Palo Alto PA-VM#
Palo Alto PA-VM virtualized firewall is identified with
vr-paloalto_panos kind in the topology file. It is built using boxen project and essentially is a Qemu VM packaged in a docker container format.
vr-pan nodes launched with containerlab come up pre-provisioned with SSH, and HTTPS services enabled.
Managing vr-pan nodes#
Containers with Palo Alto PA-VM inside will take ~8min to fully boot.
You can monitor the progress with
docker logs -f <container-name>.
Palo Alto PA-VM node launched with containerlab can be managed via the following interfaces:
Default user credentials:
vr-pan container supports up to 24 interfaces (plus mgmt) and uses the following mapping rules:
eth0- management interface connected to the containerlab management network
eth1- first data interface, mapped to first data port of PAN VM
eth2+- second and subsequent data interface
When containerlab launches vr-pan node, it will assign IPv4/6 address to the
mgmt interface. These addresses can be used to reach management plane of the router.
eth1+ need to be configured with IP addressing manually using CLI/management protocols.
Interfaces will not show up in the cli (
show interfaces all) until some configuration is made to the interface!
Features and options#
vr-pan nodes come up with a basic configuration where only
admin user and management interface is provisioned.
User defined config#
It is possible to make
vr-pan nodes to boot up with a user-defined config instead of a built-in one. With a
startup-config property a user sets the path to the config file that will be mounted to a container and used as a startup config: