Provision the VM-Series Firewall on an ESXi Server
- Download the OVA file.Register your VM-Series firewall and obtain the OVA file from the Palo Alto Networks Customer Support web site.The file contains the base installation. After the base installation is complete, you will need to download and install the latest PAN-OS version from the support portal. This will ensure that you have the latest fixes that were implemented since the base image was created. For instructions, see Upgrade the PAN-OS Software Version (Standalone Version).
- Before deploying the OVA file, set up virtual standard switch(es) and virtual distributed switch(es) that you will need for the VM-Series firewall.If you are deploying the VM-Series firewall with Layer 3 interfaces, your firewall will use Hypervisor Assigned MAC Addresses by default. If you choose to disable the use of hypervisor assigned MAC address, you must configure (set toAccept) any virtual switch attached to the VM-Series firewall to allow the following modes:
If you are deploying the firewall with Layer 2, virtual wire, or tap interfaces, you must configure any virtual switch attached to the VM-Series firewall to allow (set toAccept) the modes listed above.To configure a virtual standard switch to receive frames for the VM-Series firewall:
- Promiscuous mode
- MAC address changes
- Forged transmits
To configure a virtual distributed switch to receive frames for the VM-Series firewall:
- Configure a virtual standard switch from the vSphere Client by navigating to.HomeInventoryHosts and Clusters
- Click theConfigurationtab and underHardwareclickNetworking. For each VM-Series firewall attached virtual switch, click onProperties.
- Highlight the virtual switch and clickEdit. In the vSwitch properties, click theSecuritytab and setPromiscuous Mode, MAC Address ChangesandForged TransmitstoAcceptand then clickOK. This change will propagate to all port groups on the virtual switch.
- Select. Highlight theHomeInventoryNetworkingDistributed Port Groupyou want to edit and select theSummarytab.
- ClickEdit Settingsand selectand setPoliciesSecurityPromiscuous Mode, MAC Address ChangesandForged TransmitstoAcceptand then clickOK.
- Deploy the OVA.If you add additional interfaces (vmNICs) to the VM-Series firewall, a reboot is required because new interfaces are detected during the boot cycle. To avoid the need to reboot the firewall, make sure to add the interfaces at initial deployment or during a maintenance window so that you can reboot the firewall.To view the progress of the installation, monitor theRecent Taskslist.
- Log in to vCenter using the vSphere client. You can also go directly to the target ESXi host if needed.
- From the vSphere client, select.FileDeploy OVF Template
- Browse to the OVA file that you downloaded in Download the OVA file, select the file and then clickNext. Review the templates details window and then clickNextagain.
- Name the VM-Series firewall instance and in theInventory Locationwindow, select a Data Center and Folder and clickNext
- Select an ESXi host for the VM-Series firewall and clickNext.
- Select the datastore to use for the VM-Series firewall and clickNext.
- Leave the default settings for the datastore provisioning and clickNext. The default isThick Provision Lazy Zeroed.
- Select the networks to use for the two initial vmNICs. The first vmNIC will be used for the management interface and the second vmNIC for the first data port. Make sure that theSource Networksmaps to the correctDestination Networks.
- Review the details window, select thePower on after deploymentcheck box and then clickNext.
- When the deployment is complete, click theSummarytab to review the current status.
Recommended For You
Recommended videos not found.