: Use an ISO File to Deploy the VM-Series Firewall
Focus
Focus

Use an ISO File to Deploy the VM-Series Firewall

Table of Contents

Use an ISO File to Deploy the VM-Series Firewall

If you want to pass a script to the VM-Series firewall at boot time, you can mount a CD-ROM with an ISO file. The ISO file allows you to define a bootstrap XML file that includes the initial configuration parameters for the management port of the firewall. The VM-Series firewall on first boot checks for the bootstrap-networkconfig.xml file, and uses the values defined in it.
If a single error is encountered in parsing the bootstrap file, the VM-Series firewall will reject all the configuration in this file and boot with default values.
  1. Create the XML file and define it as a virtual machine instance.
    In this example, the VM-Series firewall is called PAN_Firewall_DC1.
    For example:
    user-PowerEdge-R510:~/kvm_script$ sudo vi /etc/libvirt/qemu/PAN_Firewall_DC1.xml 
    user-PowerEdge-R510:~/kvm_script$ sudo virsh define/etc/libvirt/qemu/PAN_Firewall_DC1.xml 
    Domain PAN_Firewall_DC1_bootstp defined from /etc/libvirt/qemu/PAN_Firewall_DC1.xml 
    user-PowerEdge-R510:~/kvm_script$ sudo virsh -q attach-interface PAN_Firewall_DC1_bootstp bridge br1 --model=virtio --persistent 
    user-PowerEdge-R510:~/kvm_script$ virsh list --all 
     Id    Name                         State 
    --------------------------------------------- 
     -   PAN_Firewall_DC1_bootstp     shut off 
  2. Create the bootstrap XML file.
    You can define the initial configuration parameters in this file and name it bootstrap-networkconfig.
    If you do not want to include a parameter, for example panorama-server-secondary. Delete the entire line from the file. If you leave the IP address field empty, the file will not be parsed successfully.
    Use the following example as a template for the bootstrap-networkconfig file. The bootstrap-networkconfig file can include the following parameters only:
    <vm-initcfg> 
    <hostname>VM_ABC_Company</hostname> 
    <ip-address>10.5.132.162</ip-address> 
    <netmask>255.255.254.0</netmask> 
    <default-gateway>10.5.132.1</default-gateway> 
    <dns-primary>10.44.2.10</dns-primary> 
    <dns-secondary>8.8.8.8</dns-secondary> 
    <panorama-server-primary>10.5.133.4</panorama-server-primary> 
    <panorama-server-secondary>10.5.133.5</panorama-server-secondary> 
    </vm-initcfg> 
  3. Create the ISO file. In this example, we use mkisofs.
    Save the ISO file in the images directory (/var/lib/libvirt/image) or the qemu directory (/etc/libvirt/qemu) to ensure that the firewall has read access to the ISO file.
    For example:
    # mkisofs -J -R -v -V "Bootstrap" -A "Bootstrap" -ldots -l -allow-lowercase -allow-multidot -o <iso-filename> bootstrap-networkconfig.xml
  4. Attach the ISO file to the CD-ROM.
    For example:
    # virsh -q attach-disk <vm-name> <iso-filename> sdc --type cdrom --mode readonly –persistent\