Before you start you will need to get a copy of the Palo Alto virtual machine;
Please do not asked for the PA-VM-KVM-6.1.0.qcow2 image you will need to source this from http://www.paloaltonetworks.com150
To add the Palo Alto image into VIRL follow the steps.
1) Login to the User Workspace Management http://x.x.x.x:19400/user/login/5 and select Subtypes from the menu.
2) Click the Import button located on the top right-hand side and paste in the following config.
"plugin_desc": "Palo Alto Firewall",
Then click Import. This will ADD the new subtype to your existing list.
3) Now select Images from the menu and then click Add
Select the Palo_alto subtype and enter 6.10 for Name/Version and Release , under Source select Local image file and click Browse and select your Palo Alto image file and click Create. After a few minutes you should see a message saying the Image "Palo_alto-6.10" was created.
4) Open VM Maestro and click File -> Preferences -> Node Subtypes and click the Fetch from Server button, then Apply and OK
6) Click on the palo_alto-1 node/object and make sure you have a VM Image assigned as below, your number will be different.
7) Start the Simulation and login to the device using the Console port.
If you are presented with the "PA-HDF login:" you need to close down the console session and try again. The image is still booting. When the image is ready you will get "PA-VM login:" at the prompt.
Login with username: admin password: admin
You now need to configure basic management access.
Because the VIRL management IP address is assigned at runtime, we have to configure our management port on the Palo Alto to MATCH the one assigned by VIRL at run time if we what to use telnet & ssh from the menu.
at the prompt type:
set deviceconfig system ip-address netmask default-gateway dns-setting servers primary
for example I have used:
set deviceconfig system ip-address 172.16.1.121 netmask 255.255.255.0
Once this has been done you should be able to access the device using your web browser over the flat network.
For example : https://172.16.1.121/php/login.php9
8) By default all the interfaces are down; you need to configure basic L3 ip addresses and commit the changes.
Select Network from the menu
Make sure interfaces is selected and click on one of the interfaces
First you need to select Layer 3 as the interface type then under the Config tab select the default Virtual Router from the list.
Next we need to assign a Zone to the interface. Click on the Security Zone and select New Zone.
Create a zone called INSIDE, select L3 as the type and add the interface, then click OK.
Now Click on the IPv4 Tab and enter a valid address/subnet mask, then click OK.
Repeat step 8 for the OUTSIDE zone and then Commit the changes.
Your final result should look like this..
You can Extract the running configuration to an XML file by selecting the Device -> Setup and Operations Tab
Select the "running-config.xml"
Note this file contains the management interface information as well, but you can remove this section from the file and import back in so you don’t overwrite your management access.
I'm also looking at how we can inject the management stack into the bootstrap so we don’t have to configure the management each time the image loads. For the moment you will have to extract / import the configuration or take a snapshot of the VM.