About prenatip

My topology is as follows. Client (10.1.1.11) <--> (10.1.1.10) PA-VM (172.16.1.10) <--> (172.16.1.11) Server ethernet1/1 ethernet1/2 PA-VM-ESX-8.0.0.ova image was downloaded from PA support site and installed on VMware Workstation. I was able to ssh and accessing web GUI via management interface. No issue with that. However, when I configured other interfaces such as ethernet1/1, and ethernet1/2, I was not able to ping these interfaces. ARP entry on both host OS and PA-VM shows nothing. The only MAC address appear on host PC belong to PA-VM management interface only. Initially, I thought this problem caused by VirtualBox as vmxnet3 only available on VMware Workstation. Then I decided to download VMware Workstation but still experiencing the same issue. NIC config in VMware NIC 1: Host-only (management) NIC 2: Custom VMnet1 NIC 3: Custom VMnet2     show system info admin@PA-VM> show system info hostname: PA-VM ip-address: 192.168.254.132 <-- management IP netmask: 255.255.255.0 default-gateway: ip-assignment: dhcp mac-address: aa:aa:aa:aa:aa:01 family: vm model: PA-VM show interface all admin@PA-VM> show interface all total configured hardware interfaces: 2 name id speed/duplex/state mac address -------------------------------------------------------------------------------- ethernet1/1 16 10000/full/up aa:aa:aa:aa:aa:11 ethernet1/2 17 10000/full/up aa:aa:aa:aa:aa:12 aggregation groups: 0 total configured logical interfaces: 2 name id vsys zone forwarding tag address ------------------- ----- ---- ---------------- ------------------------ ------ ------------------ ethernet1/1 16 1 INSIDE vr:default 0 10.1.1.10/24 ethernet1/2 17 1 OUTSIDE vr:default 0 172.16.1.10/24 admin@PA-VM> Host PC ARP Only PA mangement MAC address appear on Host PC C:\>arp -a | findstr -i aa-aa-aa 192.168.254.132 aa-aa-aa-aa-aa-01 dynamic C:\> Please let me know how to fix this issue.   ... View more

Has anyone managed to installed and run Palo Alto (VM) firewall successfully in VirtualBox? I've been trying to setup my own lab for learning purposes. Basically, this lab contains client, firewall, and server with different network segment.   Client --> Firewall --> Server I managed to install it but can't make it work on network part. Only "host-only" setting for Palo Alto management interface is working while other interfaces not.   As example, I can't ping from client to the firewall interface (ethernet1/1) where VirtualBox interface is set to internal on both guest OS.   I've just watched Udemy video created by Rassoul Ghaznavi Zadeh (Last updated 2/2017) and he said VirtualBox is not supported. https://www.udemy.com/palo-alto-firewalls-installation-configuration-management/ I hope this not true or there is some good development since the video hasn't been updated since last year. ... View more

