Create Linux Instances in the Alibaba Cloud VPCs

Deploy the router instance for Router 2.
In Alibaba Cloud, select
Elastic Compute Service (ECS)
; then, select
Instances
.

Select
Create Instance
.
Select
Custom
, then select the preferred billing method.
Select the same
Region
and
Zone
that you selected for VPC 2.

Select the following parameters:
In the
Interface Type
area, select a
vCPU
of
2 vCPU
and a
Memory
of
4 GiB
.
In the
Image
area, select
Linux
and
16.04 64bit
.
In the
Storage
, leave the
System Disk
size as
Ultra Disk 40 GiB
.
Select
Networking
at the bottom of the page to continue to the
Networking
area.

Select the following parameters:
In the

Network

area, select

VPC

, then select the VPC you created and create a new security group for this instance.

In the

Network Billing Method

area, select

Assign public IP

.

In the

Security Group

area, select

Create Security Group

and create a security group that allows incoming connections on TCP port 22 and UDP ports 500 and 4500.

(

Optional

) If you require more restrictive rules, create them by adding authorization objects.


Select
Next: System Configurations
.

Create a new
Key Pair
or use an existing key pair for SSH access.
Select
Preview
and review the information for the instance to make sure that it is correct; then, select
Create Order
.

A page displays with the new instance.

Test SSH connectivity by opening a CLI session and entering the
ssh -i
key-file
root@
instance-ip
, where
key-file
is the file in which you stored the key and
instance-ip
is the public IP of the instance shown in the previous screenshot as
(Internet)
.
Deploy the VM-series firewall instance for Router 1.
Set up a VM-Series firewall on Alibaba Cloud.
Create three elastic network interfaces (ENIs) in Alibaba cloud.
Create an ENI for the Mgmt vSwitch with a public IP address.
Create an ENI for the Untrust vSwitch (ethernet1/1 on the firewall) with an elastic IP address.
Create an ENI for the Trust vSwitch (ethernet1/2 on the firewall) without a public IP address.
The following screenshot shows the VM-series network interfaces, with the EIP address you created in a previous step assigned to the Trust interface (
Trust-ENI
), the Untrust interface (
ENI-Untrust
), and the management interface.

Create and configure the VM-series firewall.
When complete, your configuration should look match the configuration that is shown on the following Alibaba Cloud screens:
Instance details:



Security groups in VPC 1:






Decide which static private IP addresses you want to use for the VM-series instance and make a note of them.
Verify that you can connect to the management interface of the firewall by opening a browser and entering
http://
public-ip-of-primary-interface
, where
public-ip-of-primary-interface
is the public IP address of the primary interface.