Palo Alto PA-VM#
Palo Alto PA-VM virtualized firewall is identified with vr-pan or vr-paloalto_panos kind in the topology file. It is built using boxen project and essentially is a Qemu VM packaged in a docker container format.
vr-pan nodes launched with containerlab come up pre-provisioned with SSH, and HTTPS services enabled.
Managing vr-pan nodes#
Note
Containers with Palo Alto PA-VM inside will take ~8min to fully boot.
You can monitor the progress with docker logs -f <container-name>.
Palo Alto PA-VM node launched with containerlab can be managed via the following interfaces:
Info
Default user credentials: admin:Admin@123
Interfaces mapping#
vr-pan container supports up to 24 interfaces (plus mgmt) and uses the following mapping rules:
eth0- management interface connected to the containerlab management networketh1- first data interface, mapped to first data port of PAN VMeth2+- second and subsequent data interface
When containerlab launches vr-pan node, it will assign IPv4/6 address to the mgmt interface. These addresses can be used to reach management plane of the router.
Data interfaces eth1+ need to be configured with IP addressing manually using CLI/management protocols.
Info
Interfaces will not show up in the cli (show interfaces all) until some configuration is made to the interface!
Features and options#
Node configuration#
vr-pan nodes come up with a basic configuration where only admin user and management interface is provisioned.
User defined config#
It is possible to make vr-pan nodes to boot up with a user-defined config instead of a built-in one. With a startup-config property a user sets the path to the config file that will be mounted to a container and used as a startup config: