How to connect to the Palo Alto firewall within the labs

Hello,

I can’t seem to connect to the Palo Alto firewall in the lab to access the GUI. I can see the IP address of the management interface identified in the lab workspace (and on the CLI), but I’m unsure as to how to connect.

I tried via Chrome on the Kali Linux VM, after configuring the interface on eth0, but that routes to the “inside” interface, not the management interface.

How exactly do you access the GUI?

Many thanks for the help.

Hey Dazgour,

Sadly it appears to still be broken. I submitted a ticket to INE support around the 21st of last month and haven’t heard back yet. You are unable to reach the management interface on the Palo as it currently stands, here’s what I discovered in my testing.

• The Kali Linux host is configured to use DHCP, however no DHCP server or DHCP relay is configured on either R1 or R2.
• After manually assigning an IP to the Kali box, I was unable to access the management interface of the PA
• Any attempts at ping/traceroute failed
• Attempted to connect to the PA console so I could verify configuration
• The provided username and password do not allow me to sign in to the device.
• I checked the device configuration and it should default to admin admin, this also does not work.
• I performed a packet capture on the link between the PA and R2, it shows that the PA never responds to ARP requests, likely a misconfigured interface.

Additionally on the topology they have the the 192.168.123.0/24 network listed with a CIDR of 42.

If anyone is aware of a work around I’d love to know as well, I was hoping to be able to do some labbing with Palos.

I was able to connect to the PA console. and the config for the management interface lines up with the IP on the diagram.

I half-heartedly tried troubleshooting this by running a new link direct from Kali to the FW and looked up some info on making the new interface a management interface (and manually configuring the relevant port on Kali), but I was probably missing a step or two, since it didn’t seem to do the job.

Hopefully we’ll hear back about a resolution to this some time soon.

Hello

It takes 5 to even 10 minutes for the firewall processes to come up. Please give it at least this long before you start connecting.

In order to access the device’s GUI you should use the Jumpbox’s browser - not the Kali PC. Just click on the equivalent of the Windows’ Start button (bottom left corner), choose Internet and open Firefox. Then use the IP address and credentials from the topology to login.

Regards
Piotr

Hey there,

Thanks for that reply, I am able to connect from the Host VM itself. None of the previous labs I’ve used had done anything like that, and I guess the instructions weren’t overly clear about which one. Thanks for the assistance!

Thanks, Piotr, for the explanation. I’m able to access the firewall now, so that’s a great help. As Network_Eric mentioned, this lab setup seems to be unique in its approach to accessing the firewall, and I’m sure there are other users out there that have faced this issue.

The access details you’ve given here were very straightforward and easy to follow, and I would recommend adding these steps to the instructions for the first lab in the Palo Alto training series to help future students.

Again, many thanks for your help with this!