Running Palo Alto VM under bhyve

Try as I might I had no luck in running the Palo Alto VM under VirtualBox. It is not a supported environment but VMware Player is not available under FreeBSD. this post will look at getting the VM running under the BSD homegrown bhyve.

# uname -r
13.0-RELEASE

To covert a VMDK file into a raw format image, the utility qemu-img is found in the qemu-utils package.

# pkg search qemu-utils
qemu-utils-4.2.1               QEMU userland utilities
# pkg install qemu-utils-4.2.1

Extract the contents of the OVA and convert the VMDK file into a format which we can use with bhyve.

$ tar xf PA-VM-ESX-10.0.4.ova
$ ls
PA-VM-ESX-10.0.4.mf                     PA-VM-ESX-10.0.4.ova
PA-VM-ESX-10.0.4.ovf                    PA-VM-ESX-10.0.4-disk1.vmdk
$ qemu-img convert -f vmdk -O raw PA-VM-ESX-10.0.4-disk1.vmdk PA-10.0.4.img

There is a great many pages online detailing the creating of bridge interfaces and connecting the VM and LAN interfaces, however this does not seem to work with wlan0 interfaces. Plus the VM is for development work and doesn’t need network connectivity beyond the confines of my laptop so I am creating a ‘host-only adapter’.

# ifconfig tap0 create
# sysctl net.link.tap.up_on_open=1
net.link.tap.up_on_open: 0 -> 1
# ifconfig tap0 inet 192.168.58.1/24
# ifconfig tap0 up

The PA VM must be booted in leagcy BIOS mode, so you will need to ensure you have the sysutils/bhyve-firmware package installed. 

# /usr/sbin/bhyve -c 2 -m 4G -AHP -s 0:0,hostbridge -s1:0,lpc -s 2:0,virtio-net,tap0 -s 3:0,virtio-blk,./PA-10.0.4.img -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CSM.fd -l com1,stdio vm0

The console output form bootup will then be displayed in the terminal. It will look as if it has stalled, but eventually eth0 interface status will be displayed and the VM will cycle through the usual PA-VM login prompts

Once logged into the VM run the show system info and note that the management interface is running as a DHCP client. To reach this VM we need to configure a static management IP.

configure
set deviceconfig system ip-address 192.168.58.2 netmask 255.255.255.0
set deviceconfig system type static
commit

The VM will now be reachable:

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: