| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <W7-9ud6OsKlsNj2TxreqwNR_nZuD6PvhV8zMRFNgZd67mh1eKrzugdgVtRJOouvoJ0tXr3ksDXF6QiSr6s7qBASErhpZT-oRrOlizjTFcJU=@protonmail.com>
Date: Mon, 31 Mar 2025 22:22:19 +0000
From: Turritopsis Dohrnii Teo En Ming <teo.en.ming@...tonmail.com>
To: Linux Networking <netdev@...r.kernel.org>
Cc: "ceo@...-en-ming-corp.com" <ceo@...-en-ming-corp.com>
Subject: Overall Summary of Installing and Configuring Palo Alto VM-Series Software Firewall 10.0.4 in Ubuntu Desktop 22.04.5 LTS KVM Host
Subject: Overall Summary of Installing and Configuring Palo Alto VM-Series Software Firewall 10.0.4 in Ubuntu Desktop 22.04.5 LTS KVM Host
Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 31 Mar 2025 Monday
DETAILED INSTRUCTIONS
=======================
Download and install Ubuntu Desktop 22.04.5 LTS on a hardware appliance with 3 or 4 network interface cards.
Please *DO NOT* install and run openssh-server, as Advanced Persistent Threats (APT) hackers may use this avenue to hack into your Ubuntu KVM host.
On the morning of 30 March 2025 Sunday, Advanced Persistent Threats (APT) hackers hacked into my previous installation of Ubuntu KVM host and changed my netplan
configuration. The APT hackers removed all the network interfaces from the network bridges. I have since erased and reinstalled my Ubuntu Desktop 22.04.5 LTS KVM host.
Install KVM and Dependencies
===============================
Run the following command to install KVM, Virt-Manager, and dependencies:
sudo apt update && sudo apt upgrade -y
sudo apt install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager
Verify if KVM is installed:
sudo kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
Start and enable the libvirt service:
sudo systemctl enable --now libvirtd
Download and Prepare the QCOW2 Image
========================================
Download the Palo Alto VM-Series software firewall QCOW2 image from Palo Alto Networks.
The filename of my image is PA-VM-KVM-10.0.4.vm_eval.qcow2.
Copy the image to the KVM images directory:
sudo cp PA-VM-KVM-10.0.4.vm_eval.qcow2 /var/lib/libvirt/images/
Adjust file permissions:
sudo chown libvirt-qemu:kvm /var/lib/libvirt/images/PA-VM-KVM-10.0.4.vm_eval.qcow2
sudo chmod 644 /var/lib/libvirt/images/PA-VM-KVM-10.0.4.vm_eval.qcow2
Configuring Multiple Interfaces for the Palo Alto VM-Series software firewall
==============================================================================
To configure ***multiple interfaces*** for the Palo Alto VM-Series firewall on Ubuntu KVM, follow these steps:
Identify Network Interfaces
================================
First, determine the network interfaces available on your KVM host using:
ip link show
You'll need at least:
1 interface for management
1 or more interfaces for data traffic (inside, outside, DMZ, etc.)
Create Network Bridges
=====================================
If you want Palo Alto firewall to be on different networks, create Linux bridges.
Install bridge utilities:
sudo apt install bridge-utils
Configure bridges in Netplan (/etc/netplan/01-netcfg.yaml):
sudo nano /etc/netplan/01-netcfg.yaml
My netplan configuration:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
enp2s0:
dhcp4: no
enp3s0:
dhcp4: no
enp4s0:
dhcp4: no
bridges:
br0:
interfaces: [enp1s0]
dhcp4: yes
br1:
interfaces: [enp2s0]
dhcp4: no
br2:
interfaces: [enp3s0]
dhcp4: no
br3:
interfaces: [enp4s0]
dhcp4: no
cd /etc/netplan
sudo chmod 600 01-netcfg.yaml
Apply changes:
sudo netplan apply
sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.da16c5ba83c0 yes enp1s0
br1 8000.2a1de38524c1 yes enp2s0
br2 8000.2ac0bc028fe3 yes
br3 8000.4eb2b8fe7743 yes
virbr0 8000.525400f9e6d6 yes
Perform a reboot of Ubuntu KVM host.
sudo reboot
Create a Virtual Machine Using Virt-Manager (GUI)
=====================================================
Use the following guide.
