Create a VPC and Configure Networks

Learn how to create a VPC, VSwitches, security groups, and security group rules.
Use the Alibaba Cloud console to create a VPC, VSwitches, security groups, and security group rules.
All VM-Series firewall interfaces must be assigned an IPv4 address when deployed in a public cloud environment. IPv6 addresses are not supported.
  1. Open the VPC console and select your region from the menu. Note, the region you select must provide one of the instance types that Palo Alto Networks supports.
  2. From the Alibaba Cloud Console home page, select
    Products and Services
    Networking
    Virtual Private Cloud
    .
  3. Create a VPC
    .
    In this step you create a VPC and Management, Untrust, and Trust VSwitches. The ECS console creates a VPC and a switch using the same form.
    1. Select
      Create VPC
      .
      Specify the VPC name, an IPv4 CIDR Block, and a description. Refer to Create a VPC.
      Property
      Value
      Name
      Your choice
      IPV4 CIDR Bock
      Your choice. Refer to the CIDR block FAQ.
      Resource Group
      Your Choice.
    2. Select
      Create VSwitch
      .
      • Name the VSwitch
        Management
        .
      • Choose the
        Zone
        , specify an
        IPv4 CIDR Block
        that is a subset of the block you specified for the VPC, and specify a
        Description
        .
      • At the bottom, click
        Add
        to add another vSwitch (do not click
        OK
        until you have added all VSwitches).
    3. Add
      the Untrust VSwitch in the same manner.
    4. Add
      the Trust VSwitch.
    5. Click
      OK
      .
      View the VPC details and make any changes before you click
      Complete
      .
  4. Create security groups and security group rules.
    • From the Alibaba Cloud Console home page, select
      Elastic Compute Service
      Networking & Security
      Security Groups
      .
    • On the upper right, click
      Create Security Group
      .
    1. Create the management security group.
      Refer to Create a security group to fill out the following fields.
      Property
      Value
      Template
      Customize
      Security Group Name
      Management
      Security Group Type
      Basic
      Network Type
      VPC
      VPC
      Select the VPC you created earlier.
      Resource Group
      Your choice
      • Complete the form and click
        OK
        .
        ECS console prompts you to create rules for this security group. This task describes some basic security group rules that allow you to bring up the VM-Series Firewall. You can create more rules to enforce your network security requirements.
    2. Select
      Create Rules Now
      and create rules for HTTPS and SSH.
      Select the Inbound tab, and click
      Add Security Group Rule
      .
      • Create an Inbound rule to allow HTTPS in this security group. For example:
        Property
        Value
        Rule Direction
        Inbound
        Action
        Allow
        Protocol Type
        HTTPS (443)
        Priority
        100
        Authorization Type
        Authorization Object
      • Click Add
        Security Group Rule
        to create an inbound rule to allow SSH on the management interface.
        Property
        Value
        Rule Direction
        Inbound
        Action
        Allow
        Protocol Type
        Customized TCP
        Port Range
        1/65535
        Authorization Type
        Authorization Object
        Click
        OK
        and select
        Back
        to return to the Security Groups page.
    3. Select
      Create Security Group
      and create the Untrust security group.
      When prompted, create a rule for the Untrust security group.
      Property
      Value
      Rule Direction
      Inbound
      Action
      Allow
      Protocol Type
      Custom TCP
      Port Range
      1/65535
      Priority
      100
      Authorization Type
      Authorization Object
      Click
      OK
      and select
      Back
      to return to the Security Groups page.
    4. Create the Trust security group.
      When prompted, click
      Add Security Group Rule
      and duplicate the Untrust rule.

Recommended For You