Palo Alto VM-Series Software Firewall Keeps Shutting Down in Ubuntu Desktop 24.04.2 LTS KVM

Turritopsis Dohrnii Teo En Ming teo.en.ming at protonmail.com
Wed Mar 26 09:22:46 UTC 2025 

Good day from Singapore,

Later when I reach home, I am going to refer to the following 2 guides.

[1] VM-Series Evaluation Quickstart Guide

Link: https://www.paloaltonetworks.com/resources/guides/vm-series-evaluation-quickstart-guide

[2] VM-Series Deployment Guide: Provision the VM-Series Firewall on a KVM Host

Link: https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-kvm/install-the-vm-series-firewall-on-kvm/install-the-vm-series-firewall-using-virt-manager/provision-the-vm-series-firewall-on-a-kvm-host

Hopefully it will resolve all the issues.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Singapore
26 Mar 2025 Wed




-------- Original Message --------
On 3/26/25 10:52, Turritopsis Dohrnii Teo En Ming via ubuntu-users <ubuntu-users at lists.ubuntu.com> wrote:

>  Subject: Palo Alto VM-Series Software Firewall Keeps Shutting Down in Ubuntu Desktop 24.04.2 LTS KVM
>  
>  Good day from Singapore,
>  
>  I have asked ChatGPT Artificial Intelligence (AI) for assistance in installing and setting up Palo Alto VM-Series Software Firewall
>  PA-VM-KVM-10.2.5.vm_eval.qcow2 in Ubuntu Desktop 24.04.2 LTS KVM.
>  
>  Below are the instructions provided by ChatGPT.
>  
>  I have started installing Palo Alto software firewall on 25 Mar 2025 Tue at 9.00 PM and went to sleep at 2.00 AM on 26 Mar 2025 Wed.
>  
>  Download and install Ubuntu Desktop 24.04.2 LTS on a physical machine with 3 or 4 network interface cards.
>  
>  Ubuntu installer keeps crashing in the normal mode. When I switch over to Safe Graphics mode, Ubuntu installer stops crashing and installs
>  successfully.
>  
>  Install SSH Server on Ubuntu
>  =============================
>  
>  sudo apt install openssh-server
>  
>  Start SSH Server
>  =================
>  
>  sudo systemctl enable --now ssh
>  
>  Install KVM and Dependencies
>  ===============================
>  
>  Run the following command to install KVM, Virt-Manager, and dependencies:
>  
>  sudo apt update && sudo apt upgrade -y
>  
>  sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
>  
>  Verify if KVM is installed:
>  
>  sudo kvm-ok
>  
>  INFO: /dev/kvm exists
>  KVM acceleration can be used
>  
>  Start and enable the libvirt service:
>  
>  sudo systemctl enable --now libvirtd
>  
>  Download and Prepare the QCOW2 Image
>  ========================================
>  
>  Download the Palo Alto VM-Series firewall QCOW2 image from Palo Alto Networks.
>  
>  The filename of my image is PA-VM-KVM-10.2.5.vm_eval.qcow2. Rename it to panos.qcow2.
>  
>  Move the image to the KVM images directory:
>  
>  sudo mv panos.qcow2 /var/lib/libvirt/images/
>  
>  Adjust file permissions:
>  
>  sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/panos.qcow2
>  
>  sudo chmod 644 /var/lib/libvirt/images/panos.qcow2
>  
>  Create a Virtual Machine Using Virt-Manager (GUI)
>  =====================================================
>  
>  Open Virt-Manager:
>  
>  virt-manager
>  
>  Click Create a new virtual machine.
>  
>  Select "Import existing disk image".
>  
>  Browse and select panos.qcow2.
>  
>  Set the following VM specs:
>  
>  CPU: 4 (minimum)
>  
>  RAM: 8GB
>  
>  Disk: 60GB (qcow2 pre-configured)
>  
>  Virtual Machine Name: PaloAlto-VM
>  
>  Network: Bridge or NAT
>  
>  Click Finish and start the VM.
>  
>  To configure multiple interfaces for the Palo Alto VM-Series firewall on Ubuntu KVM, follow these steps:
>  
>  Identify Network Interfaces
>  ================================
>  
>  First, determine the network interfaces available on your KVM host using:
>  
>  ip link show
>  
>  You'll need at least:
>  
>      1 interface for management
>  
>      1 or more interfaces for data traffic (inside, outside, DMZ, etc.)
>  
