1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up a VM-Series Firewall on an ESXi Server
    5. Install a VM-Series firewall on VMware vSphere Hypervisor (ESXi)
    6. Perform Initial Configuration on the VM-Series on ESXi
    End-of-Life (EoL)

    Perform Initial Configuration on the VM-Series on ESXi

    Use the virtual appliance console on the ESXi server to set up network access to the VM-Series firewall. By default, the VM-Series firewall uses DHCP to obtain an IP address for the management interface, but, you can also assign a static IP address. After completing the initial configuration, access the web interface to complete further configuration tasks. If you have Panorama for central management, refer to the Panorama Administrator’s Guide for information on managing the device using Panorama.
    If you are using bootstrapping to perform the configuration of your VM-Series firewall on ESXi, refer to Bootstrap the VM-Series Firewall on ESXi.
    For general information about bootstrapping, see Bootstrap the VM-Series Firewall.
    1. Gather the required information from your network administrator.
      • IP address for MGT port
      • Netmask
      • Default gateway
      • DNS server IP address
    2. Access the console of the VM-Series firewall.
      1. Select the
        Console
         tab on the ESXi server for the VM-Series firewall, or right click the VM-Series firewall and select
        Open Console
        .
      2. Press Enter to access the login screen.
      3. Enter the default username/password (admin/admin) to log in.
      4. Enter
        configure
         to switch to configuration mode.
    3. Configure the network access settings for the management interface.
      Enter the following commands: 
      set deviceconfig system type static
      set deviceconfig system ip-address 
      <Firewall-IP> 
      netmask
       <netmask> 

      default-gateway
       <gateway-IP> 
      dns-setting servers primary
       <DNS-IP>
    4. Commit your changes and exit the configuration mode.
      Enter
      commit
      .
      Enter
      exit
      .
    5. Verify network access to external services required for firewall management, such as the Palo Alto Networks Update Server.
      1. Use the ping utility to verify network connectivity to the Palo Alto Networks Update server as shown in the following example. Verify that DNS resolution occurs and the response includes the IP address for the Update server (the Update server does not respond to ping requests.) After verifying DNS resolution, press Ctrl+C to stop the ping request.
        admin@PA-220 >
         ping host updates.paloaltonetworks.com
        PING updates.paloaltonetworks.com (10.101.16.13) 56(84) bytes of data. 
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable 
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable 
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable 
From 192.168.1.1 icmp_seq=4 Destination Host Unreachable
      2. Use the following CLI command to retrieve information on the support entitlement for the firewall from the Palo Alto Networks update server: request support check If you have connectivity, the update server responds with the support status for your firewall.
    6. Apply the capacity auth code and retrieve a license before you begin testing the VM-Series firewall.
      An unlicensed VM-Series firewall can process up to approximately 1230 concurrent sessions. Depending on the environment, the session limit can be reached very quickly, causing unpredictable results.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo