Perform Initial Configuration on the VM-Series on ESXi
Use the virtual appliance console on the ESXi
server to set up network access to the VM-Series firewall. By default,
the VM-Series firewall uses DHCP to obtain an IP address for the
management interface, but, you can also assign a static IP address. After
completing the initial configuration, access the web interface to
complete further configuration tasks. If you have Panorama for central
management, refer to the Panorama Administrator’s Guide for information
on managing the device using Panorama.
Gather the required information from your network
IP address for MGT port
DNS server IP address
Access the console of the VM-Series firewall.
on the ESXi server for the VM-Series firewall, or right click the
VM-Series firewall and select
Press Enter to access the login screen.
Enter the default username/password (admin/admin)
to log in.
to switch to
Configure the network access settings for the management
Enter the following commands:
set deviceconfig system type static
set deviceconfig system ip-address
dns-setting servers primary
Commit your changes and exit the configuration mode.
Verify network access to external services required for
firewall management, such as the Palo Alto Networks Update Server.
Use the ping utility to verify network connectivity
to the Palo Alto Networks Update server as shown in the following
example. Verify that DNS resolution occurs and the response includes
the IP address for the Update server (the Update server does not
respond to ping requests.) After verifying DNS resolution, press
Ctrl+C to stop the ping request.
ping host updates.paloaltonetworks.com
PING updates.paloaltonetworks.com (10.101.16.13) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable
From 192.168.1.1 icmp_seq=4 Destination Host Unreachable
Use the following CLI command to retrieve information
on the support entitlement for the firewall from the Palo Alto Networks
update server: request support check If you have connectivity, the
update server responds with the support status for your firewall.
Apply the capacity auth code and retrieve a license before
you begin testing the VM-Series firewall.
An unlicensed VM-Series firewall can process up to approximately
1230 concurrent sessions. Depending on the environment, the session
limit can be reached very quickly, causing unpredictable results.