>  Create Network Bridges (Optional)
>  =====================================
>  
>  If you want Palo Alto to be on different networks, create Linux bridges.
>  
>  Install bridge utilities:
>  
>  sudo apt install bridge-utils
>  
>  Configure bridges in Netplan (/etc/netplan/01-netcfg.yaml):
>  
>  My netplan configuration:
>  
>  network:
>    version: 2
>    renderer: networkd
>    ethernets:
>      enp5s0:
>        dhcp4: no
>      enp3s0:
>        dhcp4: no
>      enp6s0:
>        dhcp4: no
>    bridges:
>      br0:
>        interfaces: [enp5s0]
>        dhcp4: yes
>      br1:
>        interfaces: [enp3s0]
>        dhcp4: yes
>      br2:
>        interfaces: [enp6s0]
>        dhcp4: yes
>  
>  cd /etc/netplan
>  
>  sudo mv 01-network-manager-all.yaml 01-network-manager-all.yaml.bak
>  
>  sudo mv 50-cloud-init.yaml 50-cloud-init.yaml.bak
>  
>  Apply changes:
>  
>  sudo netplan apply
>  
>  Add Multiple Interfaces to the VM
>  ======================================
>  
>  You can add interfaces via virsh (CLI).
>  
>  List networks:
>  
>  sudo virsh net-list --all
>  
>  Attach interfaces:
>  
>  sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br0 --model e1000 --persistent
>  
>  sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br1 --model e1000 --persistent
>  
>  sudo virsh attach-interface --domain PaloAlto-VM --type bridge --source br2 --model e1000 --persistent
>  
>  Check the changes:
>  
>  sudo virsh dumpxml PaloAlto-VM | grep -i interface -A 10
>  
>  Verify Interfaces Inside PAN-OS
>  ==================================
>  
>  Start the VM:
>  
>  sudo virsh start PaloAlto-VM
>  
>  Access the console:
>  
>  sudo virsh console PaloAlto-VM
>  
>  Login with:
>  
>  Username: admin
>  Password: admin
>  
>  Login will FAIL with the default username and default password.
>  
>  Now you must follow the following guide.
>  
>  Thread: Default password not working admin / admin
>  Link: https://live.paloaltonetworks.com/t5/vm-series-in-the-private-cloud/default-password-not-working-admin-admin/td-p/516560
>  
>  Follow the instructions of Spiterman. This is very important.
>  
>  Start the VM:
>  
>  sudo virsh start PaloAlto-VM
>  
>  Access the console:
>  
>  sudo virsh console PaloAlto-VM
>  
>  Login with:
>  
>  Username: admin
>  Password: admin
>  
>  PA-VM keeps shutting down.
>  
>  Delete the virtual machine from virt-manager without deleting the qcow2 image.
>  
>  Guide: KVM - List OS Variants
>  Link: https://wiki.sharewiz.net/doku.php?id=kvm:list_os_variants
>  
>  Create the VM from the terminal:
>  
>  sudo virt-install \
>    --name PaloAlto-VM \
>    --vcpus 4 \
>    --memory 8192 \
>    --disk path=/var/lib/libvirt/images/panos.qcow2,format=qcow2,bus=virtio \
>    --os-variant centos8 \
>    --network bridge=br0,model=virtio \
>    --network bridge=br1,model=virtio \
>    --network bridge=br2,model=virtio \
>    --graphics none \
>    --import
>  
>    Palo Alto software firewall virtual machine (PA-VM) keeps shutting down. After PA-VM boots up and I can see the web login page, it shuts down again
>    after a while.
>  
>    Referring to the Compatibility Matrix for Palo Alto VM-Series Software Firewall Hypervisor Support
>  
>    Link: https://docs.paloaltonetworks.com/compatibility-matrix/reference/vm-series-firewalls/vms-series-hypervisor-support
>  
>    Do I need to downgrade my Ubuntu Desktop 24.04.2 LTS to Ubuntu Desktop 22.04?
>  
>    I am afraid only Ubuntu Desktop 22.04 is supported. I am afraid the latest version of Ubuntu Linux is not supported.
>  
>    I am looking forward to your advice and reply.
>  
>    Thank you.
>  
>    Regards,
>  
>    Mr. Turritopsis Dohrnii Teo En Ming
>    Singapore
>  
>  
>  
>  
>  
>  --
>  ubuntu-users mailing list
>  ubuntu-users at lists.ubuntu.com
>  Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

More information about the ubuntu-users mailing list