Create and
Configure the VM-Series Firewall
Learn how to create a VM-Series instance in Alibaba Cloud,
and create the network interfaces for the firewall.
The VM-Series firewall requires a minimum of
three interfaces: management, untrust, and trust.
This task uses
the ECS console to create a VM-Series firewall instance. An ECS instance
supports a single NIC by default, and automatically attaches an
Elastic Network Interface (ENI) to it. To support the VM-Series
firewall, you must separately create the Untrust and Trust Elastic
Network Interfaces (ENIs) and attach them to your instance.
- Open the ECS console and select .
- On the upper right, selectCreate Instance.
- SelectCustom.
- Basic Configurations.
- Fill in the following values.PropertyValueBilling MethodPay-As-You-GoRegionUS West 1 (Silicon Valley). You can also select a Zone.Instance/Instance Typeecs.sn2ne.xlargeImageSelectCustom Imageand choose the custom image you created in Create a Custom Image in the Alibaba Cloud Console.StorageChoose a disk type and specify 60 GiB.
- SelectNext: Networking.
- On the Networking page, supply the following values.
- Network (VPC).
- Choose the VPC you created in Create a VPC and Configure Networks.
- Choose the Management VSwitch.
- Network Billing Method.Do not assign a public IP address at this time.
- Elastic Network Interface.The Management interface is already attached to eth0.
- SelectNext: System Configurations.
- On the System Configurations page, fill in the following values.
- Log On Credentials: SelectInherit Password from Image.The default user name for the VM-Series firewall is admin and the password is also admin.
- Name the VM-Series firewall instance.
- Select Preview to view your settings thus far.Make any corrections.
- SelectCreate Instanceto create the VM-Series firewall instance.
- From the console home page, choose and clickCreate ENIin the top right corner.Create elastic network interfaces for the Untrust and Trust interfaces.
- Create the Untrust ENI.
- Create the Trust ENI.
- Attach ENIs to the VM-Series firewall Untrust and Trust interfaces.
- Attach the Untrust ENI.
- Attach the Trust ENI.
- Change the default user name and password immediately.Use the VNC console to connect to the management terminal, and log on to the ECS instance, and change the VM-Series firewall default username and password (admin/admin). If you do not know the VNC connection password, you must change the password for the VNC console.Change the VM-Series firewall username and password before you associate IP addresses with any network interface.
- Allocate two Elastic IP (EIP) addresses.Allocate EIP addresses for the VM-Series firewall Management interface and the Untrust network interface. In this example the Trust interface is not exposed to the internet, so you don’t need a third IP address.If you already have two EIPs, go to the next step.
- Associate an EIP with the VM-Series firewall Management interface.
- Associate an EIP with the VM-Series firewall Untrust network interface.The second interface you attach is assigned to network interface 1 on the VM-Series firewall.
- Restart your instance to attach the new network interfaces.On the Instances list, select your instance and clickManage, and clickRestarton the upper right.
- Access the VM-Series firewall web interface.Open a web browser and enter the EIP for the management interface.
