This document outlines the procedure for acquiring and deploying the Palo Alto Networks VM-Series firewall (version 11.0) on a KVM hypervisor. The VM-Series firewall acts as a virtualized next-generation firewall, securing traffic within virtualized data centers or cloud environments. The QCOW2 (QEMU Copy On Write) format is the standard disk image format used by KVM.
Example command line:
If DHCP fails, configure a static IP:
Version 11.0 has specific resource demands to ensure the management plane and data plane boot correctly. Palo Alto Networks | TechDocs Memory (RAM) (8 GB is recommended for better GUI responsiveness). : At least . Ensure the CPU mode is set to host-passthrough ) for optimal performance and compatibility. Disk Space : Allocate at least for the system disk. Interfaces pa-vm-kvm-11.0 0 qcow2 download
qemu-system-x86_64 -enable-kvm -m 4096 -smp 2 \
-drive file=pa-vm-kvm-11.0.0.qcow2,format=qcow2,if=virtio \
-netdev user,id=net0 -device virtio-net,netdev=net0
Important for KVM: Enable CPU host passthrough for optimal performance. Also, ensure your virtualization host supports VT-x/AMD-V and SR-IOV for network interfaces. Technical Guide: Deploying PA-VM-KVM-11