Planning

This guide provides specific information pertinent to delivering the Palo Alto Networks Firewall 11.0 Essentials pod. The NETLAB+ Virtual Machine Infrastructure provides the prerequisite guidance for setting up your Proxmox VE infrastructure, and this document assumes that you have set up virtual machine infrastructure in accordingly, including:

  • An introduction to virtualization using NETLAB+

  • Detailed setup instructions for standing up Proxmox VE

  • Virtual machine and virtual pod management concepts using NETLAB+

Pod Creation Workflow

The following list is an overview of the pod setup process.

  1. Restore virtual machine images required from the NDG VM Distribution System.

  2. Make the necessary adjustments to each virtual machine in the environment.

    • Insert/Verify manual MAC addresses.

    • Change the default network to SAFETY_NET.

    • Any other configuration changes mentioned in this guide.

  3. Import the deployed virtual machines to the NETLAB+ Virtual Machine Inventory.

  4. Create a master pod from the master virtual machines.

  5. Activate or license the required software on each virtual machine when prompted.

  6. Take a snapshot of each virtual machine deployed labeled GOLDEN after all configurations and licensing have taken effect. The GOLDEN snapshot is used to clone virtual machine images for host templates.

  7. Use the NETLAB+ Pod Cloning feature to create template pod on each host used in the NETLAB+ environment.

  8. Use the NETLAB+ Pod Cloning feature to create student pods from the template pod.

Pod Resource Requirements

The Palo Alto Networks Firewall 11.0 Essentials pod will consume 64.0 GB of storage per template pod instance.

The following table provides details of the storage requirements for each of the virtual machines in the pod.

Pod Resources

Virtual Machine

Deployed VM (GB)

Maximum Memory (GB)

Client

20.6

4

Firewall

32.4

5.5

DMZ

8.7

4

VRouter

2.3

0.5

Total

64.0

14.0

Proxmox VE Host Requirements

Please refer to the NDG website for specific Proxmox VE host requirements to support virtual machine delivery: https://www.netdevgroup.com/products/requirements/

The deployment of the Palo Alto Networks Firewall 11.0 Essentials requires Proxmox VE version of 8.4 or greater.

Note

The number of active pods that can be used simultaneously depends on the NETLAB+ product license and the number of Proxmox VE host servers meeting the hardware requirements specifications.

NETLAB+ Requirements

Installation of Palo Alto Networks Firewall 11.0 Essentials pods, as described in this guide, requires that you are running NETLAB+ VE 25.0.0 or greater. Previous versions of NETLAB+ do not support requirements for the Palo Alto Networks Firewall 11.0 Essentials pod on the Proxmox VE physical host servers. Please refer to the NETLAB+ Virtual Machine Infrastructure.

NETLAB+ Virtual Machine Infrastructure Setup

The NETLAB+ Virtual Machine Infrastructure setup is described in the following sections of the NETLAB+ Virtual Machine Infrastructure:

  • Registering a Virtual Datacenter in NETLAB+

  • Adding hosts in NETLAB+

Networking Requirements

To accommodate the movement of large VMs and ISO disk images from one host to another, gigabit Ethernet or better connectivity is recommended to interconnect your NETLAB+ and Proxmox VE host systems.

It is recommended to interconnect your servers are described in detail in the Networking section of the NETLAB+ Designated Operating Environment.

Pod Internet Access

The pods for the Palo Alto Networks Firewall 11.0 Essentials course each require Internet access. This access is required for licensing the Master pod as well as the various lab objectives in the student pods.

This environment is designed to leverage one Linux Bridge per host that attaches to a network that has a DHCP server to assign IPv4 addresses that are routable to the Internet.

This lab environment is also designed to leverage the public DNS servers 8.8.8.8 and 4.2.2.2. This Linux Bridge must be able to access those servers, which may require adjustments in a firewall if applicable.

Completing the NETLAB+ Pod Internet Access and Use Agreement

Warning

You are required to complete the NETLAB+ Pod Internet Access and Use Agreement prior to obtaining access to the pod or content for this course.

Due to the security and legal implications regarding accessing the Internet from within the pod, we require that you agree to the terms contained within this online document prior to obtaining access to the pod or content for this course: https://www.netdevgroup.com/content/paloalto/agreement