1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on Alibaba Cloud
    5. Deploy the VM-Series Firewall on Alibaba Cloud
    6. Create and Configure the VM-Series Firewall

    Create and Configure the VM-Series Firewall

    Learn how to create a VM-Series instance in Alibaba Cloud, and create the network interfaces for the VM-Series firewall.
    This task uses the ECS console to create a VM-Series firewall instance with a minimum of three interfaces: management, untrust, and trust. An ECS instance supports a single NIC by default, and automatically attaches an Elastic Network Interface (ENI) to it. To support the VM-Series firewall, you must separately create the Untrust and Trust Elastic Network Interfaces (ENIs) and attach them to your instance.
    1. From the Alibaba Cloud console home page, select
      Elastic Compute Service
      Instances & Images
      Instances
      , and click
      Create Instance
       on the upper right.
    2. Select
      Custom Launch
      .
    3. Basic Configurations.
      1. Fill in the following values. For example:
        Property
        Value
        Billing Method
        Subscription.
        Region
        Your choice. You can also select a Zone. The region you select must provide one of the required instance types.
        Instance Type
        One of the types in Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall. You can use Type-based Selection to search for the instance type.
        Image
        Select
        Marketplace Image
         and search the Alibaba Marketplace for “VM-Series”. The image combines the OS and the VM-Series firewall.
        Storage
        Choose a disk type and specify 60 GB.
        Snapshot
        Your choice.
        Duration
        Your choice.
      2. Select
        Next: Networking
        .
    4. On the Networking page, supply the following values.
      1. Network (select VPC).
      2. Public IP Address.
        If you do not have a public IP address, enable
        Assign Public IP address
         and the system will allocate one. If you must use a specific IP address, or an address in a specific range, you can request a custom IP address. Refer to the Elastic IP Address User Guide.
      3. Security Group.
        Select the Management security group.
      4. Elastic Network Interface.
        The Management interface is already attached to eth0.
      5. Select
        Next: System Configurations
        .
    5. On the System Configurations page, fill in the following values.
      1. Logon Credentials: Select
        Key Pair
        .
        Password authentication is not supported.
      2. Name the VM-Series firewall instance and supply a Host name.
        Make any corrections.
        Select
        Preview
         to view your settings thus far.
      3. Following
        Advanced (based or instance RAM roles or cloud-init)
         click
        Show
        .
        • The RAM role is optional.
        • In the User Data field, enter basic bootstrap information as key-value pairs separated by newlines. See Enter a Basic Configuration as User Data (Public Clouds). For example, enter the following in the
          User Data
           field.
          type=dhcp-client
hostname=Ca-FW-DC1
vm-auth-key=7550362253****
panorama-server=10.*.*.20
panorama-server-2=10.*.*.21
tplname=FINANCE_TG4
dgname=finance_dg
op-cmd-dpdk-pkt-io=on
dhcp-send-hostname=yes
dhcp-send-client-id=yes
dhcp-accept-server-hostname=yes
dhcp-accept-server-domain=yes
authcodes=I7115398
vm-series-auto-registration-pin-id=abcdefgh1234****
vm-series-auto-registration-pin-value=zyxwvut-0987****
          op-command-modes
           (mgmt-interface-swap and jumbo frame) are not supported for Alibaba Cloud.
          op-cmd-dpdk-pkt-io=on
           supports DPDK. If you want to specify PacketMMAP, specify op-cmd-dpdk-pkt-io=off
          Grouping is Optional. Select
          Preview
           to view the configuration before ordering.
    6. View the terms of service, and select
      Create Order
       to create the VM-Series firewall instance.
      View the purchase order and select
      Subscribe
      .
    7. From the console home page, choose
      Elastic Compute Service
      Networks and Security
      ENIs
       and select
      Create ENI
       in the top right corner. Create elastic network interfaces for the Untrust and Trust interfaces.
      1. Create the Untrust ENI.
        In the
        Actions
         column, select
        Bind to Instance
         and select the instance you just created.
      2. Create the Trust ENI and bind it to the instance.
    8. Allocate Elastic IP (EIP) addresses.
      Allocate EIP addresses for the VM-Series firewall Management interface and the Untrust network interface. In this example the Trust interface is not exposed to the internet, so you don’t need a third IP address.
      If you already have two EIPs, go to the next step.
      1. Associate an EIP with the VM-Series firewall Management interface.
      2. Associate an EIP with the VM-Series firewall Untrust network interface.
        The second interface you attach is assigned to network interface 1 on the VM-Series firewall.
    9. Restart your instance to attach the new network interfaces.
      On the Instances list, select your instance, select
      Manage
      , and select
      Restart
       on the upper right.
    10. SSH in to the VM-Series firewall with the security key and set the admin password:
      developer1$ 
      ssh -i dev1-vpc1.pem admin@18.***.145.153
      
Welcome admin.

admin> 
      configure
      
Entering configuration mode
[edit]
admin# 
      set mgt-config users admin password
      
Enter password:
      <password>
      
Confirm password:
      <password>
      
[edit]
admin# 
      commit
    11. Access the VM-Series firewall web interface.
      Open a web browser and enter the EIP for the management interface.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo