Professional Documents
Culture Documents
Connecting A VM Palo Alto Firewall To GNS3 PDF
Connecting A VM Palo Alto Firewall To GNS3 PDF
This is a guide for connecting VMWare Workstation running a virtual Palo Alto Firewall PA-100 image to GNS3.
With this guide I have made a few assumptions about what stages people will be at, but it might be able to help you
with some ideas on how to set it up.
First off, make sure you have an install of VMWare Workstation (VirtualBox will NOT work due to not supporting
VMXNET3 Drivers which are required for the Palo Alto Firewall to work).
Once you have VMWare Workstation installed you will need to install some local host NICs (I personally remove all
the defaults first).
Next add some host only adapters as each of the host only adapters will be a part of the firewalls interfaces.
Therefore, I have created VMnet0 host-only interface on the subnet 192.168.1.0 as the Management Subnet (the
default range on a new Palo Firewall) (This can be changed later if you wish).
VMnet1 will be the internal network on 10.128.1.0/24 (These can be anything you wish).
This might take 2-3 minutes after the booting of the VM Image.
You will then be able to login with admin/admin.
ethernet1/1 = VMnet1
Interface Type = Layer 3
Comment = LAN
Virtual Router = default
Security Zone = Trust
Under IPv4 you will need to create a new interface and you will need to give the Interface an IP address
10.128.1.1/24.
To make an interface PINGable on a Palo we need to create an Interface Mgmt profile and assign it to the Interface.
Network -> Network Profiles -> Interface Mgmt.
New -> Name “Allow PING” and tick permitted services “ping”.
Then under the ethernet interface -> Advanced -> Other Info -> Management Profile -> Allow PING.
Now you will need to “Commit” the changes for them to take effect (Top right hand side).
Once this is all up and running you will see the “Link State” has gone Green.
Within GNS3 – add a router and cloud then point the cloud to the VMnet1 Interface.
Then connect the cloud to the router, in my case fa0/0 and add an IP address (*If this fails REBOOT your computer):
conf t
int fa0/0
ip address 10.128.1.2 255.255.255.0
no shut
end
wr
ping 10.128.1.1
We then need to repeat the process another two times for the WAN and DMZ.
ethernet1/1 = VMnet2
Interface Type = Layer 3
Comment = WAN
Virtual Router = default
Security Zone = Untrust
Under IPv4 you will need to create a new interface and you will need to give the Interface an IP address 50.0.0.1/24.
*Remember to add the Allow PING to the management profile and commit.
*Repeat the same for the DMZ but with 172.16.1.X Addressing
You should then get three green “Link State” interfaces.
You then need to add some static routes under network -> Virtual Routers -> Static Routes to allow routing for the
network.
Finally, I changed the icons in GNS3 and renamed the devices to make it look more like one device.
I hope this guide is useful to some people that would like to use the Palo Firewall and can hopefully play with it using
a GNS3 network as well.
Any questions please let me know other then where can I get the Palo Alto firewall image from? As I can’t distubrute
it freely (but Google is your friend).
As for licenses my copy doesn’t have a license installed and it still fuctions enough for my testing but many features
will NOT work without a license.
Happy Labbing……… & I hope this has been informative and I would like to thank you for reading….