Never mind, I figured it out, all interfaces need to be manually configured in the firewall including management interface.
Palo Alto Networks VM
- Thread starter g0rgonus
- Start date
I think that's normal for a Palo, at least the PA-VM series.
"show interfaces" won't show an interface until it's configured.
The first Proxmox NIC will be your management port, configured in "deviceconfig system", or Device -> System -> Interfaces in the GUI.
The rest of the NICs will be dataplane interfaces.
My advice would be to connect with the web GUI if you're not super familiar with Palo devices. The CLI can be pretty tricky.
PA-VM's management interface is set to DHCP by default. Hardware devices are default 192.168.1.1/24.
"show interface management" should show you the management IP, and it'll be listening on 443.
Here's a link with instructions to set the management IP to a static IP if needed.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
Good luck!
"show interfaces" won't show an interface until it's configured.
The first Proxmox NIC will be your management port, configured in "deviceconfig system", or Device -> System -> Interfaces in the GUI.
The rest of the NICs will be dataplane interfaces.
My advice would be to connect with the web GUI if you're not super familiar with Palo devices. The CLI can be pretty tricky.
PA-VM's management interface is set to DHCP by default. Hardware devices are default 192.168.1.1/24.
"show interface management" should show you the management IP, and it'll be listening on 443.
Here's a link with instructions to set the management IP to a static IP if needed.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
Good luck!
For anyone migrating a PAN VM-Series on VMWare to Proxmox, none of the suggestions here worked for me unfortunately. Perhaps of note, I was following the procedure to import VMs from ESXi storage via the Proxmox web interface.
The VM appeared to import successfully from the hypervisor perspective, but I ultimately kept landing in maintenance mode on the firewall when booting. I tried a bunch of hardware combinations/settings shared here but without any luck. I also tried re-installing PAN-OS from within maintenance mode without luck. I'm on PAN-OS 10.2.11.
I ultimately had to entirely re-deploy my VM-Series, but rather than reconfigure from scratch, I grabbed a device state backup (Device > Setup > Operations > Export Device State on the PAN) before getting started.
The I downloaded the "PAN-OS for VM-Series KVM Base Image" (.qcow2) from Palo Alto's support portal. I SCP'd the .qcow2 image to my Proxmox host and then used these commands:
[note the VLAN tag on the first interface; my management VLAN is 10 but it might be different for others]
[PA-VM-KVM-10.2.10-h14.qcow2 is the image downloaded from PAN's support site]
1. qm create 121 --name VMPANW --memory 4608 --cores 2 --ostype l26 --machine pc-q35-8.0 --serial0 socket --net0 model=virtio,bridge=vmbr0,tag=10
2. qm disk import 121 PA-VM-KVM-10.2.10-h14.qcow2 local-lvm --format qcow2
3. qm set 121 --scsihw virtio-scsi-single --virtio0 local-lvm:vm-121-disk-0 --boot order=virtio0
Then used this procedure to set the management IP statically:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
Finally, I accessed the new VM-Series and restored the device state backup under Device > Setup > Operations on the PAN.
The VM appeared to import successfully from the hypervisor perspective, but I ultimately kept landing in maintenance mode on the firewall when booting. I tried a bunch of hardware combinations/settings shared here but without any luck. I also tried re-installing PAN-OS from within maintenance mode without luck. I'm on PAN-OS 10.2.11.
I ultimately had to entirely re-deploy my VM-Series, but rather than reconfigure from scratch, I grabbed a device state backup (Device > Setup > Operations > Export Device State on the PAN) before getting started.
The I downloaded the "PAN-OS for VM-Series KVM Base Image" (.qcow2) from Palo Alto's support portal. I SCP'd the .qcow2 image to my Proxmox host and then used these commands:
[note the VLAN tag on the first interface; my management VLAN is 10 but it might be different for others]
[PA-VM-KVM-10.2.10-h14.qcow2 is the image downloaded from PAN's support site]
1. qm create 121 --name VMPANW --memory 4608 --cores 2 --ostype l26 --machine pc-q35-8.0 --serial0 socket --net0 model=virtio,bridge=vmbr0,tag=10
2. qm disk import 121 PA-VM-KVM-10.2.10-h14.qcow2 local-lvm --format qcow2
3. qm set 121 --scsihw virtio-scsi-single --virtio0 local-lvm:vm-121-disk-0 --boot order=virtio0
Then used this procedure to set the management IP statically:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
Finally, I accessed the new VM-Series and restored the device state backup under Device > Setup > Operations on the PAN.