You can download to image of a Palo Alto Networks VM firewall from Palo Alto Networks's support portal.

The image for VMware is an OVA file. You will notice that it only has two NICs when you first deploy it. The first is the management NIC, the second is on the data plane NIC Ethernet 1/1.

When you configure the device and look at the WebUI, you will notice that you can configure all nine Ethernet NICs. However, in order to actually use them, you need to add the NICs to the virtual machine.

If you loaded the OVA into VMware Player or VMware Workstation, you will not get the choice of the type of network adapter to use and VMware will make the adapter device type be E1000. While E1000 works on most operating systems, it does not work on PAN-OS. After adding the NICs you will find that the appliance refuses to boot.

The solution is to edit the *.VMX file in the Virtual Machine's file directory and change the device type from

E1000

to

vmxnet3

Near the bottom of the file you will find references to the new ethernet device. Find the line similar to the following

<pre>ethernet2.virtualDev = "e1000"</pre>

and change e1000 to vmxnet3 like so

<pre>ethernet2.virtualDev = "vmxnet3"</pre>

It is important that the first part of the line is not changed. For example, changing

ethernet2.vnet

to

ethernet0.vnet

will break the machine as it will make the entire file invalid.

Since PAN-OS will not recognise a new interface without rebooting, you may want to add all eight extra NICs in addition to the two default NICs so you end up with one mangment NIC and nine dataplane NICs right away. You don't have to use or configure all of the internfaces in PAN-OS but it means you can then configure them without having to reboot the VM in the future.