03-25-2025 08:30 PM
Subject: Palo Alto VM-Series Software Firewall Keeps Shutting Down in Ubuntu Desktop 24.04.2 LTS KVM
Good day from Singapore,
I have asked ChatGPT Artificial Intelligence (AI) for assistance in installing and setting up Palo Alto VM-Series Software Firewall
PA-VM-KVM-10.2.5.vm_eval.qcow2 in Ubuntu Desktop 24.04.2 LTS KVM.
Below are the instructions provided by ChatGPT.
I have started installing Palo Alto software firewall on 25 Mar 2025 Tue at 9.00 PM and went to sleep at 2.00 AM on 26 Mar 2025 Wed.
Download and install Ubuntu Desktop 24.04.2 LTS on a physical machine with 3 or 4 network interface cards.
Ubuntu installer keeps crashing in the normal mode. When I switch over to Safe Graphics mode, Ubuntu installer stops crashing and installs
successfully.
Install SSH Server on Ubuntu
=============================
sudo apt install openssh-server
Start SSH Server
=================
sudo systemctl enable --now ssh
Install KVM and Dependencies
===============================
Run the following command to install KVM, Virt-Manager, and dependencies:
sudo apt update && sudo apt upgrade -y
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
Verify if KVM is installed:
sudo kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
Start and enable the libvirt service:
sudo systemctl enable --now libvirtd
Download and Prepare the QCOW2 Image
========================================
Download the Palo Alto VM-Series firewall QCOW2 image from Palo Alto Networks.
The filename of my image is PA-VM-KVM-10.2.5.vm_eval.qcow2. Rename it to panos.qcow2.
Move the image to the KVM images directory:
sudo mv panos.qcow2 /var/lib/libvirt/images/
Adjust file permissions:
sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/panos.qcow2
sudo chmod 644 /var/lib/libvirt/images/panos.qcow2
Create a Virtual Machine Using Virt-Manager (GUI)
=====================================================
Open Virt-Manager:
virt-manager
Click Create a new virtual machine.
Select "Import existing disk image".
Browse and select panos.qcow2.
Set the following VM specs:
CPU: 4 (minimum)
RAM: 8GB
Disk: 60GB (qcow2 pre-configured)
Virtual Machine Name: PaloAlto-VM
Network: Bridge or NAT
Click Finish and start the VM.
To configure multiple interfaces for the Palo Alto VM-Series firewall on Ubuntu KVM, follow these steps:
Identify Network Interfaces
================================
First, determine the network interfaces available on your KVM host using:
ip link show
You'll need at least:
1 interface for management
1 or more interfaces for data traffic (inside, outside, DMZ, etc.)
Create Network Bridges (Optional)
=====================================
If you want Palo Alto to be on different networks, create Linux bridges.
Install bridge utilities:
sudo apt install bridge-utils
Configure bridges in Netplan (/etc/netplan/01-netcfg.yaml):
My netplan configuration:
network:
version: 2
renderer: networkd
ethernets:
enp5s0:
dhcp4: no
enp3s0:
dhcp4: no
enp6s0:
dhcp4: no
bridges:
br0:
interfaces: [enp5s0]
dhcp4: yes
br1:
interfaces: [enp3s0]
dhcp4: yes
br2:
interfaces: [enp6s0]
dhcp4: yes
cd /etc/netplan
sudo mv 01-network-manager-all.yaml 01-network-manager-all.yaml.bak
sudo mv 50-cloud-init.yaml 50-cloud-init.yaml.bak
Apply changes:
sudo netplan apply
Add Multiple Interfaces to the VM
======================================
You can add interfaces via virsh (CLI).
List networks:
sudo virsh net-list --all
Attach interfaces:
sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br0 --model e1000 --persistent
sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br1 --model e1000 --persistent
sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br2 --model e1000 --persistent
Check the changes:
sudo virsh dumpxml PaloAlto-VM | grep -i interface -A 10
Verify Interfaces Inside PAN-OS
==================================
Start the VM:
sudo virsh start PaloAlto-VM
Access the console:
sudo virsh console PaloAlto-VM
Login with:
Username: admin
Password: admin
Login will FAIL with the default username and default password.
