Appendix: GNS3 Basics

In this chapter, we’ll be going through the basics in GNS3. Try to play and familiarize yourself with this environment as this is a good tool for network simulations.

Configure Your Palo Alto Firewall Template and Adding the Device

Lets start by modifying the GNS3 template of the Palo Alto firewall by right clicking the existing template, and clicking on “configure template”.

Configure template
Figure A.1: Configure template

Make sure the max amount of RAM is set to at least 4096MB, and the amount of vCPUs are at least 2.

Configure RAM and vCPUs
Figure A.2: Configure RAM and vCPUs

Now close the window, and drag in the Palo Alto device from the left hand pane.

Dragging the Palo Alto
Figure A.3: Dragging the Palo Alto

Once you’ve dragged in the Palo Alto device, right click it, then click “start”.

Starting the Palo Alto
Figure A.4: Starting the Palo Alto

Keep in mind that this device takes a while to start.

Webterm Installation

Let’s begin by clicking “new template” on the bottom left hand of GNS3.

Add a new template
Figure A.5: Add a new template

We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server”, then click Next.

Select "Install an appliance from the GNS3 server"
Figure A.6: Select “Install an appliance from the GNS3 server”

On the next window, search for “webterm”, select the option under “guests”, then click install.

Search for "webterm"
Figure A.7: Search for “webterm”

On the next screen, ensure that “install the appliance on the GNS3 VM”, is already selected, then click Next.

Select "Install the appliance on the GNS3 VM"
Figure A.8: Select “Install the appliance on the GNS3 VM”

On the next screen, click Finish.

Final step of Installation of webterm
Figure A.9: Final step of Installation of webterm

After that, it should appear under all devices in GNS3.

Configure Your Webterm Device with a Static IP

Drag in the webterm device from the left pane. Then once it finishes downloading the docker file, right click it and select “edit config”.

Edit config
Figure A.10: Edit config

A window will pop up containing the device’s network configuration. We want to modify this file to match the specified IP address. The final modification should look like a little like this:

Configure the static IP address
Figure A.11: Configure the static IP address

After these modifications, click on the save button on the bottom right of the window.

Configure a Webterm DHCP Client

We just need to uncomment these 2 lines to enable DHCP. Click on save and we’re done.

Configure the DHCP IP address
Figure A.12: Configure the DHCP IP address

Connect Devices in GNS3

Please see the example in the GIF below (if using an offline version of this book, go to the web version of the appendix of Palo Alto Firewall):

Connecting devices
Figure A.13: Connecting devices

Use NAT in GNS3

The NAT device in GNS3 will allow devices in our virtual topology to communicate with the internet. This device is under the all devices section of GNS3.

Using NAT
Figure A.14: Using NAT

Make sure you select the GNS3VM as the option whenever you see this window (applies for all devices).

Select GNS3 VM
Figure A.15: Select GNS3 VM

Use Kali in GNS3

Sometimes we need to use Kali to demonstrate an attack. Please keep in mind that Kali is used strictly for testing purposes.

Let’s begin by clicking “new template” on the bottom left hand of GNS3.

Create a new template
Figure A.16: Create a new template

We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server”, then click Next.

Select "Install an appliance from the GNS3 server"
Figure A.17: Select “Install an appliance from the GNS3 server”

On the next window, search for “kali”, and select the non “CLI” option.

Search for "kali"
Figure A.18: Search for “kali”

On the next screen, ensure that “install the appliance on the GNS3 VM”, is already selected, then click Next.

Select "Install the appliance on the GNS3 VM"
Figure A.19: Select “Install the appliance on the GNS3 VM”

Next again.

Select Qemu binary
Figure A.20: Select Qemu binary

Expand the “2019” option, and download both missing files. Also, you can download the latest version. Version 2019 is more stable in GNS3.

Select "kali-linux-2019.3-amd64.iso"
Figure A.21: Select “kali-linux-2019.3-amd64.iso”

After that, import the downloaded file to the specified 2019 selection.

Select "kali-linux-2019.3-amd64.iso"
Figure A.22: Select “kali-linux-2019.3-amd64.iso”

It should take a second, but GNS3 will start to load up the ISO into the GNS3VM.

Loading the ISO image
Figure A.23: Loading the ISO image

After that, click the 2019 version again, then click Next.

Ready to install Kali
Figure A.24: Ready to install

Then click Finish.

Final step of configuration
Figure A.25: Final step of configuration

Use WordPress in GNS3

Sometimes we need a basic webserver to demonstrate website functionality. This can be accomplished using the WordPress appliance in GNS3. Start by clicking the new template button on the bottom of the page.

Create a new template
Figure A.26: Create a new template

We want to install an appliance from the GNS3 server.

Select "Install an appliance from the GNS3 server"
Figure A.27: Select “Install an appliance from the GNS3 server”

Lookup “WordPress”, then click Install.

Search for "WordPress"
Figure A.28: Search for “WordPress”

Just press next for the following dialog boxes, and you should now have WordPress!

Verify WordPress Installation
Figure A.29: Verify WordPress Installation

Configure WordPress

After changing the interface configuration, start the machine. You will see a dialogue box:

Running WordPress
Figure A.30: Running WordPress

Press enter and you’ll see the device under some basic configuration. Once you get to the prompt, you can exit that window, and you will have WordPress ready!

WordPress is Ready!
Figure A.31: WordPress is Ready!

Use Switches in GNS3

Usually we just use switches to connect multiple devices together in GNS3. However, it can also be used for VLANs. Start by dragging one in and double clicking it.

Switch Configuration
Figure A.32: Switch Configuration

Here you can see that they are all basically untagged. To configure a specific port, simply double click your desired port.

Double click on port7
Figure A.33: Double click on port7

Configure the necessary settings for them (access is for tagging, dot1q is for trunking).

Select port7 as dot1q
Figure A.34: Select port7 as dot1q

Click on add to apply the changes.

Click on Add to apply the changes
Figure A.35: Click on Add to apply the changes

Then click Apply and OK.

License

Icon for the Creative Commons Attribution 4.0 International License

Palo Alto Firewall Copyright © 2023 by Hamid Talebi, Xavier Cawley is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.