Use the virtual appliance console on the ESXi server to set up network access to the VM-Series firewall. You must first configure the management interface, and then access the web interface to complete further configurations tasks. If you have Panorama for central management, refer to the Panorama Administrator’s Guide for information on managing the device using Panorama.
If you are using bootstrapping to perform the configuration of your VM-Series firewall on ESXi, refer to Bootstrap the VM-Series Firewall on ESXi. For more information about bootstrapping, see Bootstrap the VM-Series Firewall.
Configure the Management Interface
Gather the required information from your network administrator. IP address for MGT port Netmask Default gateway DNS server IP address
Access the console of the VM-Series firewall. Select the Console tab on the ESXi server for the VM-Series firewall, or right click the VM-Series firewall and select Open Console. Press enter to access the login screen. Enter the default username/password (admin/admin) to log in. Enter configure to switch to configuration mode.
Configure the network access settings for the management interface. Enter the following command: set deviceconfig system ip-address <Firewall-IP> netmask <netmask> default-gateway <gateway-IP> dns-setting servers primary <DNS-IP> where <Firewall-IP> is the IP address you want to assign to the management interface, <netmask> is the subnet mask, <gateway-IP> is the IP address of the network gateway, and <DNS-IP> is the IP address of the DNS server.
Commit your changes and exit the configuration mode. Enter commit . Enter exit.
Verify network access to external services required for firewall management, such as the Palo Alto Networks Update Server. Use the ping utility to verify network connectivity to the Palo Alto Networks Update server as shown in the following example. Verify that DNS resolution occurs and the response includes the IP address for the Update server; the update server does not respond to a ping request. admin@PA-200 > ping host updates.paloaltonetworks.com PING updates.paloaltonetworks.com (10.101.16.13) 56(84) bytes of data. From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=2 Destination Host Unreachable From 192.168.1.1 icmp_seq=3 Destination Host Unreachable From 192.168.1.1 icmp_seq=4 Destination Host Unreachable After verifying DNS resolution, press Ctrl+C to stop the ping request. Use the following CLI command to retrieve information on the support entitlement for the firewall from the Palo Alto Networks update server: request support check If you have connectivity, the update server will respond with the support status for your firewall.
An unlicensed VM-Series firewall can process up to approximately 1245 concurrent sessions. Depending on the environment, the session limit can be reached very quickly. Therefore, apply the capacity auth-code and retrieve a license before you begin testing the VM-Series firewall; otherwise, you might have unpredictable results, if there is other traffic on the port group(s).

Related Documentation