Palo Alto - Panorama
Moderator: mike
-
- Posts: 9
- Joined: Wed Apr 11, 2018 6:22 pm
Palo Alto - Panorama
I have been trying to get panorama 7.1.0 working with qemu but no luck. I can get the PA firewall running just fine.
Using VNC I can watch it boot, I see all of the linux processes start (NTP Fails), get the panorama login screen, then after a minute or so I get a "switching to run level: 6". It reboots three times then fails to the recovery screen.
At the recovery screen I have tried to do a factory reset, disk image, and content rollback but it always fails. I end up at some "PA-CMS Login" and it does the same three reboots and goes back to the recovery screen.
The same image boots fine in ESXi and it only has the same failure for the NTP service. The only difference I see between ESXi and qemu is the following error in qemu.
cpld cpld.1536: Failed to request region 0x600-0x63f
Using VNC I can watch it boot, I see all of the linux processes start (NTP Fails), get the panorama login screen, then after a minute or so I get a "switching to run level: 6". It reboots three times then fails to the recovery screen.
At the recovery screen I have tried to do a factory reset, disk image, and content rollback but it always fails. I end up at some "PA-CMS Login" and it does the same three reboots and goes back to the recovery screen.
The same image boots fine in ESXi and it only has the same failure for the NTP service. The only difference I see between ESXi and qemu is the following error in qemu.
cpld cpld.1536: Failed to request region 0x600-0x63f
-
- Posts: 5084
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Palo Alto - Panorama
Panorama has issues run on KVM image...
So use esxi version connected to eve Palo over cloud..
UD
So use esxi version connected to eve Palo over cloud..
UD
-
- Posts: 9
- Joined: Wed Apr 11, 2018 6:22 pm
Re: Palo Alto - Panorama
You have to boot it to maintenance mode and do a debug reboot. It will reboot fine and you can run everything.
The problem is that normal boot tries to launch vmware services which fail because it is running on QEMU and not vmware. Doing a debug reboot will still keep the system fully operational even if a service fails to start.
I have been running QEMU panorama for almost a week now it is doing everything that it can do on vmware besides the vmware tools extensions... which aren't even available on QEMU.
I booted an Ubuntu image and mounted a panorama disk to see look at the services, and normal etc files to see what would be failing on startup but everything is a binary and the startup scripts are limited.
This is the second reply to me where you stated that, things don't run on QEMU... because.
The problem is that normal boot tries to launch vmware services which fail because it is running on QEMU and not vmware. Doing a debug reboot will still keep the system fully operational even if a service fails to start.
I have been running QEMU panorama for almost a week now it is doing everything that it can do on vmware besides the vmware tools extensions... which aren't even available on QEMU.
I booted an Ubuntu image and mounted a panorama disk to see look at the services, and normal etc files to see what would be failing on startup but everything is a binary and the startup scripts are limited.
This is the second reply to me where you stated that, things don't run on QEMU... because.
-
- Posts: 5084
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Palo Alto - Panorama
No need to be angry,
because panorama have not original KVM image and it is known issue that VM ware tools are required..
Regular user cannot do what you are doing...
Appreciate for your tests..
because panorama have not original KVM image and it is known issue that VM ware tools are required..
Regular user cannot do what you are doing...
Appreciate for your tests..
-
- Posts: 9
- Joined: Wed Apr 11, 2018 6:22 pm
Re: Palo Alto - Panorama
I'm not angry. There isn't a need to immediately say... it just doesn't work, live with it. If that is your first response it really isn't necessary. Fact of the matter, I am using ISRv and I am using panorama in QEMU. I am also using CSR denali, everest, and fuji in QEMU with dot1q working.
For panorama, regular users can do it.
You just type maint in the console when it first boots, then select maint boot, and select debug reboot when you make it to maintenance mode. To study panorama you only need one with multiple KVM based PA-VM.
All of the features are available and you do not need vmtools to run panorama.
For panorama, regular users can do it.
You just type maint in the console when it first boots, then select maint boot, and select debug reboot when you make it to maintenance mode. To study panorama you only need one with multiple KVM based PA-VM.
All of the features are available and you do not need vmtools to run panorama.
-
- Posts: 1
- Joined: Thu Dec 28, 2017 10:56 pm
Re: Palo Alto - Panorama
Thanks man for testing these out and feeding back to community!! This and other poststunerX wrote: ↑Sat Apr 21, 2018 12:41 amYou have to boot it to maintenance mode and do a debug reboot. It will reboot fine and you can run everything.
The problem is that normal boot tries to launch vmware services which fail because it is running on QEMU and not vmware. Doing a debug reboot will still keep the system fully operational even if a service fails to start.
I have been running QEMU panorama for almost a week now it is doing everything that it can do on vmware besides the vmware tools extensions... which aren't even available on QEMU.
I booted an Ubuntu image and mounted a panorama disk to see look at the services, and normal etc files to see what would be failing on startup but everything is a binary and the startup scripts are limited.
This is the second reply to me where you stated that, things don't run on QEMU... because.
-
- Posts: 4
- Joined: Wed Jun 06, 2018 9:52 am
- Location: Россия
- Contact:
Palo Alto Panorama
Starting at Palo Alto Networks PA-500 3,735.00
Ending at Palo Alto Networks PA-4060 66,400.00
The PA-500 is doing things in software which all other models do in hardware.
The model after the PA-500 is the PA-2020 9,960.0
Ending at Palo Alto Networks PA-4060 66,400.00
The PA-500 is doing things in software which all other models do in hardware.
The model after the PA-500 is the PA-2020 9,960.0
-
- Posts: 13
- Joined: Sun Sep 24, 2017 8:47 pm
- Location: Sevilla
Re: Palo Alto - Panorama
I was unable to boot Panorama this way.
I got VM-100 8.0.2 ova, deployed as expected and stopped boot as described. Once I choose maintenance mode, do not progress/boots.
Any idea?
Regards.
I got VM-100 8.0.2 ova, deployed as expected and stopped boot as described. Once I choose maintenance mode, do not progress/boots.
Any idea?
Regards.
-
- Posts: 5084
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Palo Alto - Panorama
get Panorama QCOW2 image, that works !!!
-
- Posts: 13
- Joined: Sun Sep 24, 2017 8:47 pm
- Location: Sevilla
Re: Palo Alto - Panorama
Hello again. Got 8.1.2 Qcow2 and used, but still fails:
If I do NOT stop boot, it boots but finish at "PA-CMS login:". Default pwds do not work.
If I stop boot, enter maint mode, now starts maint mode and I can choose Debug restart, but I reach again to "PA-CMS login:"...
What am I doing wrong?
Regards.
If I do NOT stop boot, it boots but finish at "PA-CMS login:". Default pwds do not work.
If I stop boot, enter maint mode, now starts maint mode and I can choose Debug restart, but I reach again to "PA-CMS login:"...
What am I doing wrong?
Regards.