Perform Initial Configuration on the VM-Series Firewall
Use these instructions to perform the initial configuration of your VM-Series firewall. By default, the VM-Series firewall uses DHCP to obtain an IP address for the management interface. However, you can assign a static IP address. After completing the initial configuration, access the web interface to complete further configurations tasks. If you have Panorama for central management, refer to the Panorama Administrator’s Guide for information on managing the device using Panorama.
- Gather the required information from your network
- Management port IP address
- Default gateway
- DNS server IP address
- Access the console of the VM-Series firewall.
- In Hyper-V Manager, select the VM-Series firewall and click Connect from the Actions list.
- Log in to the firewall with the default username and password: admin/admin
- Enter configuration mode using the following command: configure
- Configure the network access settings for the management
interface.Enter the following commands:set deviceconfig system type static
set deviceconfig system ip-address<Firewall-IP>netmask<netmask>default-gateway<gateway-IP>dns-setting servers primary<DNS-IP>where <Firewall-IP> is the IP address you want to assign to the management interface, <netmask> is the subnet mask, <gateway-IP> is the IP address of the network gateway, and <DNS-IP> is the IP address of the DNS server.
- Commit your changes and exit the configuration mode.
- Enter commit.
- Enter exit.
- Verify that you can view the management interface IP
address from the Hyper-V Manager.
- Select the VM-Series firewall from the list of Virtual Machines.
- Select Networking. The first network adapter that displays in the list is used for management access to the firewall; subsequent adapters in the list are used as the dataplane interfaces on the firewall.
- Verify network access to external services required for
firewall management, such as the Palo Alto Networks Update Server.
- Use the ping utility to verify network connectivity
to the Palo Alto Networks Update server as shown in the following
example. Verify that DNS resolution occurs and the response includes
the IP address for the Update server; the update server does not
respond to a ping request.
admin@PA-200 > ping host updates.paloaltonetworks.com
PING updates.paloaltonetworks.com (10.101.16.13) 56(84) bytes of data. From 192.168.1.1 icmp_seq=1 Destination Host Unreachable From 192.168.1.1 icmp_seq=2 Destination Host Unreachable From 192.168.1.1 icmp_seq=3 Destination Host Unreachable From 192.168.1.1 icmp_seq=4 Destination Host UnreachableAfter verifying DNS resolution, press Ctrl+C to stop the ping request.
- Use the following CLI command to retrieve information
on the support entitlement for the firewall from the Palo Alto Networks
request support checkIf you have connectivity, the update server will respond with the support status for your firewall.
- Use the ping utility to verify network connectivity to the Palo Alto Networks Update server as shown in the following example. Verify that DNS resolution occurs and the response includes the IP address for the Update server; the update server does not respond to a ping request.
- (Optional) Verify that your VM-Series jumbo
frame configuration does not exceed the maximum MTU supported on
Hyper-V.The VM-Series has a default MTU size of 9216 bytes when jumbo frames are enabled. However, the maximum MTU size supported by the physical network adapter on the Hyper-V host is 9000 or 9014 bytes depending on the network adapter capabilities. To verify the configured MTU on Hyper-V:
If you have enabled jumbo frames on Hyper-V, Enable Jumbo Frames on the VM-Series Firewall and set the MTU size to match that configured on the Hyper-V host.
- In Windows Server 2012 R2, open the Control Panel and navigate to Network and InternetNetwork and Sharing CenterView network status and tasks.
- Click on a network adapter or virtual switch from the list.
- Click Properties.
- Click Configure.
- On the Advanced tab, select Jumbo Packet from the list.
- Select 9000 or 9014 bytes from the Value drop-down menu.
- Click OK.
- Access the web interface of the VM-Series firewall and
configure the interfaces and define security rules and NAT rules
to safely enable the applications you want to secure.Refer to the PAN-OS Administrator’s Guide.
Perform Initial Configuration on the VM-Series on ESXi
Perform Initial Configuration on the VM-Series on ESXi Use the virtual appliance console on the ESXi server to set up network access to the VM-Series ...
Enable Large Receive Offload
Enable Large Receive Offload Large receive offload (LRO) is a technique for increasing the inbound throughput on high-bandwidth network connections by decreasing CPU overhead. Without ...
System Requirements on Hyper-V
System Requirements on Hyper-V The VM-Series requires a minimum resource allocation on the Hyper-V host, so make sure to conform to the requirements listed below ...
Provision the VM-Series Firewall on a Hyper-V host with Pow...
Provision the VM-Series Firewall on a Hyper-V host with PowerShell Use these instructions to deploy the VM-Series firewall on Hyper-V using PowerShell. Download the VHDX ...
Provision the VM-Series Firewall on a Hyper-V host with Hyp...
Provision the VM-Series Firewall on a Hyper-V host with Hyper-V Manager Use these instructions to deploy the VM-Series firewall on Hyper-V using Hyper-V Manager. Download ...
Install the VM-Series Firewall on Hyper-V
Install the VM-Series Firewall on Hyper-V Use the instructions in this section to deploy your VM-Series firewall on a Hyper-V host. A Palo Alto Networks ...
Install Panorama on Hyper-V
How to deploy a Panorama™ virtual appliance and a virtual Dedicated Log Collector on Hyper-V. ...
MAC Address Spoofing
MAC Address Spoofing If you are deploying the VM-Series firewall with interfaces enabled in Layer 3 mode, make sure to enable use of hypervisor assigned ...
Enable Jumbo Frames on the VM-Series Firewall
Enable Jumbo Frames on the VM-Series Firewall By default, the maximum transmission unit (MTU) size for packets sent on a Layer 3 interface is 1500 ...