Whenever we want to start the journey of learning a new technology or product, a very effective way to become familiar with it is by getting hands on experience in a lab. It is very unlikely that we have access to one or many hardware boxes to gather this experience. A nice and practical way to overcome to this issue is by using simulators such as GNS3 to build whatever topology we like and test most of the features offered by the technology or product. In this post we are going to see the very first steps to create a Palo Alto instance in GNS3 and to set it up to get access to its GUI.
1.- Go to gns3.com/marketplace and go to Appliances. Select PA-VM Appliance and download the image.
2.- Follow this tutorial to install the appliance: https://docs.gns3.com/1_3RdgLWgfk4ylRr99htYZrGMoFlJcmKAAaUAc8x9Ph8/index.html
3.- Create a new project in GNS3. Go to security devices and select the PA-VM appliance you just installed. Drag it and drop it to your topology.
4.- Also drag and drop an Ethernet Switch, and a light linux appliance with a browser. In this example I am using Ubuntu Desktop Guest, but you can also use a Firefox appliance. Connect one of the switch ports to the Palo Alto mgmt port. And the Ubuntu Desktop Guest to one of the switch ports as well.
5.- Run the simulation. Console into the PA-VM instance with admin/admin credentials. Setup the management interface with an ip address.
configure set deviceconfig system type static set deviceconfig system ip-address 10.0.0.1 netmask 255.255.255.0 default-gateway 10.0.0.100 dns-setting servers primary 126.96.36.199 commit exit admin@PA-VM> show interface management Name: Management Interface Link status: Runtime link speed/duplex/state: 1000/full/up Configured link speed/duplex/state: auto/auto/auto MAC address: Port MAC address 0c:22:ed:d6:15:00 Ip address: 10.0.0.1 Netmask: 255.255.255.0 Default gateway: 10.0.0.100
6.- Login to the Ubuntu instance. Open a terminal window and configure it with an IP address.
sudo ip addr add 10.0.0.2/24 dev ens3
You can verify connectivity by pinging the Palo Alto management interface from the Ubuntu terminal.
7.- In the Ubuntu instance open Firefox and navigate to https://10.0.0.1, use admin/admin credentials and now you will be able to manage this Palo Alto instance from the GUI.
Now that we have access to the GUI, we can connect it to more devices in the virtual topology and test many of its features. We are going to see some of these tests in future posts.