Now you must follow the following guide.
Thread: Default password not working admin / admin
Link: https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/default-password-not-working-adm...
Follow the instructions of Spiterman. This is very important.
Start the VM:
sudo virsh start PaloAlto-VM
Access the console:
sudo virsh console PaloAlto-VM
Login with:
Username: admin
Password: admin
PA-VM keeps shutting down.
Delete the virtual machine from virt-manager without deleting the qcow2 image.
Guide: KVM - List OS Variants
Link: https://wiki.sharewiz.net/doku.php?id=kvm:list_os_variants
Create the VM from the terminal:
sudo virt-install \
--name PaloAlto-VM \
--vcpus 4 \
--memory 8192 \
--disk path=/var/lib/libvirt/images/panos.qcow2,format=qcow2,bus=virtio \
--os-variant centos8 \
--network bridge=br0,model=virtio \
--network bridge=br1,model=virtio \
--network bridge=br2,model=virtio \
--graphics none \
--import
Palo Alto software firewall virtual machine (PA-VM) keeps shutting down. After PA-VM boots up and I can see the web login page, it shuts down again
after a while.
Referring to the Compatibility Matrix for Palo Alto VM-Series Software Firewall Hypervisor Support
Link: https://docs.paloaltonetworks.com/compatibility-matrix/reference/vm-series-firewalls/vms-series-hype...
Do I need to downgrade my Ubuntu Desktop 24.04.2 LTS to Ubuntu Desktop 22.04?
I am afraid only Ubuntu Desktop 22.04 is supported. I am afraid the latest version of Ubuntu Linux is not supported.
I am looking forward to your advice and reply.
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
04-01-2025 07:49 PM
Subject: I have FINALLY SUCCEEDED in getting Palo Alto VM-Series Software Firewall 10.0.4 to work in Ubuntu Desktop 22.04.5 LTS KVM Host
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 2nd April 2025 Wednesday
I have FINALLY SUCCEEDED in getting Palo Alto VM-Series Software Firewall 10.0.4 to work in Ubuntu Desktop 22.04.5 LTS KVM Host.
Below are my FINAL notes.
cd /etc/netplan/
sudo nano 01-netcfg.yaml
My FINAL netplan configuration:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
enp2s0:
dhcp4: no
enp3s0:
dhcp4: no
enp4s0:
dhcp4: no
bridges:
# Management interface
br0:
interfaces: [enp1s0]
dhcp4: yes
# WAN interface
br1:
interfaces: [enp2s0]
dhcp4: yes
# LAN interface
br2:
interfaces: [enp3s0]
dhcp4: no
addresses: [192.168.1.254/24]
# Unused interface for the moment, maybe DMZ in the future
br3:
interfaces: [enp4s0]
dhcp4: yes
sudo netplan apply
sudo systemctl restart NetworkManager
sudo brctl addif br0 enp1s0
sudo brctl addif br1 enp2s0
sudo brctl addif br2 enp3s0
sudo brctl addif br3 enp4s0
teo-en-ming at PA-VM:/etc/netplan$ sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.da16c5ba83c0 yes enp1s0
br1 8000.2a1de38524c1 yes enp2s0
br2 8000.2ac0bc028fe3 yes eno1
br3 8000.4eb2b8fe7743 yes enp4s0
virbr0 8000.525400f9e6d6 yes
You should use virtio for all of your Linux bridges in Virtual Machine Manager (GUI). virtio has been verified to work.
Interface Mappings
===================
Port 1 on the hardware appliance maps to the Management interface eth0
Port 2 on the hardware appliance maps to the WAN interface ethernet1/1
Port 3 on the hardware appliance maps to the LAN interface ethernet1/2
Port 4 on the hardware appliance maps to the DMZ interface ethernet1/3 (to be implemented in the future)
Congratulations to myself!
