Coming from Cisco VIRL, I found Eve incredibly simple to setup. It not only supports Cisco images, but other vendors as well, such as Palo Alto. In this tutorial I'll be installing the Palo Alto image on an Eve server hosted in VMware Fusion.
- EVE-NG version: 2.0.3-110
- QEMU version: 2.4.0
- macOS Catalina 10.15.4
- Palo Alto 8.1.10
- You need to have Eve setup already. I'm not going to run through that because it's as simple as downloading the OVA and importing it into your hypervisor of choice.
- You need access to a Palo Alto virtual machine image.
- Your local network has a DHCP server.
Follow this article to convert your Palo Alto OVA image to
qcow2 format. It is quite simple. The process goes like this:
- Upload the OVA to the Eve server using SCP or SFTP.
- Uncompress the OVA file to produce a VMDK:
tar xf PA_VM_FILENAME.ova
- Convert the VMDK to qcow2 format:
/opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 PA_VM_FILENAME.vmdk virtioa.qcow2
- Move the qcow2 image to the correct directory on the Eve server.
mv virtioa.qcow2 /opt/unetlab/addons/qemu/paloalto-7.0.1
- Fix permissions.
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Now when you go to add a Palo Alto node, the “Add Node” dropdown will colorize the Palo Alto option in blue, and you can click it.
You can add multiple code versions if you have them as well if you need to stress test a new version in Pre Prod or something like that.
By default, Eve will connect you to the Palo Alto via VNC. VNC is trash, so let’s change that.
In order to connect to the Palo Alto GUI you need to connect the PA node to an Eve management network, like so:
- Create the management node in your Eve lab clicking Add > Network > Select Type: Management
- Connect the PA VM to the node.
- Your PA node is now bridged to VMware’s management network. In my case, it simply bridges the VM directly to my LAN so that the Palo Alto acquire an IP from my local DHCP server, and I can connect to it locally.
- Make sure that you connect to the
mgmtport on the Palo Alto. No other interface will work.
- If you want to be able to connect to the CLI, edit the PA node and change Console to
telnet. (Why on Earth it defaults to
vncis beyond me). I recommend that you change this before you start the VM, because you cannot change it while it’s running. I do this so that I can monitor the VM boot status, that way I can clearly see when it’s ready to connect to locally.
- Boot up the Palo Alto. WARNING: Be patient! The CLI console prompt transitions through following prompts on a PA-500 before it is ready to accept admin/admin login:
1. 500 login:2. PA-HDF login:3. PA-VM login:It is at prompt #3 (need to hit enter to check if the prompt changed), that the device is ready to accept the admin/admin username/password to allow login. Once the PA gets to this screen, give it 5 more minutes.
Generally speaking, once you see that DHCP prompt, you’re good to go.
- If everything is setup correctly, the VM will pull an IP from your local DHCP server. Now you can connect via HTTPS/443.
If you get stuck, this information might help.
Here is Eve’s VM network settings:
Here is VMware Fusions global network settings: