Create and Configure the VM-Series Firewall

Learn how to create a VM-Series instance in Alibaba Cloud, and create the network interfaces for the firewall.
The VM-Series firewall requires a minimum of three interfaces: management, untrust, and trust.
This task uses the ECS console to create a VM-Series firewall instance. An ECS instance supports a single NIC by default, and automatically attaches an Elastic Network Interface (ENI) to it. To support the VM-Series firewall, you must separately create the Untrust and Trust Elastic Network Interfaces (ENIs) and attach them to your instance.
  1. Open the ECS console and select Instances.
  2. On the upper right, select Create Instance.
  3. Select Custom.
  4. Basic Configurations.
    1. Fill in the following values.
      Billing MethodPay-As-You-Go
      RegionUS West 1 (Silicon Valley). You can also select a Zone.
      Instance/Instance Typeecs.sn2ne.xlarge
      ImageSelect Custom Image and choose the custom image you created in Create a Custom Image in the Alibaba Cloud Console.
      StorageChoose a disk type and specify 60 GiB.
    2. Select Next: Networking.
  5. On the Networking page, supply the following values.
    1. Network (VPC).
    2. Network Billing Method.
      Do not assign a public IP address at this time.
    3. Elastic Network Interface.
      The Management interface is already attached to eth0.
    4. Select Next: System Configurations.
  6. On the System Configurations page, fill in the following values.
    1. Log On Credentials: Select Inherit Password from Image.
      The default user name for the VM-Series firewall is admin and the password is also admin.
    2. Name the VM-Series firewall instance.
  7. Select Preview to view your settings thus far.
    Make any corrections.
  8. Select Create Instance to create the VM-Series firewall instance.
  9. From the console home page, choose Elastic Compute ServiceNetworks and SecurityENI and click Create ENI in the top right corner.Create elastic network interfaces for the Untrust and Trust interfaces.
    1. Create the Untrust ENI.
    2. Create the Trust ENI.
  10. Attach ENIs to the VM-Series firewall Untrust and Trust interfaces.
    1. Attach the Untrust ENI.
    2. Attach the Trust ENI.
  11. Change the default user name and password immediately.
    Use the VNC console to connect to the management terminal, and log on to the ECS instance, and change the VM-Series firewall default username and password (admin/admin). If you do not know the VNC connection password, you must change the password for the VNC console.
    Change the VM-Series firewall username and password before you associate IP addresses with any network interface.
  12. Allocate two Elastic IP (EIP) addresses.
    Allocate EIP addresses for the VM-Series firewall Management interface and the Untrust network interface. In this example the Trust interface is not exposed to the internet, so you don’t need a third IP address.
    If you already have two EIPs, go to the next step.
  13. Associate an EIP with the VM-Series firewall Management interface.
  14. Associate an EIP with the VM-Series firewall Untrust network interface.
    The second interface you attach is assigned to network interface 1 on the VM-Series firewall.
  15. Restart your instance to attach the new network interfaces.
    On the Instances list, select your instance and click Manage, and click Restart on the upper right.
  16. Access the VM-Series firewall web interface.
    Open a web browser and enter the EIP for the management interface.

Related Documentation