My next project: I am planning to download, install and configure Check Point CloudGuard Virtual Firewall in Ubuntu Linux KVM host!
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
2nd April 2025 Wednesday 12.25 AM
03-27-2025 09:56 AM
Good day from Singapore,
I have just bought a refurbished/used/2nd hand firewall appliance with Intel Celeron J4125 processor, 8 GB RAM and 128 GB SSD for SGD$120 at Boon Keng MRT station (near 7-11) in Singapore on 27 Mar 2025 Thursday at about 6.45 pm in the evening.
After the purchase, I have installed Ubuntu Desktop 22.04.5 LTS in this firewall appliance.
This is my netplan configuration (/etc/netplan/01-netcfg.yaml).
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
enp2s0:
dhcp4: no
enp3s0:
dhcp4: no
enp4s0:
dhcp4: no
bridges:
br0:
interfaces: [enp1s0]
dhcp4: yes
br1:
interfaces: [enp2s0]
dhcp4: yes
br2:
interfaces: [enp3s0]
dhcp4: yes
br3:
interfaces: [enp4s0]
dhcp4: yes
I have tried adjusting many Linux-KVM hypervisor parameters and virtual machine parameters. In addition, I have also tried reinstalling the disk image and performing factory reset in maintenance mode in the Palo Alto VM-Series software firewall.
No matter what I do, I still cannot login to the Palo Alto VM-Series Software Firewall on Ubuntu KVM Host.
When I try to login to the Palo Alto VM-Series software firewall with the default username of admin, I get the following errors:
vm login: admin
2025-03-27 09:18:02.709 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:03.711 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:04.713 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:05.716 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:06.718 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
Error: unable to connect to Sysd
Password:
Login incorrect
Any advice would be appreciated.
Over the upcoming long weekend, I will be reading up the following discussion threads carefully and in more detail.
[1] PA500 boot error with message "unable to connect to Sysd" and NIC in dataplane does not worked.
Link: https://live.paloaltonetworks.com/t5/general-topics/pa500-boot-error-with-message-quot-unable-to-con...
[2] Palo Alto VM won't boot past vm-login
Link: https://www.reddit.com/r/gns3/comments/1gm8xns/comment/m9bq9k6/
[3] Palo Alto Networks VM
Link: https://forum.proxmox.com/threads/palo-alto-networks-vm.101431/
[4] Google Search with Generative AI: how to switch kvm from i440fx to q35
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
03-27-2025 07:01 PM
Subject: Differences in compatibility between old hardware and new hardware for Palo Alto VM-Series Software Firewall in Ubuntu KVM Host
Good day from Singapore,
Let me try to make things clearer.
Palo Alto VM-Series Software Firewall is a VIRTUAL MACHINE (VM) inside Ubuntu KVM Host. I want to use Linux-KVM.
I chose to install Ubuntu Desktop 22.04.5 LTS because I wanted to use Virtual Machine Manager, which is a GUI.
With Ubuntu Server, there is NO GUI.
My old hardware consists of AMD Athlon 3000G with Radeon Vega Graphics, ASUS PRIME A320M-K Motherboard, 12 GB of DDR4-2666 RAM and 1 TB SATA harddisk.
With the old hardware, Palo Alto VM-Series Software Firewall either keeps shutting down or keeps rebooting, leading to a critical error.
That is why I have just bought a refurbished/used/2nd hand firewall appliance with Intel Celeron J4125 processor, 8 GB DDR4-2400 RAM and 128 GB SSD for SGD$120 at Boon Keng MRT station (near 7-11) in Singapore on 27 Mar 2025 Thursday at about 6.45 pm in the evening.
With the "new" hardware that I have purchased, Palo Alto VM-Series Software Firewall no longer keeps shutting down and no longer keeps rebooting (no more critical errors).
But I get the following errors when I try to login to the Palo Alto VM-Series software firewall with the default username of admin.
vm login: admin
2025-03-27 09:18:02.709 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:03.711 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:04.713 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:05.716 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
2025-03-27 09:18:06.718 -0700 Error: sysd_construct_sync_importer(sysd_sync.c:360): sysd_sync_register() failed: (111) Unknown error code
Error: unable to connect to Sysd
Password:
Login incorrect
Anybody knows why? Please advise. I am looking forward to your replies.
