Palo Alto Firewall

What you need


To get a Palo Alto virtual firewall working and see how to configure its basic security settings.

Downloading the OVA File

Go to the page linked below, and log in with the credentials given in class.

Downloading the Virtual Machines

Find the "CNIT 140" section and download the Palo Alto Firewall file.

You end up with a 1.7 GB file named PA-VM-ESX-7.1.0.ova.

Importing the OVA File into VMware Fusion

In VMware Fusion, click File, Import.

Browse to the PA-VM-ESX-7.1.0.ova file and double-click it.

In the "Choose an Existing Virtual Machine" window, click the Continue button.

Choose a location to save your Palo Alto VM and click the Save button.

Wait till the import completes. Then click the Finish button.

The Palo Alto starts up, saying "Welcome to the PanOS Bootloader".

Logging in to the Palo Alto Directly

This may be the most secure method, but not a very convenient one.

In the VM window, at the "vm login" prompt, log in with these credentials:

Username: admin
Password: admin

You're in, as shown below:

Using Help

Type ?

A list of available commands appears, as shown below.

Type show? to see a list of parameters for the "show" command.

Using the Web Interface

Open a Browser and go to

Accept the certificate, and log in as admin/admin.

In the Welcome box, click Close.

You now have the PAN GUI, as shown below.

Changing the Administrator Password

At the top right, click Device.

Near the top of the left pane, click Administrators.

In the center pane, click the blue admin.

A box appears, allowing you to change the password, as shown below.

Configure the Management Interface

Select Device > Setup > Management and then edit the Management Interface Settings.

Enter the IP Address, Netmask, and Default Gateway. (Leave them alone).

To prevent unauthorized access to the management interface, it is a best practice to Add the Permitted IP Addresses from which an administrator can access the MGT interface.

Set the Speed to auto-negotiate.

Select which management services to allow on the interface.

Make sure Telnet and HTTP are not selected because these services use plaintext and are not as secure as the other services and could compromise administrator credentials.

Click OK.

Commit Your Changes

At the top right of the Web interface, click Commit.

A Commit box pops up. Click Commit.

The device may take up to 90 seconds to save your changes.

request shutdown system

To add another NIC

Add it through the GUI, then edit the VMX file and change the the virtualDev line to this:
ethernet2.virtualDev = "vmxnet3"


Initial Configuration

PAN 1: PAN-OS® Command Line Interface (CLI) Reference Guide
PAN 2: PAN-OS� 7.0 CLI Quick Start
PAN 3: CLI Cheat Sheets
PAN 4: Use the Command Line Interface (CLI)
PAN 5: Importing an OVA file into VMware Fusion

Modified 11-19-16 by Sam Bowne