: Prepare to Deploy the VM-Series Firewall on Alibaba Cloud
Focus
Focus

Prepare to Deploy the VM-Series Firewall on Alibaba Cloud

Table of Contents

Prepare to Deploy the VM-Series Firewall on Alibaba Cloud

Complete preliminary tasks before creating the VPC and Networks.
This task uses the Aliyun CLI to create a VPC and VSwitches for the VM-Series firewall, however, you should plan your network before you start. Evaluate the applications you want to protect, and determine where you will deploy the VM-Series firewall to secure north-south traffic. The firewall must be able to inspect traffic to and from your applications.

Choose Licenses and Plan Networks

Evaluate the applications you need to protect and create networks that permit the VM-Series firewall to inspect your inbound and outbound application traffic.
  1. Evaluate your applications and network configurations and calculate the firewall capacity you need to secure your applications and networks.
    1. Plan networks, including CIDR Blocks for your VPCs and VSwitches.
  2. Obtain VM-Series firewall licenses.
    Although you do not need a license to install the VM-Series firewall (you can activate a license after the installation), you must choose an appropriate VM-Series model and ECS instance type before deploying the firewall.
    1. Choose a VM-Series model.
      The VM-Series firewall supports up to 8 interfaces, provided the VM-Series model and Alibaba Cloud instance have sufficient resources.
    2. Choose a VM-Series capacity license that meets your needs.
    3. Purchase a BYOL subscription bundle (if you do not already have one). You receive an auth code for your VM-Series subscription.
  3. Plan how to configure Alibaba accounts and permissions. If you do not have an account, see Alibaba Cloud Free Trial: How to Sign Up and Get Started.
  4. Obtain Alibaba Cloud licenses. Use the VM-Series model you have chosen to pick one of the Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall.

Create a Custom Image in the Alibaba Cloud Console

The VM-Series firewall runs on KVM. You must use the VM-Series firewall qcow2 image file to create a custom image for Alibaba Cloud. To do this, upload the VM-Series qcow2 image file to an Object Storage Service bucket and create an Alibaba Cloud custom image.
  1. Obtain the VM-Series firewall qcow2 image file.
    1. Log in to the Palo Alto Networks Customer Support Portal (CSP) and register the VM-Series auth code. Create a Support Account.
    2. On the CSP, select
      Updates
      Software Updates
      and from the
      Filter By
      drop-down menu, choose
      Pan OS for VM-Series KVM Base Image
      and locate the qcow2 file for the current version.
    3. Download the qcow2 file to your local drive. For example,
      PA-VM-KVM-9.1.0.qcow2
      .
  2. Create a bucket for the VM-Series image.
    1. On the Alibaba Cloud Console home page, select Object Storage Service (OSS).
    2. Click
      Create Bucket
      on the right towards the upper right, or choose an existing bucket.
    3. Specify name and region.
      The bucket must be in the same region as the VPC in which you plan to deploy the VM-Series firewall.
    4. Click
      OK
      .
  3. Upload the qcow2 image file to your bucket.
    1. Select your bucket, choose
      Files
      Upload
      , and
      click here to upload
      .
    2. Select the qcow2 image file on your local drive.
  4. Copy the OSS address object (the file URL).
    In your bucket, select the row for the qcow2 image file, and in the
    Action
    column select
    More
    Copy File URL
    , and click
    Copy
    .
  5. Import the VM-Series firewall image into ECS.
    1. On the Alibaba Cloud console home page, select Elastic Compute Service.
    2. Select
      Images
      and click
      Import Image
      on the upper right.
    3. Paste in the OSS object address, fill out the form, and click
      OK
      .
      Your image appears in
      Elastic Compute Services
      Images
      list.

Prepare to Use the Aliyun Command Line Interface

Everything you do in the ECS Console can be done from the Aliyun command line interface. The CLI is required if you want to use the VM-Series firewall to secure load balancing on Alibaba Cloud.
Install and configure a recent version of Aliyun, the Alibaba Cloud command line interface.
  1. Create an AccessKey and save the Access Key ID and Secret in a secure place.
  2. Install Aliyun.
  3. The configuration prompts you for your Access Key information and other information.
    The region must match the region for the bucket that contains the qcow2 file in Create a Custom Image in the Alibaba Cloud Console.
    aliyun configure
    Configuring profile '' in '' authenticate mode... Access Key Id [*************8rq]: *************8rq Access Key Secret [***************************tM2]: ***************************tM2 Default Region Id [us-west-1]: us-west-1 Default Output Format [json]: json (Only support json)) Default Language [zh|en] en: en Saving profile[] ...Done. available regions: ...

Recommended For You