
06-07-2016 01:26 AM
Hi Raido,
Finally, I have my PA work as intended. So, I did exactly as you adviced. Now I have:
Vmnet Bridged 192.168.0.10 - for MGMT
Vmnet Bridged 192.168.0.254 - for Intenet Interface
Vmnet LAN - 172.16.1.1 - for LAN interface
Vmnet DMZ - 172.16.2.1 - for DMZ interface
Thank you very much for your help.
Cheers,
4kusnik
08-13-2020 03:11 PM
It works thanks for sharing
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!