VM-Series firewall on VirtualBox

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VM-Series firewall on VirtualBox

L1 Bithead

Hi,

I know that VM-Series firewall requires VMware ESXi running vSphere 4.1 or 5.0.

But I don't have VMware right now on my laptop and only I have is Oracle VirtualBox 4.2.6 - just for tests and presentations (not for commercial purpose)

On VirtualBox I've already imported vmdk file  but when I launch PA-VM I see: 'Welcome to the PanOS Bootloader. Hit any key to stop autoboot...' and nothing happens.

Does anyone knows how to run VM-Series firewall on VirtualBox?

17 REPLIES 17

L4 Transporter

I am betting you've got to get the disk controller and drive settings exactly right... I've booted VMs designed for VMware on Virtualbox before, and I remember having to tweak the drive controller settings in VirtualBox.

I'll pull down the PANOS VM and give it a shot on my laptop... if I can get it to boot I'll reply here

L2 Linker

I'm running a PA-VM in VMware workstation 9. It is important that your network adapters supports vmxnet3.

It runs smootly.


You're right. I've installed VMWorkstation 9 on my laptop and then VM-300. Now I have access to console of VM-300 and I can do some changes.

Hovewer I have networks porblems Smiley Sad and I can't upgrade VM-300 and update it.

On my lapotp I have only one physical ethernet card.

My physical laptop ip adrress is: 192.168.0.25/24, default gateway is 192.168.0.1.

VM-300 on Vmware has two interfaces: Network Adapter, Network Adapter2

On VMware settings for VM-300 I've set

- Network Adapter as Bridged (Automatic)

- Network Adapter2 as NAT

After login to VM-300 through console I've set up IP address, netmask, default-gateway and dns server fir management interface:

set deviceconfig system ip-address 192.168.0.26 netmask 255.255.255.0 default-gateway 192.168.0.1 dns-setting servers primary 192.168.0.92

of course I do commit,,,

But still when I try to ping my physical laptop address (ping host 192.168.0.25) from VM-300, I get: host unreachable and I don't have access to web-gui VM-300 (https://192,168.0.26) from my laptop.

What I'm doing wrong?

Normally you should have 3 network adapters. One for management, one for e1/1 and one for e1/2. Probarly you've configured your trusted ethernet adapter and not the management interface.

The first network adapter in vmware is your management adapter

Be sure that your vmx file contains the correct adapter settings:

ethernet0.virtualdev="vmxnet3"

Because by default when you add ethernet adapters into vmware it is set to e1000.

Register your device on the PA portal. After entering the auth code, the license file is available. Download this file and import this file into your VM, reboot.

whithout this file, routing is not possible.

Also have a look at this: https://live.paloaltonetworks.com/docs/DOC-4200

Thanks for your advice.

As you notice, by default I had two interfaces: management and e1/1.

For Layer3 deployment I added 3rd network adapter (in preferences of Palo Alto VM), and manualy set to vmxnet3. Palo Alto VM recognize this adater as an e1/2 interface.

I need also another one interface, but when I add network adapter and set as an vmxnet3, Palo Alto VM doesn't recognize this interface at all. This adapter does'nt even appeared on the list of interfaces.

What's the problem, what I'm doing wrong?

You cannot add interfaces while the VM is running. Shut down your VM series firewall, add a network adapter and power-on your VM FW.

I did this. I even shut down whole VMware Workstation, but after restart interface doesn't appears on PAN VM.

Maybe there is limitation regarding virtual network adapters/interface on VMWare Workstation 9.0 or in PAN VM?

The only limitation is het one from VMware. When you go to interfaces in your WEB UI, can het assign an IP address to the interface and change the status to up ?

All is working now Smiley Wink

For the records - the interface will not appear (even in 'show interfaces all' report command) unless it will be not configured.

Thanks for your support

Did you ever get this working within VB?

I believe this is impossible based on the post by JohnaL:

JohanL wrote:

I'm running a PA-VM in VMware workstation 9. It is important that your network adapters supports vmxnet3.

It runs smootly.

If VMware proprietary vmxnet3 adapters are "baked into" the VM series appliance and they are required, then there's no way to get the appliance to work in VirtualBox. The only way to even possibly get it to work is if some generic adapter were used in VirtualBox, that the VM series appliance kernel would happen to see and recognize as valid eth interfaces.

Sorry! I basically gave up after seeing that vmxnet3 was required as the adapter.

Thanks...  I read that but didn't know if anyone was able to actually get it to work.

L1 Bithead

I've got the 8.1 PA-VM running on VirtualBox 5.2 with exactly the same message, it just takes, like, 5+ minutes before it actually boots.

 

Even after that the system needs several more minutes until the default login of admin/admin is available.

This also happens in VMware environments (delayed bootup) when you upgrade the "VM Hardware" compatibility past a certain level.  I believe it has something to do with a virtual serial port or somesuch, but don't have the details at my fingertips. 

 

I'm sure you could dig in the Palo Alto Networks documentation and find which VM Hardware versions are fully supported, and then look at what VMware changed in subsequent hareware compatibility updates/versions.  

  • 15215 Views
  • 17 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!