Set up the Alibaba Cloud Infrastructure
Focus
Focus
Prisma Access

Set up the Alibaba Cloud Infrastructure

Table of Contents

Set up the Alibaba Cloud Infrastructure

Where Can I Use This?
What Do I Need?
  • Prisma Access (Panorama Managed)
To secure branch offices in mainland China with Prisma Access, you create two separate VPCs in Alibaba cloud, create a CEN to connect the two VPCs, then create Linux instances in the Alibaba Cloud VPCs to act as CPE routers as shown in the following workflow.
After you create the VPCs in Alibaba Cloud, use this task to deploy instances in the VPCs you created.
Before you create the VPCs, you must complete the following tasks. These tasks are the same tasks you perform when you configure Alibaba cloud to secure mobile users.
  1. Deploy the router instance for Router 2.
    1. In Alibaba Cloud, select
      Elastic Compute Service (ECS)
      ; then, select
      Instances
      .
    2. Select
      Create Instance
      .
    3. Select
      Custom
      , then select the preferred billing method.
      Select the same
      Region
      and
      Zone
      that you selected for VPC 2.
    4. Select the following parameters:
      • In the
        Interface Type
        area, select a
        vCPU
        of
        2 vCPU
        and a
        Memory
        of
        4 GiB
        .
      • In the
        Image
        area, select
        Linux
        and
        16.04 64bit
        .
      • In the
        Storage
        , leave the
        System Disk
        size as
        Ultra Disk 40 GiB
        .
    5. Select
      Networking
      at the bottom of the page to continue to the
      Networking
      area.
    6. Select the following parameters:
      • In the
        Network
        area, select
        VPC
        , then select the VPC you created and create a new security group for this instance.
      • In the
        Network Billing Method
        area, select
        Assign public IP
        .
      • In the
        Security Group
        area, select
        Create Security Group
        and create a security group that allows incoming connections on TCP port 22 and UDP ports 500 and 4500.
      • (
        Optional
        ) If you require more restrictive rules, create them by adding authorization objects.
    7. Select
      Next: System Configurations
      .
    8. Create a new
      Key Pair
      or use an existing key pair for SSH access.
    9. Select
      Preview
      and review the information for the instance to make sure that it is correct; then, select
      Create Order
      .
      A page displays with the new instance.
    10. Test SSH connectivity by opening a CLI session and entering the
      ssh -i
      key file
      root@
      instance-ip
      , where
      key-file
      is the file in which you stored the key and
      instance-ip
      is the public IP of the instance shown in the previous screenshot as
      (Internet)
      .
  2. Deploy the VM-series firewall instance for Router 1.
    Use the same steps you used in Step 1 for Router 1, substituting the
    Region
    and
    Zone
    that you use for VPC 1 instead of VPC 2.
  3. Decide which static private IP addresses you want to use for the VM-series instance and make a note of them.
  4. Verify that you can connect to the management interface of the firewall by opening a browser and entering
    http://
    public-ip-of-primary-interface
    , where
    public-ip-of-primary-interface
    if the public IP address of the primary interface.

Recommended For You