Thank you very much.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
03-29-2025 04:15 AM
Subject: I have successfully installed Palo Alto VM-Series Software Firewall version 10.0.4 Evaluation in Ubuntu Desktop 22.04.5 LTS KVM Host
Good day from Singapore,
I have successfully installed Palo Alto VM-Series Software Firewall version 10.0.4 Evaluation in Ubuntu Desktop 22.04.5 LTS KVM Host.
Palo Alto VM-Series Software Firewall (PA-VM) Download Links
=============================================================
PA-VM 10.0.4:
PA-VM 11.0.0:
It is unfortunate that PA-VM versions 10.2.5 and 11.0.0 don't work on my SGD$150 Intel Celeron J4125 firewall hardware appliance with 16 GB DDR4-2400 RAM (SODIMM) and 128 GB SSD. Perhaps my Intel Celeron processor is too old and is not supported by Palo Alto Networks any more. Anyone can confirm?
But PA-VM 10.0.4 works. However, I need to set the time of the Palo Alto VM-Series Software Firewall (PA-VM) 10.0.4 virtual machine to a date on 12 Sep 2021, which is 111833956 seconds ago.
The following Linux command is for informational and educational purposes only. You should not run this command. This command is useless.
sudo qemu-system-x86_64 -rtc base="2021-09-12" -hda /var/lib/libvirt/images/PA-VM-KVM-10.0.4.vm_eval.qcow2
You need to set the date of PA-VM 10.0.4 virtual machine to 12 Sep 2021, which is 111833956 seconds ago.
sudo virsh edit PA-VM-KVM-10.0.4
<clock offset='variable' adjustment='-111833956' basis='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
Then start the PA-VM 10.0.4 virtual machine using Virtual Machine Manager (GUI). You MUST start Palo Alto VM-Series Software Firewall (PA-VM) 10.0.4 using Virtual Machine Manager (GUI).
You can access the console of the Palo Alto VM-Series Software Firewall (PA-VM) 10.0.4 using the following Linux command.
sudo virsh console PA-VM-KVM-10.0.4
Login for the first time with default username and password of admin/admin.
admin@PA-VM> show interface all
total configured hardware interfaces: 0
name id speed/duplex/state mac address
--------------------------------------------------------------------------------
aggregation groups: 0
total configured logical interfaces: 0
name id vsys zone forwarding tag address
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
admin@PA-VM>
Then you can proceed to login to the web interface of PA-VM 10.0.4 using your favorite web browser.
I am able to login to the web interface of my Palo Alto VM-Series Software Firewall (PA-VM) version 10.0.4 using Google Chrome web browser.
Next, I will need to figure out how to configure the Palo Alto VM-Series software firewall. I will probably spend the next few weeks doing that.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
29 Mar 2025 Saturday 6.43 PM
03-31-2025 03:31 AM
Subject: Overall Summary of Installing and Configuring Palo Alto VM-Series Software Firewall 10.0.4 in Ubuntu Desktop 22.04.5 LTS KVM Host
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 31 Mar 2025 Monday
DETAILED INSTRUCTIONS
=======================
Download and install Ubuntu Desktop 22.04.5 LTS on a hardware appliance with 3 or 4 network interface cards.
Please *DO NOT* install and run openssh-server, as Advanced Persistent Threats (APT) hackers may use this avenue to hack into your Ubuntu KVM host.
On the morning of 30 March 2025 Sunday, Advanced Persistent Threats (APT) hackers hacked into my previous installation of Ubuntu KVM host and changed my netplan
configuration. The APT hackers removed all the network interfaces from the network bridges. I have since erased and reinstalled my Ubuntu Desktop 22.04.5 LTS KVM host.
