updated: 25th of January 2021
published: 31st of December 2020
In 2021 I am starting a new role were I will be working with Palo Alto products. In preperation for that I want to get familiar with Palo Alto firewalls again after not using them for about 5 years.
In this post I will show you how to add a Palo Alto PanOS 10.0 VM to EVE-NG.
The following software was used in this post.
Transfer the PA VM to the EVE-NG host. I am using the scp utility on Windows 10.
scp PA-VM-ESX-10.0.0.ova <user>@<eve-ng-host>:~/
Once the transfer is complete SSH to the EVE-NG host.
Make a temporary directory and extract the .ova file.
mkdir /tmp/pavm tar -xvf PA-VM-ESX-10.0.0.ova -C /tmp/pavm/
Convert the .ova file to a .qemu
/opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 /tmp/pavm/PA-VM-ESX-10.0.0-disk1.vmdk /tmp/pavm/virtioa.qcow2
su - password: <root-password>
Create a directory for the PA VM in the /opt/unetlab/addons/qemu/ directory.
Move the virtioa.qcow2 file into the /opt/unetlab/addons/qemu/paloalto-10.0.0/ directory.
mv /tmp/pavm/virtioa.qcow2 /opt/unetlab/addons/qemu/paloalto-10.0.0/
Clean up the temp directory.
rm -rf /tmp/pavm/
Dont forget to fix the permissions.
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Add a node to a topology and check the VM settings.
Start the VM. When the VM is booted up login with the default admin/admin credentials.
It takes a bit of time before you can login. The prompt will change from vm login:, to PA-HDF login:, then eventually PA-VM login: before you can successfully login. It does take a bit of time for all the services to start.
Once you successfully login you will be prompted to change the admin password. Some password complexity is required.
Configure the management interface IP Address
configure set deviceconfig system type static set deviceconfig system ip-address <ip-address> set deviceconfig system netmask <netmask> set deviceconfig system default-gateway <default-gateway> set deviceconfig system dns-setting servers primary <dns-ip-address> commit
Check the management interface is configured with the correct IP details and the state is up.
show interface management
To access the PA VM web interface, I am currently connecting connecting to it by VNC'ing to a linux VM in EVE-NG and browsing to the management IP address.
The user credentials are admin and the password configured in the previous step.
If you connect the PA-VM management interface to Cloud-0 you can access the device from your LAN. By default this is the same network as your EVE-NG management address.
In this post, we added a Palo Alto PanOS 10 VM to EVE-NG. Happy firewall labbing.