Palo Alto VM-Series Software Firewall Keeps Shutting Down in Ubuntu Desktop 24.04.2 LTS KVM
Turritopsis Dohrnii Teo En Ming
teo.en.ming at protonmail.com
Wed Mar 26 02:52:16 UTC 2025
Subject: Palo Alto VM-Series Software Firewall Keeps Shutting Down in Ubuntu Desktop 24.04.2 LTS KVM
Good day from Singapore,
I have asked ChatGPT Artificial Intelligence (AI) for assistance in installing and setting up Palo Alto VM-Series Software Firewall
PA-VM-KVM-10.2.5.vm_eval.qcow2 in Ubuntu Desktop 24.04.2 LTS KVM.
Below are the instructions provided by ChatGPT.
I have started installing Palo Alto software firewall on 25 Mar 2025 Tue at 9.00 PM and went to sleep at 2.00 AM on 26 Mar 2025 Wed.
Download and install Ubuntu Desktop 24.04.2 LTS on a physical machine with 3 or 4 network interface cards.
Ubuntu installer keeps crashing in the normal mode. When I switch over to Safe Graphics mode, Ubuntu installer stops crashing and installs
successfully.
Install SSH Server on Ubuntu
=============================
sudo apt install openssh-server
Start SSH Server
=================
sudo systemctl enable --now ssh
Install KVM and Dependencies
===============================
Run the following command to install KVM, Virt-Manager, and dependencies:
sudo apt update && sudo apt upgrade -y
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
Verify if KVM is installed:
sudo kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
Start and enable the libvirt service:
sudo systemctl enable --now libvirtd
Download and Prepare the QCOW2 Image
========================================
Download the Palo Alto VM-Series firewall QCOW2 image from Palo Alto Networks.
The filename of my image is PA-VM-KVM-10.2.5.vm_eval.qcow2. Rename it to panos.qcow2.
Move the image to the KVM images directory:
sudo mv panos.qcow2 /var/lib/libvirt/images/
Adjust file permissions:
sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/panos.qcow2
sudo chmod 644 /var/lib/libvirt/images/panos.qcow2
Create a Virtual Machine Using Virt-Manager (GUI)
=====================================================
Open Virt-Manager:
virt-manager
Click Create a new virtual machine.
Select "Import existing disk image".
Browse and select panos.qcow2.
Set the following VM specs:
CPU: 4 (minimum)
RAM: 8GB
Disk: 60GB (qcow2 pre-configured)
Virtual Machine Name: PaloAlto-VM
Network: Bridge or NAT
Click Finish and start the VM.
To configure multiple interfaces for the Palo Alto VM-Series firewall on Ubuntu KVM, follow these steps:
Identify Network Interfaces
================================
First, determine the network interfaces available on your KVM host using:
ip link show
You'll need at least:
1 interface for management
1 or more interfaces for data traffic (inside, outside, DMZ, etc.)
Create Network Bridges (Optional)
=====================================
If you want Palo Alto to be on different networks, create Linux bridges.
Install bridge utilities:
sudo apt install bridge-utils
Configure bridges in Netplan (/etc/netplan/01-netcfg.yaml):
My netplan configuration:
network:
version: 2
renderer: networkd
ethernets:
enp5s0:
dhcp4: no
enp3s0:
dhcp4: no
enp6s0:
dhcp4: no
bridges:
br0:
interfaces: [enp5s0]
dhcp4: yes
br1:
interfaces: [enp3s0]
dhcp4: yes
br2:
interfaces: [enp6s0]
dhcp4: yes
cd /etc/netplan
sudo mv 01-network-manager-all.yaml 01-network-manager-all.yaml.bak
sudo mv 50-cloud-init.yaml 50-cloud-init.yaml.bak
Apply changes:
sudo netplan apply
Add Multiple Interfaces to the VM
======================================
You can add interfaces via virsh (CLI).
List networks:
sudo virsh net-list --all
Attach interfaces:
sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br0 --model e1000 --persistent
sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br1 --model e1000 --persistent
sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br2 --model e1000 --persistent
Check the changes:
sudo virsh dumpxml PaloAlto-VM | grep -i interface -A 10
Verify Interfaces Inside PAN-OS
==================================
Start the VM:
sudo virsh start PaloAlto-VM
Access the console:
sudo virsh console PaloAlto-VM
Login with:
Username: admin
Password: admin
Login will FAIL with the default username and default password.
Now you must follow the following guide.
Thread: Default password not working admin / admin
Link: https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/default-password-not-working-admin-admin/td-p/516560
Follow the instructions of Spiterman. This is very important.
Start the VM:
sudo virsh start PaloAlto-VM
Access the console:
sudo virsh console PaloAlto-VM
Login with:
Username: admin
Password: admin
PA-VM keeps shutting down.
Delete the virtual machine from virt-manager without deleting the qcow2 image.
Guide: KVM - List OS Variants
Link: https://wiki.sharewiz.net/doku.php?id=kvm:list_os_variants
Create the VM from the terminal:
sudo virt-install \
--name PaloAlto-VM \
--vcpus 4 \
--memory 8192 \
--disk path=/var/lib/libvirt/images/panos.qcow2,format=qcow2,bus=virtio \
--os-variant centos8 \
--network bridge=br0,model=virtio \
--network bridge=br1,model=virtio \
--network bridge=br2,model=virtio \
--graphics none \
--import
Palo Alto software firewall virtual machine (PA-VM) keeps shutting down. After PA-VM boots up and I can see the web login page, it shuts down again
after a while.
Referring to the Compatibility Matrix for Palo Alto VM-Series Software Firewall Hypervisor Support
Link: https://docs.paloaltonetworks.com/compatibility-matrix/reference/vm-series-firewalls/vms-series-hypervisor-support
Do I need to downgrade my Ubuntu Desktop 24.04.2 LTS to Ubuntu Desktop 22.04?
I am afraid only Ubuntu Desktop 22.04 is supported. I am afraid the latest version of Ubuntu Linux is not supported.
I am looking forward to your advice and reply.
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
More information about the ubuntu-users
mailing list