Hello,

Non-network IT type here trying to figure out how to configure our Palo Alto PA-3020 (which we use for DHCP services) to allow PXE boot from our K2000 to image new Windows laptops.

Booting from the USB stick has always worked. Now with the new release of the K2000 (v7) we're looking to move beyond the USB stick to direct network boot from the K2000.

I have looked at multiple documentation (from KACE, Quest, and general internet googling) that talks about using DHCP Options 66 and 67 (perhaps 43 for the vendor ID or even 244 if the others don't work). However the instructions to create these entries are generally written for an MS DHCP server and no other brands. While I understand KACE can't provide info for each type of server out there, I have been unable to find anything that even remotely comes close to how this Palo Alto looks and works.

From a standalone PC, I do not see anything on boot-up (F12) that relates to our network or the K2000. It's always Windows Boot Manager and the UEFI internal drive. UEFI is on; Secure boot if off. When I've tried F12 on a blank VM (Virtual Box) I can obtain a DHCP IP address from the network, but the process always times out on TFTP Server not found -- timeout after three attempts. Using other VM products (VMware Fusion, Parallels) did not get that far into the process (though, that could be my configuration of each).

I have attached several screen shots of the Palo Alto interface and the option changes we've done. I'm hoping there's someone else out there using a K2000 with a Palo Alto PA-3020 that might have some insight as to what might be going on (or going wrong!).

Appreciation in advance!
Steve


(sorry for the sideways pictures; must be this portal)
nBccTa.jpeg 5dc7gs.jpeg ZDoYNq.jpeg nzpNtU.jpeg
1 Comment   [ + ] Show Comment

Comments

  • Have you got this issue solved? We are experiencing the same challenge with K2000 and Palo Alto DHCP server.
Please log in to comment

Answers

0
Since this is a non-Microsoft server I would recommend updating the file direct rather than setting option codes. If the system has pfsense you might be able to add the code or may have to contact Palo Alto support for how to configure. 

Should look something like this to set options on PXE boot if its a feature supported with the service.

option arch code 93 = unsigned integer 16; # RFC4578
option custom-lan-0 code 244 = ip-address;
[...]
subnet 172.16.2.0 netmask 255.255.255.0 {
    pool {
        range 172.16.2.50 172.16.2.99;
    }
    option routers 172.16.2.5;
    option domain-name-servers 172.16.2.5;
    option custom-lan-0 172.16.2.174;
    next-server 172.16.2.174;
    if option arch = 00:06 {      # This entry is for PXE booting systems with 
        filename "ipxe.efi";        # 32-bit UEFI firmware, which isn't supported
    } else if option arch = 00:07 {
        filename "ipxe.efi";
    } else if option arch = 00:09 {
        filename "ipxe.efi";
    } else {
        filename "undionly.kpxe";
    }
Answered 03/27/2017 by: TheAustinDave
Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity