Use an ISO File to Deploy the VM-Series Firewall

If you want to pass a script to the VM-Series firewall at boot time, you can mount a CD-ROM with an ISO file. The ISO file allows you to define a bootstrap XML file that includes the initial configuration parameters for the management port of the firewall. The VM-Series firewall on first boot checks for the
bootstrap-networkconfig.xml
file, and uses the values defined in it.
If a single error is encountered in parsing the bootstrap file, the VM-Series firewall will reject all the configuration in this file and boot with default values.
  1. Create the XML file and define it as a virtual machine instance.
    In this example, the VM-Series firewall is called PAN_Firewall_DC1.
    For example:
    user-PowerEdge-R510:
    ~/kvm_script$ sudo vi /etc/libvirt/qemu/PAN_Firewall_DC1.xml
    user-PowerEdge-R510:~
    /kvm_script$ sudo virsh define/etc/libvirt/qemu/PAN_Firewall_DC1.xml
    Domain PAN_Firewall_DC1_bootstp defined from /etc/libvirt/qemu/PAN_Firewall_DC1.xml
    user-PowerEdge-R510:
    ~/kvm_script$ sudo virsh -q attach-interface PAN_Firewall_DC1_bootstp bridge br1 --model=virtio --persistent
    user-PowerEdge-R510:~
    /kvm_script$ virsh list --all
    Id Name State --------------------------------------------- - PAN_Firewall_DC1_bootstp shut off
  2. Create the bootstrap XML file.
    You can define the initial configuration parameters in this file and name it bootstrap-networkconfig.
    If you do not want to include a parameter, for example panorama-server-secondary. Delete the entire line from the file. If you leave the IP address field empty, the file will not be parsed successfully.
    Use the following example as a template for the bootstrap-networkconfig file. The bootstrap-networkconfig file can include the following parameters only:
    <vm-initcfg> <hostname>VM_ABC_Company</hostname> <ip-address>10.5.132.162</ip-address> <netmask>255.255.254.0</netmask> <default-gateway>10.5.132.1</default-gateway> <dns-primary>10.44.2.10</dns-primary> <dns-secondary>8.8.8.8</dns-secondary> <panorama-server-primary>10.5.133.4</panorama-server-primary> <panorama-server-secondary>10.5.133.5</panorama-server-secondary> </vm-initcfg>
  3. Create the ISO file. In this example, we use mkisofs.
    Save the ISO file in the images directory (/var/lib/libvirt/image) or the qemu directory (/etc/libvirt/qemu) to ensure that the firewall has read access to the ISO file.
    For example:
    #
    mkisofs -J -R -v -V "Bootstrap" -A "Bootstrap" -ldots -l -allow-lowercase -allow-multidot -o
    <iso-filename>
    bootstrap-networkconfig.xml
  4. Attach the ISO file to the CD-ROM.
    For example:
    #
    virsh -q attach-disk
    <vm-name> <iso-filename>
    sdc --type cdrom --mode readonly –persistent\

Recommended For You