Palo Alto lab in VMware Workstation

Showing results for 
Search instead for 
Did you mean: 

Palo Alto lab in VMware Workstation

L1 Bithead

Hi guys,

I need some help with configuring network in VMware Workstation and Palo Alto. I tried to build VMware lab using both Udemy and CBT Nuggets video courses:

The problem is that I can't have my Palo Alto to have an access to the Internet. It doesn't matter what type of network adapter I use NAT or BRIDGE. Below are my network settings:
Network adapter 1 - Vmnet2 (Host-only) for Managament interface
Network adapter 2 - Vmnet0 (Bridged) OR Vmnet8 (NAT) for Internet interface
Network adapter 3 - LAN Segment for LAN interface

IP address of my physical WI-FI adapter is
IP address of my NAT adapter (Vmnet8) is

In Palo Alto:
e1/1 - internet (if Bridged) OR (if NAT)
e1/2 - LAN

Could you please help me or share or configuration.


Accepted Solutions

Your issue is that as you mentioned your management interface is host only.

>> Network adapter 1 - Vmnet2 (Host-only) for Managament interface


All requests that go out from Palo by default use management interface.

And as this interface is connected to host-only network DNS requests never get out.


You should either configure management interface into NAT network or even better under

Device > Setup > Services > Service Route Configuration

Choose option "customize" and change DNS requests to go out from external interface.

Enterprise Architect, Security @ Cloud Carib Ltd

View solution in original post


Cyber Elite
Cyber Elite

Actually it's now some months ago since I last used a VMWare WS Lab but I think I had the same or similar issue.


Open the *.vmx file of your vm and check what virtual Device type your network interfaces are:

Search for lines like this:

ethernet1.virtualDev = "vmxnet3"

When I add a new interface to the vm I get the following interface devicetype:

ethernet2.virtualDev = "e1000"

So if you now have all on e1000 try to change them to vmxnet3.



It's done so it's not a reason of the issue.



To exclude nat issues log to firewall with cli and ping outside world.

For example in bridged mode command is probably this:

ping source host


Do you have reply?

Enterprise Architect, Security @ Cloud Carib Ltd

Could you maybe also clarify: Is the problem with the internet access of your PA-VM or are you talking about the internet access from your LAN subnet?

Hi Raido,


I tried this command ping source host but still no luck. I get:

ping: unknown host



Unfortunately I have an issue with Internet access from both LAN and PA firewall itself.

Guys, I attached some screenshots. I hope it will shed some light on my problem. Just some information about my network adapters:

custom (vmnet2) - 192.168.128/24 for management

bridged - for Internet ( - WI-Fi router, - Internet interface)

LAN segment - for LAN

LAN segment - for DMZ







Please, let me know if you would like me to make some other screenshots.



Another two screenshots. 





did you really use the command proposed by Raido?

because the output you posted here looks like you tried to ping

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!