Use these instructions to perform the initial configuration of your VM-Series firewall. If you have Panorama for central management, refer to the Panorama Administrator’s Guide
for information on managing the device using Panorama.
Gather the required information from your network administrator.
Management port IP address
DNS server IP address
Access the console of the VM-Series firewall.
In Hyper-V Manager, select the VM-Series firewall and click
from the Actions list.
Log in to the firewall with the default username and password:
Enter configuration mode using the following command:
Configure the network access settings for the management interface.
Use the following command to configure the management interface:
set deviceconfig system ip-address <firewall-IP> netmask <netmask> default-gateway <gateway-IP> dns-setting servers primary <DNS-IP>
is the IP address you want to assign to the management interface,
is the subnet mask,
is the IP address of the network gateway, and
is the IP address of the DNS server.
Commit your changes and exit the configuration mode.
Verify that you can view the management interface IP address from the Hyper-V Manager.
Select the VM-Series firewall from the list of
Networking. The first network adapter that displays in the list is used for management access to the firewall; subsequent adapters in the list are used as the dataplane interfaces on the firewall.
Verify network access to external services required for firewall management, such as the Palo Alto Networks Update Server.
Use the ping utility to verify network connectivity to the Palo Alto Networks Update server as shown in the following example. Verify that DNS resolution occurs and the response includes the IP address for the Update server; the update server does not respond to a ping request.
ping host updates.paloaltonetworks.com
PING updates.paloaltonetworks.com (10.101.16.13) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
From 192.168.1.1 icmp_seq=4 Destination Host Unreachable
After verifying DNS resolution, press Ctrl+C to stop the ping request.
Use the following CLI command to retrieve information on the support entitlement for the firewall from the Palo Alto Networks update server:
request support check
If you have connectivity, the update server will respond with the support status for your firewall.
(Optional) Verify that your VM-Series jumbo frame configuration does not exceed the maximum MTU supported on Hyper-V.
The VM-Series has a default MTU size of 9216 bytes when jumbo frames are enabled. However, the maximum MTU size supported by the physical network adapter on the Hyper-V host is 9000 or 9014 bytes depending on the network adapter capabilities. To verify the configured MTU on Hyper-V:
In Windows Server 2012 R2, open the
and navigate to N
etwork and Internet > Network and Sharing Center > View network status and tasks.
Click on a network adapter or virtual switch from the list.
On the Advanced tab, select
from the list.
Select 9000 or 9014 bytes from the Value drop-down menu.
If you have enabled jumbo frames on Hyper-V,
Enable Jumbo Frames on the VM-Series Firewall and set the MTU size to match that configured on the Hyper-V host.
Access the web interface of the VM-Series firewall and configure the interfaces and define security rules and NAT rules to safely enable the applications you want to secure.