Install KVM and Dependencies
===============================
Run the following command to install KVM, Virt-Manager, and dependencies:
sudo apt update && sudo apt upgrade -y
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
Verify if KVM is installed:
sudo kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
Start and enable the libvirt service:
sudo systemctl enable --now libvirtd
Download and Prepare the QCOW2 Image
========================================
Download the Palo Alto VM-Series software firewall QCOW2 image from Palo Alto Networks.
The filename of my image is PA-VM-KVM-10.0.4.vm_eval.qcow2.
Copy the image to the KVM images directory:
sudo cp PA-VM-KVM-10.0.4.vm_eval.qcow2 /var/lib/libvirt/images/
Adjust file permissions:
sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/PA-VM-KVM-10.0.4.vm_eval.qcow2
sudo chmod 644 /var/lib/libvirt/images/PA-VM-KVM-10.0.4.vm_eval.qcow2
Configuring Multiple Interfaces for the Palo Alto VM-Series software firewall
==============================================================================
To configure ***multiple interfaces*** for the Palo Alto VM-Series firewall on Ubuntu KVM, follow these steps:
Identify Network Interfaces
================================
First, determine the network interfaces available on your KVM host using:
ip link show
You'll need at least:
1 interface for management
1 or more interfaces for data traffic (inside, outside, DMZ, etc.)
Create Network Bridges
=====================================
If you want Palo Alto firewall to be on different networks, create Linux bridges.
Install bridge utilities:
sudo apt install bridge-utils
Configure bridges in Netplan (/etc/netplan/01-netcfg.yaml):
sudo nano /etc/netplan/01-netcfg.yaml
My netplan configuration:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
enp2s0:
dhcp4: no
enp3s0:
dhcp4: no
enp4s0:
dhcp4: no
bridges:
br0:
interfaces: [enp1s0]
dhcp4: yes
br1:
interfaces: [enp2s0]
dhcp4: no
br2:
interfaces: [enp3s0]
dhcp4: no
br3:
interfaces: [enp4s0]
dhcp4: no
cd /etc/netplan
sudo chmod 600 01-netcfg.yaml
Apply changes:
sudo netplan apply
sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.da16c5ba83c0 yes enp1s0
br1 8000.2a1de38524c1 yes enp2s0
br2 8000.2ac0bc028fe3 yes
br3 8000.4eb2b8fe7743 yes
virbr0 8000.525400f9e6d6 yes
Perform a reboot of Ubuntu KVM host.
sudo reboot
Create a Virtual Machine Using Virt-Manager (GUI)
=====================================================
Use the following guide.
Guide: VM-Series Deployment Guide: Provision the VM-Series Firewall on a KVM Host
Link: https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-...
Start the Virtual Machine Manger (GUI).
sudo virt-manager
Configure the Palo Alto firewall virtual machine as per above guide.
You need to set the date of PA-VM 10.0.4 virtual machine to 12 Sep 2021, which is 111833956 seconds ago.
sudo virsh edit PA-VM-KVM-10.0.4
<clock offset='variable' adjustment='-111833956' basis='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
Start the virtual machine in Virtual Machine Manager (GUI).
sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.da16c5ba83c0 yes enp1s0
vnet4
br1 8000.2a1de38524c1 yes enp2s0
vnet5
br2 8000.2ac0bc028fe3 yes vnet6
br3 8000.4eb2b8fe7743 yes vnet7
virbr0 8000.525400f9e6d6 yes
You MUST wait for PA-HDF login prompt to change to PA-VM login prompt. The waiting time is usually around 10 minutes.
Open your web browser and access the Palo Alto VM-series firewall web login page at https://<IP address>
Login with the default username and password of admin/admin.
Change the admin password immediately.
Configuring the Palo Alto VM-Series Software Firewall
======================================================
Use the following 2 guides.
Guide 1: Example Configuration for Palo Alto Network VM-Series in GCP
Link: https://docs.aviatrix.com/documentation/latest/security/paloalto-vmseries-gcp.html
Guide 2: Setting up a Palo Alto Networks Firewall for the First Time
Link: https://rowelldionicio.com/setting-up-palo-alto-networks-firewall-first-time/
Please note that Guide 2 is more detailed and comprehensive.
