Palo Alto Networks Knowledgebase: PAN-OS 7.1 Support for VMware tools on PA-VM platforms and Panorama VM
PAN-OS 7.1 Support for VMware tools on PA-VM platforms and Panorama VM
Created On 08/05/19 19:57 PM - Last Updated 08/05/19 20:11 PM
What are VMware tools?
A package of binaries, scripts and drivers provided by VMware. When installed on a virtual appliance, VMware tools allow the VI admins additional management capabilities, such as access to management IP and resource utilization telemetry data through the vCenter Server.
Enterprises use VMware-provided management tools, such as vCenter, to manage their Virtualized Infrastructure (VI). VI admins of large enterprises mandate that all virtual appliances on ESXi expose these capabilities enabled by VMware Tools. Not having the VMware Tools on Panorama VM and VM‐Series impedes the ability to deploy in those environments.
Palo Alto Networks has added the ability to integrate VMware Tools on Panorama and PA-VM platforms.
Regular maintenance of ESXi hosts
Virtual appliances need to be gracefully shut down and migrated to other ESXi hosts.
Using only the power options to force shutdown of the virtual appliances risks disk corruption.
We need to ensure when a shutdown is triggered from vCenter, we trap that and perform a graceful PAN‐OS shutdown.
Expose PAN‐OS version as the Guest OS version.
NSX environments To create Security Groups in NSX Service Composer and write NSX distributed firewall rules, the administrators have to manually add the IP addresses since management IP addresses of Panorama and VM‐300 are not available through vCenter.
Administrators routinely collect and report on the disk utilization of virtual appliances.
In Panorama and PA-VM, Palo Alto Networks performs its own disk quota management on VMDKs, so this is not useful information that an administrator can act upon, but since it is part of some customers’ standard operating procedures, absence of this ability makes adoption difficult.
The heartbeat interval of VMware agent can be changed from the CLI: > debug vm-agent set interval <value> <0-120> Set heartbeat interval in seconds
If the value is set to zero, then heartbeats are disabled Current interval can be checked as well: Default value = 5 seconds
> debug vm-agent show interval cfg.general.vm-heartbeat-interval: 5