Appendix: GNS3 Basics
In this chapter, we’ll be going through the basics in GNS3. Try to play and familiarize yourself with this environment as this is a good tool for network simulations.
Configure Your Palo Alto Firewall Template and Adding the Device
Lets start by modifying the GNS3 template of the Palo Alto firewall by right clicking the existing template, and clicking on “configure template”.
Make sure the max amount of RAM is set to at least 4096MB, and the amount of vCPUs are at least 2.
Now close the window, and drag in the Palo Alto device from the left hand pane.
Once you’ve dragged in the Palo Alto device, right click it, then click “start”.
Keep in mind that this device takes a while to start.
Webterm Installation
Let’s begin by clicking “new template” on the bottom left hand of GNS3.
We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server”, then click Next.
On the next window, search for “webterm”, select the option under “guests”, then click install.
On the next screen, ensure that “install the appliance on the GNS3 VM”, is already selected, then click Next.
On the next screen, click Finish.
After that, it should appear under all devices in GNS3.
Configure Your Webterm Device with a Static IP
Drag in the webterm device from the left pane. Then once it finishes downloading the docker file, right click it and select “edit config”.
A window will pop up containing the device’s network configuration. We want to modify this file to match the specified IP address. The final modification should look like a little like this:
After these modifications, click on the save button on the bottom right of the window.
Configure a Webterm DHCP Client
We just need to uncomment these 2 lines to enable DHCP. Click on save and we’re done.
Connect Devices in GNS3
Please see the example in the GIF below (if using an offline version of this book, go to the web version of the appendix of Palo Alto Firewall):
Use NAT in GNS3
The NAT device in GNS3 will allow devices in our virtual topology to communicate with the internet. This device is under the all devices section of GNS3.
Make sure you select the GNS3VM as the option whenever you see this window (applies for all devices).
Use Kali in GNS3
Sometimes we need to use Kali to demonstrate an attack. Please keep in mind that Kali is used strictly for testing purposes.
Let’s begin by clicking “new template” on the bottom left hand of GNS3.
We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server”, then click Next.
On the next window, search for “kali”, and select the non “CLI” option.
On the next screen, ensure that “install the appliance on the GNS3 VM”, is already selected, then click Next.
Next again.
Expand the “2019” option, and download both missing files. Also, you can download the latest version. Version 2019 is more stable in GNS3.
After that, import the downloaded file to the specified 2019 selection.
It should take a second, but GNS3 will start to load up the ISO into the GNS3VM.
After that, click the 2019 version again, then click Next.
Then click Finish.
Use WordPress in GNS3
Sometimes we need a basic webserver to demonstrate website functionality. This can be accomplished using the WordPress appliance in GNS3. Start by clicking the new template button on the bottom of the page.
We want to install an appliance from the GNS3 server.
Lookup “WordPress”, then click Install.
Just press next for the following dialog boxes, and you should now have WordPress!
Configure WordPress
After changing the interface configuration, start the machine. You will see a dialogue box:
Press enter and you’ll see the device under some basic configuration. Once you get to the prompt, you can exit that window, and you will have WordPress ready!
Use Switches in GNS3
Usually we just use switches to connect multiple devices together in GNS3. However, it can also be used for VLANs. Start by dragging one in and double clicking it.
Here you can see that they are all basically untagged. To configure a specific port, simply double click your desired port.
Configure the necessary settings for them (access is for tagging, dot1q is for trunking).
Click on add to apply the changes.
Then click Apply and OK.