Create and Configure the VM-Series Firewall

Learn how to create a VM-Series instance in Alibaba Cloud, and create the network interfaces for the firewall.
The VM-Series firewall requires a minimum of three interfaces: management, untrust, and trust.
This task uses the ECS console to create a VM-Series firewall instance. An ECS instance supports a single NIC by default, and automatically attaches an Elastic Network Interface (ENI) to it. To support the VM-Series firewall, you must separately create the Untrust and Trust Elastic Network Interfaces (ENIs) and attach them to your instance.
  1. Open the ECS console and select
    Instances
    .
  2. On the upper right, select
    Create Instance
    .
  3. Select
    Custom
    .
    ali_instance_custom.png
  4. Basic Configurations.
    1. Fill in the following values.
      Property
      Value
      Billing Method
      Pay-As-You-Go
      Region
      US West 1 (Silicon Valley). You can also select a Zone.
      Instance/Instance Type
      ecs.sn2ne.xlarge
      Image
      Select
      Custom Image
      and choose the custom image you created in Create a Custom Image in the Alibaba Cloud Console.
      Storage
      Choose a disk type and specify 60 GiB.
    2. Select
      Next: Networking
      .
  5. On the Networking page, supply the following values.
    1. Network (VPC).
    2. Network Billing Method.
      Do not assign a public IP address at this time.
    3. Elastic Network Interface.
      The Management interface is already attached to eth0.
    4. Select
      Next: System Configurations
      .
  6. On the System Configurations page, fill in the following values.
    1. Log On Credentials: Select
      Inherit Password from Image
      .
      The default user name for the VM-Series firewall is admin and the password is also admin.
    2. Name the VM-Series firewall instance.
  7. Select Preview to view your settings thus far.
    Make any corrections.
  8. Select
    Create Instance
    to create the VM-Series firewall instance.
  9. From the console home page, choose
    Elastic Compute Service
    Networks and Security
    ENI
    and click
    Create ENI
    in the top right corner.Create elastic network interfaces for the Untrust and Trust interfaces.
    1. Create the Untrust ENI.
    2. Create the Trust ENI.
  10. Attach ENIs to the VM-Series firewall Untrust and Trust interfaces.
    1. Attach the Untrust ENI.
    2. Attach the Trust ENI.
  11. Change the default user name and password immediately.
    Use the VNC console to connect to the management terminal, and log on to the ECS instance, and change the VM-Series firewall default username and password (admin/admin). If you do not know the VNC connection password, you must change the password for the VNC console.
    Change the VM-Series firewall username and password before you associate IP addresses with any network interface.
  12. Allocate two Elastic IP (EIP) addresses.
    Allocate EIP addresses for the VM-Series firewall Management interface and the Untrust network interface. In this example the Trust interface is not exposed to the internet, so you don’t need a third IP address.
    If you already have two EIPs, go to the next step.
  13. Associate an EIP with the VM-Series firewall Management interface.
  14. Associate an EIP with the VM-Series firewall Untrust network interface.
    The second interface you attach is assigned to network interface 1 on the VM-Series firewall.
  15. Restart your instance to attach the new network interfaces.
    On the Instances list, select your instance and click
    Manage
    , and click
    Restart
    on the upper right.
  16. Access the VM-Series firewall web interface.
    Open a web browser and enter the EIP for the management interface.

Recommended For You