Here is my basic network topology. 1. Linux Client (PC01) 2. Palo Alto Firewall (PA-VM)   Both configured with 2 interfaces enabled in VirtualBox Adapter 1: Host-only. This is for out of band management interface Adapter 2: Internal Network. This is for actual communication between PC01 and PA-VM. I have no issue at all with Adapter 1 setting. It's working as expected.   user@PC01:~$ ifconfig | grep ad | grep -v 127 eth0 Link encap:Ethernet HWaddr AA:AA:AA:AA:AA:A1 inet addr:192.168.56.110 Bcast:192.168.56.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr AA:AA:AA:AA:AA:A2 inet addr:10.1.1.110 Bcast:10.1.1.255 Mask:255.255.255.0 user@PC01:~$   Ping using Adapter 1   user@PC01:~$ ping -c 3 192.168.56.254 PING 192.168.56.254 (192.168.56.254): 56 data bytes 64 bytes from 192.168.56.254: seq=0 ttl=64 time=0.770 ms 64 bytes from 192.168.56.254: seq=1 ttl=64 time=0.554 ms 64 bytes from 192.168.56.254: seq=2 ttl=64 time=0.855 ms --- 192.168.56.254 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.554/0.726/0.855 ms user@PC01:~$ Ping using Adapter 2   user@PC01:~$ ping -c 3 10.1.1.254 PING 10.1.1.254 (10.1.1.254): 56 data bytes --- 10.1.1.254 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss user@PC01:~$ tcpdump from Adapter 2 test   tcpdump output from PC01 shows that vm firewall is completely unreachable even though they're (supposed to) connected back to back in the same network segement.   user@PC01:~$ sudo tcpdump -i any net 10.1.1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 21:49:38.979460 ARP, Request who-has 10.1.1.254 tell 10.1.1.110, length 28 21:49:39.981377 ARP, Request who-has 10.1.1.254 tell 10.1.1.110, length 28 21:49:40.985748 IP 10.1.1.110 > 10.1.1.110: ICMP host 10.1.1.254 unreachable, length 92 21:49:40.985763 IP 10.1.1.110 > 10.1.1.110: ICMP host 10.1.1.254 unreachable, length 92 21:49:40.985766 IP 10.1.1.110 > 10.1.1.110: ICMP host 10.1.1.254 unreachable, length 92 Incomplete ARP on eth1 shows the packet actually doesn't reach to PA-VM at all   user@PC01:~$ arp -i eth1 ? (10.1.1.254) at <incomplete> on eth1 user@PC01:~$ I also notice that MAC Address on PA-VM (ethernet1/1 = zz:zz:zz:zz:zz:z1) doesn't match with what I have on ARP table PC01 (incomplete). The one that I set on VirtualBox was AA:AA:AA:AA:AA:A2, not ZZ:ZZ:ZZ:ZZ:ZZ:Z1.   admin@PA-VM> show interface all total configured hardware interfaces: 1 name id speed/duplex/state mac address -------------------------------------------------------------------------------- ethernet1/1 16 1000/full/up zz:zz:zz:zz:zz:z1 aggregation groups: 0 total configured logical interfaces: 1 name id vsys zone forwarding tag address ------------------- ----- ---- ---------------- ------------------------ ------ ------------------ ethernet1/1 16 1 N/A 0 10.1.1.254/32 admin@PA-VM> This explains why I cannot ping using secondary interface (Adapter 2) at all. Seems like there is Layer 1 issue problem.   For the record, I was able to use the same VirtualBox setting on 2 Linux guests. May I know why the same setting doesn't work on PA-VM? Any idea how to make Layer 1 communication successful in VirtualBox?   This is the screenshot of my VirtualBox network setting.     ... View more

I've just installed Palo Alto firewall VM version in virtual box. I was able to access it via WEB (https) and SSH. However, when I check traffic log it was empty.     I generated a few traffic such as ping and nmap scan against firewall IP, but still no traffic log appear in it.   log-receiver statistics shows 0 traffic logs written meaning no traffic at all.   I've also restarted `log-receiver` as advised in https://live.paloaltonetworks.com/t5/Management-Articles/Traffic-Log-is-Not-Generated-and-Not-Displayed-on-the-WebGUI/ta-p/62177 but didn't help.     admin@PA-VM> debug software restart log-receiver Process 'logrcvr' executing RESTART admin@PA-VM>   What went wrong with this firewall and how to fix it?   admin@PA-VM> debug log-receiver statistics Logging statistics ------------------------------ ----------- Log incoming rate: 0/sec Log written rate: 0/sec Corrupted packets: 0 Corrupted URL packets: 0 Corrupted HTTP HDR packets: 0 Logs discarded (queue full): 0 Traffic logs written: 0 URL logs written: 0 Wildfire logs written: 0 Anti-virus logs written: 0 Widfire Anti-virus logs written: 0 Spyware logs written: 0 Attack logs written: 0 Vulnerability logs written: 0 Fileext logs written: 0 URL cache age out count: 0 URL cache full count: 0 URL cache key exist count: 0 URL cache wrt incomplete http hdrs count: 0 URL cache rcv http hdr before url count: 0 URL cache full drop count(url log not received): 0 URL cache age out drop count(url log not received): 0 Traffic alarms dropped due to sysd write failures: 0 Traffic alarms dropped due to global rate limiting: 0 Traffic alarms dropped due to each source rate limiting: 0 Traffic alarms generated count: 0 Log Forward count: 0 Log Forward discarded (queue full) count: 0 Log Forward discarded (send error) count: 0 Summary Statistics: Num current drop entries in trsum:0 Num cumulative drop entries in trsum:0 Num current drop entries in thsum:0 Num cumulative drop entries in thsum:0 External Forwarding stats: Type Enqueue Count Send Count Drop Count Queue Depth Send Rate(last 1min) syslog 0 0 0 0 0 snmp 0 0 0 0 0 email 0 0 0 0 0 raw 0 0 0 0 0 admin@PA-VM> ... View more