>
    Strata Copilot
    Minimum System Requirements for the VM-Series Firewall on Alibaba Cloud
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Firewall on Alibaba Cloud
    4. Minimum System Requirements for the VM-Series Firewall on Alibaba Cloud
    Download PDF
    VM-Series

    Minimum System Requirements for the VM-Series Firewall on Alibaba Cloud

    Table of Contents

    Minimum System Requirements for the VM-Series Firewall on Alibaba Cloud

    Supply these minimum system requirements to successfully deploy the VM-Series firewall on Alibaba Cloud.
    Where Can I Use This?What Do I Need?
    • Alibaba Cloud International Regions subscription
    • Alibaba Cloud Mainland China subscription
    • VM-Series License (BYOL)
    • VM-Series plugin
    • Panorama

    VM-Series Firewall Software Requirements

    Ensure that you have the software and licenses required to complete a VM-Series deployment on Alibaba Cloud.
    • To deploy the VM-Series firewall on Alibaba Cloud, you must use a VM-Series image you obtain from the Alibaba Marketplace. The image incorporates PAN-0S version 10.0.3 and VM-Series plugin version 2.0.3.
    • Before you deploy, choose the VM-Series ELA or BYOL license, a capacity license, and a subscription bundle. See VM-Series Model License Types.
    • You must be able to SSH into the VM-Series firewall to complete the deployment. If your OS does not support SSH, install third-party software, such as Putty.

    Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall

    Before creating the VM-Series firewall, you must choose an Elastic Compute Service (ECS) instance type that supports the minimum system requirements for your VM-Series model. Review the instance type documentation to ensure the ECS instance type has the resources to secure your network configuration.
    The VM-Series for AliCloud deployed on g6 and g7 instances support Packet MMAP only.
    VM-Series Model
    Elastic Compute Service Instance Type
    VM-100, Software NGFW Credits
    ecs.g5.xlarge
    ecs.g6.xlarge
    ecs.g7ne.xlarge
    ecs.sn2ne.xlarge
    VM-300, Software NGFW Credits
    ecs.g5.xlarge
    ecs.g6.2xlarge
    ecs.g7ne.2xlarge
    ecs.sn2ne.xlarge
    VM-500, Software NGFW Credits
    ecs.g5.2xlarge
    ecs.g6.2xlarge
    ecs.g7ne.2xlarge
    ecs.sn2ne.2xlarge
    VM-700, Software NGFW Credits
    ecs.g5.4xlarge
    ecs.g6.4xlarge
    ecs.g7ne.4xlarge
    ecs.sn2ne.4xlarge
    Software NGFW Credits
    g6 Instance Family
    g7ne Instance Family
    The VM-Series for AliCloud deployed on g5, g6, and g7 instances support Packet MMAP only.
    If you want to specify PacketMMAP, run the following command to disable DPDK for VM-Series on AliCloud: 
    op-cmd-dpdk-pkt-io=off

    Alibaba Cloud CLI

    You will need Aliyun version 3.0.4 or higher to create a VPC and VSwitches for the VM-Series firewall. However, you should plan your network before you start, evaluate the applications you want to protect, and determine where you will deploy the VM-Series firewall to inspect and secure north-south traffic.

    Choose Licenses and Plan Networks

    Evaluate the applications you need to protect and create networks that permit the VM-Series firewall to inspect your inbound and outbound application traffic.
    1. Plan and design your VPC.
      1. Plan networks, including CIDR Blocks for your VPCs and VSwitches.
        Refer to Create a VPC and Configure Networks for a sample procedure.
      2. Plan your IP addresses. If you need specific addresses or address ranges, refer to the Elastic IP Address User Guide.
      3. Plan security groups.
    2. Evaluate your applications and network configurations and calculate the firewall capacity you need to secure your applications and networks.
    3. Obtain VM-Series firewall licenses.
      Although you do not need a license to install the VM-Series firewall (you can activate a license after the installation), you must choose an appropriate VM-Series model and ECS instance type before deploying the firewall.
      1. Choose a VM-Series model.
        The VM-Series firewall supports up to 8 interfaces, provided the VM-Series model and Alibaba Cloud instance have sufficient resources.You can use the model
        Use the VM-Series model you have chosen to choose one of the Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall.
      2. Choose a VM-Series capacity license that meets your needs.
      3. Purchase a BYOL subscription bundle (if you do not already have one). You receive an auth code for your VM-Series subscription, and you must supply it during the deployment.
    4. Plan how to configure Alibaba accounts and permissions to access the VM-Series firewall. For a start, see the Security FAQ, and learn about Instance RAM Roles.

    Prepare to Use the Aliyun Command Line Interface

    This chapter focuses on the ECS Console, however, everything you do in the ECS Console can be done from the Aliyun command line interface. The CLI is required if you want to use the VM-Series firewall to secure load balancing on Alibaba Cloud.
    Install and configure a recent version of Aliyun, the Alibaba Cloud command line interface.
    1. Create an AccessKey and save the Access Key ID and Secret in a secure place.
    2. Download a supported version of Aliyun from https://github.com/aliyun/aliyun-cli.
    3. Install Aliyun.
    4. Configure Aliyun.
      The configuration prompts you for your Access Key information and other information.
      If your deployment uses a storage bucket, the region must match the region for your bucket.
      aliyun configure 
Configuring profile '' in '' authenticate mode... 
Access Key Id [*************8rq]: *************8rq 
Access Key Secret [***************************tM2]: 
***************************tM2 
Default Region Id [us-west-1]: us-west-1
Default Output Format [json]: json (Only support json))
Default Language [zh|en] en: en 
Saving profile[] ...Done. 
 available regions: 
...

    © 2026 Palo Alto Networks, Inc. All rights reserved.