Create and
Configure the VM-Series Firewall
Learn how to create a VM-Series instance in Alibaba Cloud,
and create the network interfaces for the VM-Series firewall.
This task uses the ECS console to create a
VM-Series firewall instance with a minimum of three interfaces:
management, untrust, and trust. An ECS instance supports a single
NIC by default, and automatically attaches an Elastic Network Interface
(ENI) to it. To support the VM-Series firewall, you must separately
create the Untrust and Trust Elastic Network Interfaces (ENIs) and
attach them to your instance.
- From the Alibaba Cloud console home page, select, and clickElastic Compute ServiceInstances & ImagesInstancesCreate Instanceon the upper right.
- SelectCustom Launch.
- Basic Configurations.
- Fill in the following values. For example:PropertyValueBilling MethodSubscription.RegionYour choice. You can also select a Zone. The region you select must provide one of the required instance types.Instance TypeOne of the types in Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall. You can use Type-based Selection to search for the instance type.ImageSelectMarketplace Imageand search the Alibaba Marketplace for “VM-Series”. The image combines the OS and the VM-Series firewall.StorageChoose a disk type and specify 60 GB.SnapshotYour choice.DurationYour choice.
- SelectNext: Networking.
- On the Networking page, supply the following values.
- Network (select VPC).
- Choose the VPC you created in Create a VPC and Configure Networks.
- Choose the Management VSwitch.
- Public IP Address.If you do not have a public IP address, enableAssign Public IP addressand the system will allocate one. If you must use a specific IP address, or an address in a specific range, you can request a custom IP address. Refer to the Elastic IP Address User Guide.
- Security Group.Select the Management security group.
- Elastic Network Interface.The Management interface is already attached to eth0.
- SelectNext: System Configurations.
- On the System Configurations page, fill in the following values.
- Logon Credentials: SelectKey Pair.Password authentication is not supported.
- Name the VM-Series firewall instance and supply a Host name.SelectMake any corrections.Previewto view your settings thus far.
- FollowingAdvanced (based or instance RAM roles or cloud-init)clickShow.
- The RAM role is optional.
- In the User Data field, enter basic bootstrap information as key-value pairs separated by newlines. See Enter a Basic Configuration as User Data (Public Clouds). For example, enter the following in theUser Datafield.type=dhcp-client hostname=Ca-FW-DC1 vm-auth-key=7550362253**** panorama-server=10.*.*.20 panorama-server-2=10.*.*.21 tplname=FINANCE_TG4 dgname=finance_dg op-cmd-dpdk-pkt-io=on dhcp-send-hostname=yes dhcp-send-client-id=yes dhcp-accept-server-hostname=yes dhcp-accept-server-domain=yes authcodes=I7115398 vm-series-auto-registration-pin-id=abcdefgh1234**** vm-series-auto-registration-pin-value=zyxwvut-0987****op-command-modes(mgmt-interface-swap and jumbo frame) are not supported for Alibaba Cloud.op-cmd-dpdk-pkt-io=onsupports DPDK. If you want to specify PacketMMAP, specify op-cmd-dpdk-pkt-io=offGrouping is Optional. SelectPreviewto view the configuration before ordering.
- View the terms of service, and selectCreate Orderto create the VM-Series firewall instance.View the purchase order and selectSubscribe.
- From the console home page, chooseand selectElastic Compute ServiceNetworks and SecurityENIsCreate ENIin the top right corner. Create elastic network interfaces for the Untrust and Trust interfaces.
- Create the Untrust ENI.In theActionscolumn, selectBind to Instanceand select the instance you just created.
- Create the Trust ENI and bind it to the instance.
- Allocate Elastic IP (EIP) addresses.Allocate EIP addresses for the VM-Series firewall Management interface and the Untrust network interface. In this example the Trust interface is not exposed to the internet, so you don’t need a third IP address.If you already have two EIPs, go to the next step.
- Associate an EIP with the VM-Series firewall Management interface.
- Associate an EIP with the VM-Series firewall Untrust network interface.The second interface you attach is assigned to network interface 1 on the VM-Series firewall.
- Restart your instance to attach the new network interfaces.On the Instances list, select your instance, selectManage, and selectRestarton the upper right.
- SSH in to the VM-Series firewall with the security key and set the admin password:developer1$ssh -i dev1-vpc1.pem admin@18.***.145.153Welcome admin. admin>configureEntering configuration mode [edit] admin#set mgt-config users admin passwordEnter password:<password>Confirm password:<password>[edit] admin#commit
- Access the VM-Series firewall web interface.Open a web browser and enter the EIP for the management interface.
Recommended For You
Recommended Videos
Recommended videos not found.