Guide: VM-Series Deployment Guide: Provision the VM-Series Firewall on a KVM Host
Link: https://docs.paloaltonetworks.com/vm-series/10-0/vm-series-deployment/set-up-the-vm-series-firewall-on-kvm/install-the-vm-series-firewall-on-kvm/install-the-vm-series-firewall-using-virt-manager/provision-the-vm-series-firewall-on-a-kvm-host
Start the Virtual Machine Manger (GUI).
sudo virt-manager
Configure the Palo Alto firewall virtual machine as per above guide.
You need to set the date of PA-VM 10.0.4 virtual machine to 12 Sep 2021, which is 111833956 seconds ago.
sudo virsh edit PA-VM-KVM-10.0.4
<clock offset='variable' adjustment='-111833956' basis='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
Start the virtual machine in Virtual Machine Manager (GUI).
sudo brctl show
bridge name bridge id STP enabled interfaces
br0 8000.da16c5ba83c0 yes enp1s0
vnet4
br1 8000.2a1de38524c1 yes enp2s0
vnet5
br2 8000.2ac0bc028fe3 yes vnet6
br3 8000.4eb2b8fe7743 yes vnet7
virbr0 8000.525400f9e6d6 yes
You MUST wait for PA-HDF login prompt to change to PA-VM login prompt. The waiting time is usually around 10 minutes.
Open your web browser and access the Palo Alto VM-series firewall web login page at https://<IP address>
Login with the default username and password of admin/admin.
Change the admin password immediately.
Configuring the Palo Alto VM-Series Software Firewall
======================================================
Use the following 2 guides.
Guide 1: Example Configuration for Palo Alto Network VM-Series in GCP
Link: https://docs.aviatrix.com/documentation/latest/security/paloalto-vmseries-gcp.html
Guide 2: Setting up a Palo Alto Networks Firewall for the First Time
Link: https://rowelldionicio.com/setting-up-palo-alto-networks-firewall-first-time/
Please note that Guide 2 is more detailed and comprehensive.
Outstanding Issues / Issues Pending to be Resolved
===================================================
As of 31 Mar 2025 Monday at 4.34 PM, when I connect my laptop to Port 2 on my hardware appliance, which is mapped to network bridge br1, which is in turn mapped to ethernet1/2 (LAN) in the Palo Alto VM-Series software firewall, there is still no network connectivity at all. I can't get an IP address from the Palo Alto firewall DHCP server and I can't ping the LAN gateway 192.168.1.1 at all.
Currently the network bridge mapping is:
br0 => ethernet1/1 (WAN)
br1 => ethernet1/2 (LAN)
Perhaps there could be issues with Port 2 on my hardware appliance, or the network bridge br1 may not be working properly. I have flushed all the iptables firewall rules on the Ubuntu KVM host and there is still no network connectivity between my laptop and Port 2 on the hardware appliance.
I suspect I could have done the network bridge mapping wrongly and this could turn out to be the real scenario:
br0 - MANAGEMENT - ethernet1/1
br1 - WAN - ethernet1/2 (untrust, outside)
br2 - LAN - ethernet1/3 (trust, inside)
If I have done the network bridge mapping wrongly, I will have to configure the Palo Alto VM-Series firewall all over again.
Let me check with Palo Alto Networks technical support. At the mean time, please advise whether my netplan configuration for my Ubuntu KVM host is correct or not.
Lastly, the command for connecting to the console of Palo Alto VM-Series software firewall.
sudo virsh console PA-VM-KVM-10.0.4
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
31 March 2025 Monday 5.15 PM
Powered by blists - more mailing lists