To onboard mobile users in mainland China, you begin the configuration
of Alibaba Cloud, then create and configure two VPC instances for the two
termination points of the Prisma Access service connection (a VM-series
next-generation router in China and a virtual Linux router outside of China).
Before you begin configuration in Alibaba
Cloud, you must complete Real-Name Registration and configure and
purchase bandwidth for CEN.
Organizations with an international Alibaba Cloud account
can use a copy of a valid Driver’s license or passport to complete
this registration. After you obtain the required documents, select
Alibaba Cloud account management to submit required information
and documents.
Determine the amount of bandwidth you require between
the branch office and service connection to access corporate applications
and resources.
You use this information when you create the CEN for the
VPCs. You can use both the required bandwidth for the CEN and the
cost of the CEN in your determination.
Create the VPC in China (VPC 1) and for the Prisma Access
location (VPC 2).
Log in to the Alibaba Cloud console.
In the
Networking
area, select
Virtual
Private Cloud.
Select
Create VPC
.
Create a new VPC and vSwitch in the VPC.
For VPC 1, select a
Region
that
is closest to the branch office in mainland China; the following
example uses
China (Shenzhen)
as the location. For
VPC 2, select a region outside China; the examples in this workflow
use a region in Japan as VPC 2.
Wait for Alibaba Cloud to create the VPC, then select
Create VSwitch
and
add three vSwitches:
One vSwitch for the management (
Mgmt
)
interface.
One vSwitch for the
Untrust
interface.
One vSwitch for the
Trust
interface.
You associate these vSwitches to an Elastic Network Interface (ENI) when you create Linux
instances for the VPCs in Alibaba Cloud.
Select
Create EIP
to create
an elastic IP.
Specify the parameters for the Elastic IP.
Make a note of the elastic IP address; you use this address
when you create a server certificate for the GlobalProtect gateway
(you use the IP address as the common name (CN)).
Create VPC 2, using the same steps you used to create
VPC 1, but specify a
To configure a second GlobalProtect gateway for redundancy,
add another VPC. You add a VM-series firewall to the second VPC
you create in a later task.