Palo Alto Network NGFW

What better way to get to know the Palo Alto Security Operating Platform than installing it on your laptop and using it. Here is the lab I have setup on my laptop. You can also do this in the cloud using AWS for example as the image I am using is the VM-Series from Palo Alto that is built for protecting your cloud infrastructure but for now I am going to be running it locally on my laptop. I’ll set it up in the cloud on AWS in another blog post.

Palo Alto VM-Series in VMWare Workstation Pro

To do this you’ll need the Palo Alto VM-Series image from Palo Alto, VMware Workstation Pro software to run the Palo Alto VM-Series image on and also a Window 10 image again used within VMware. I’m using the PA-VM-ESX-8.1.0.vmx image here.

Once you have the PA VM-Series image file downloaded you’ll need to install it into VMware Workstation Pro, you can use a 30 day evaluation of the Workstation Pro software but after that you’ll have to buy a license if you would like to continue using it. The same goes for the Windows 10 image you’ll need to add it into VMware Workstation.

I’ve also setup some extra VMnets so I can connect up the topology as shown above this can be done via Edit–>Virtual Network Editor. Click on Change Settings (Admin level is required here) and then click on Add Network. One thing I did was deselected the option to use local DHCP as I wanted to add my own IP addresses as such:

  • vmnet 1 :
  • vmnet 2:
  • vmnet 3:
  • vmnet 4:

Although I’m not using all of these from the start it is good to have them configured if I want to connect another network into my lab.
Next thing to do is to power up the VM-Series NGFW once booted you’ll get prompted to enter in a username and password which is admin/admin by default.

Also during bootup you’ll see a DHCP message with the IP address that has been assigned to the management interface, in my case it was to log into the GUI just open up a browser and type in the address in the address field as note you’ll get a warning about the site not being trusted as it is a self-signed certificate just click on Advanced and add it as an exception and it will load the GUI login page, again the username and password is the same here admin/admin.

You’ll end up with a page something like this.

Palo Alto GUI