Outstanding Issues / Issues Pending to be Resolved
===================================================
As of 31 Mar 2025 Monday at 4.34 PM, when I connect my laptop to Port 2 on my hardware appliance, which is mapped to network bridge br1, which is in turn mapped to ethernet1/2 (LAN) in the Palo Alto VM-Series software firewall, there is still no network connectivity at all. I can't get an IP address from the Palo Alto firewall DHCP server and I can't ping the LAN gateway 192.168.1.1 at all.
Currently the network bridge mapping is:
br0 => ethernet1/1 (WAN)
br1 => ethernet1/2 (LAN)
Perhaps there could be issues with Port 2 on my hardware appliance, or the network bridge br1 may not be working properly. I have flushed all the iptables firewall rules on the Ubuntu KVM host and there is still no network connectivity between my laptop and Port 2 on the hardware appliance.
I suspect I could have done the network bridge mapping wrongly and this could turn out to be the real scenario:
br0 - MANAGEMENT - ethernet1/1
br1 - WAN - ethernet1/2 (untrust, outside)
br2 - LAN - ethernet1/3 (trust, inside)
If I have done the network bridge mapping wrongly, I will have to configure the Palo Alto VM-Series firewall all over again.
Let me check with Palo Alto Networks technical support. At the mean time, please advise whether my netplan configuration for my Ubuntu KVM host is correct or not.
Lastly, the command for connecting to the console of Palo Alto VM-Series software firewall.
sudo virsh console PA-VM-KVM-10.0.4
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
31 March 2025 Monday 5.15 PM
04-01-2025 07:49 PM
Subject: I have FINALLY SUCCEEDED in getting Palo Alto VM-Series Software Firewall 10.0.4 to work in Ubuntu Desktop 22.04.5 LTS KVM Host
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 2nd April 2025 Wednesday
I have FINALLY SUCCEEDED in getting Palo Alto VM-Series Software Firewall 10.0.4 to work in Ubuntu Desktop 22.04.5 LTS KVM Host.
Below are my FINAL notes.
cd /etc/netplan/
sudo nano 01-netcfg.yaml
My FINAL netplan configuration:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
enp2s0:
dhcp4: no
enp3s0:
dhcp4: no
enp4s0:
dhcp4: no
bridges:
# Management interface
br0:
interfaces: [enp1s0]
dhcp4: yes
# WAN interface
br1:
interfaces: [enp2s0]
dhcp4: yes
# LAN interface
br2:
interfaces: [enp3s0]
dhcp4: no
addresses: [192.168.1.254/24]
# Unused interface for the moment, maybe DMZ in the future
br3:
interfaces: [enp4s0]
dhcp4: yes
sudo netplan apply
sudo systemctl restart NetworkManager
sudo brctl addif br0 enp1s0
sudo brctl addif br1 enp2s0
sudo brctl addif br2 enp3s0
sudo brctl addif br3 enp4s0
teo-en-ming at PA-VM:/etc/netplan$ sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.da16c5ba83c0 yes enp1s0
br1 8000.2a1de38524c1 yes enp2s0
br2 8000.2ac0bc028fe3 yes eno1
br3 8000.4eb2b8fe7743 yes enp4s0
virbr0 8000.525400f9e6d6 yes
You should use virtio for all of your Linux bridges in Virtual Machine Manager (GUI). virtio has been verified to work.
Interface Mappings
===================
Port 1 on the hardware appliance maps to the Management interface eth0
Port 2 on the hardware appliance maps to the WAN interface ethernet1/1
Port 3 on the hardware appliance maps to the LAN interface ethernet1/2
Port 4 on the hardware appliance maps to the DMZ interface ethernet1/3 (to be implemented in the future)
Congratulations to myself!
My next project: I am planning to download, install and configure Check Point CloudGuard Virtual Firewall in Ubuntu Linux KVM host!
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
2nd April 2025 Wednesday 12.25 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
