This post will cover using the latest PAN-OS (v10.0.2) ESXi (PAN-OS for VM-Series Base Images) on EVE-NG. First obtain the 10.0.2 OVA file, and then extract the VMDK disk image from it, and upload it to our EVE-NG instance placing the image in the correct folder:
tar --wildcards -xvf PA-VM-ESX-10.0.2.ova '*.vmdk' scp *.vmdk firstname.lastname@example.org:/opt/unetlab/addons/qemu/
Next, once SSH’d onto the EVE-NG instance, create a Palo Alto instance folder and place the qcow2 formatted VMDK into it:
cd /opt/unetlab/addons/qemu/ mkdir paloalto-10.0.2 /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 PA-VM-ESX-10.0.2-disk1.vmdk ./paloalto-10.0.2/virtioa.qcow2 /opt/unetlab/wrappers/unl_wrapper -a fixpermissions rm ./PA-VM-ESX-10.0.2-disk1.vmdk
Now install a linux desktop VM (linux-ubuntu-mate-x) which we can use to manage the Palo Alto VM, follow these instructions: https://www.eve-ng.net/index.php/documentation/howtos/howto-create-own-linux-host-image/
Login into EVE-NG, I will be using the HTML5 console.
Create a new lab and add the newly minted Palo Alto and ubutnu desktop node to it. Connect the linux node
e0 interface to the
mgmt interface and then power them both up.
Double click on the Palo Alto VM to bring up its console. You will notice that the login prompt will cycle through three different hostnames (‘vm’, ‘PA-HDF’ and ‘PA-VM’) whilst it brings different internal services online. Once the ‘PA-VM’ prompt is seen, the management plane is accessible and we can log in with the default credentials (admin/admin) .
Now we need to set the management interface IP address:
set deviceconfig system ip-address 192.168.1.254 netmask 255.255.255.0 set deviceconfig system type static commit
Whilst the commit process is progress, switch to the linux VM and statically assign its network interface with an IP in the 192.168.1.0/24 subnet.
Finally use the using a web browser connect to the https://192.168.1.254