End-of-Life (EoL)

Perform Initial Configuration of the VM-Series Firewall on KVM

Use the virtual appliance console on the KVM server to set up network access to the VM-Series firewall. By default, the VM-Series firewall uses DHCP to obtain an IP address for the management interface. However, you can assign a static IP address. After completing the initial configuration, access the web interface to complete further configurations tasks. If you have Panorama for central management, refer to the Panorama Administrator’s Guide for more information on managing the device using Panorama.
If you are using bootstrapping to perform the configuration of your VM-Series firewall on KVM, refer to Bootstrap the VM-Series Firewall on KVM.
For general information about bootstrapping, see Bootstrap the VM-Series Firewall.
  1. Gather the required information from your network administrator.
    • Management port IP address
    • Netmask
    • Default gateway
    • DNS server IP address
  2. Access the console of the VM-Series firewall.
    1. Select the
      Console
      tab on the KVM server for the VM-Series firewall, or right-click the VM-Series firewall and select
      Open Console
      .
    2. Press enter to access the login screen.
    3. Enter the default username/password (admin/admin) to log in.
    4. Enter
      configure
      to switch to configuration mode.
  3. Configure the network access settings for the management interface. You should restrict access to the firewall and isolate the management network. Additionally, do not make the allowed network larger than necessary and never configure the allowed source as 0.0.0.0/0.
    Enter the following commands:
    set deviceconfig system type static
    set deviceconfig system ip-address
    <Firewall-IP>
    netmask
    <netmask>
    default-gateway
    <gateway-IP>
    dns-setting servers primary
    <DNS-IP>
    where
    <Firewall-IP>
    is the IP address you want to assign to the management interface,
    <netmask>
    is the subnet mask,
    <gateway-IP>
    is the IP address of the network gateway, and
    <DNS-IP>
    is the IP address of the DNS server.
  4. Commit your changes and exit the configuration mode.
    Enter
    commit
    .
    Enter
    exit
    .
  5. Verify which ports on the host are mapped to the interfaces on the VM-Series firewall. In order to verify the order of interfaces on the Linux host, see Verify PCI-ID for Ordering of Network Interfaces on the VM-Series Firewall.
    To make sure that traffic is handled by the correct interface, use the following command to identify which ports on the host are mapped to the ports on the VM-Series firewall.
    admin@PAN-VM>
    debug show vm-series interfaces all
    Phoenix_interface Base-OS_port Base-OS_MAC PCI-ID mgt                          eth0 52:54:00:d7:91:52 0000:00:03.0 Ethernet1/1 eth1 52:54:00:fe:8c:80 0000:00:06.0 Ethernet1/2 eth2 0e:c6:6b:b4:72:06 0000:00:07.0 Ethernet1/3 eth3 06:1b:a5:7e:a5:78 0000:00:08.0 Ethernet1/4 eth4 26:a9:26:54:27:a1 0000:00:09.0 Ethernet1/5 eth5 52:54:00:f4:62:13 0000:00:10.0
  6. Access the web interface of the VM-Series firewall and configure the interfaces and define security rules and NAT rules to safely enable the applications that you want to secure.

Recommended For You