Deploy the VM-Series Firewall on Alibaba Cloud
Complete preliminary tasks before creating the VPC and Networks.
This task uses the Aliyun CLI to create a VPC and VSwitches for the VM-Series firewall, however, you should plan your network before you start. Evaluate the applications you want to protect, and determine where you will deploy the VM-Series firewall to secure north-south traffic. The firewall must be able to inspect traffic to and from your applications.
Choose Licenses and Plan Networks
Evaluate the applications you need to protect and create networks that permit the VM-Series firewall to inspect your inbound and outbound application traffic.
- Evaluate your applications and network configurations and calculate the firewall capacity you need to secure your applications and networks.
- Obtain VM-Series firewall licenses.
- Choose a VM-Series model.The VM-Series firewall supports up to 8 interfaces, provided the VM-Series model and Alibaba Cloud instance have sufficient resources.
- Choose a VM-Series capacity license that meets your needs.
- Purchase a BYOL subscription bundle (if you do not already have one). You receive an auth code for your VM-Series subscription.
- Plan how to configure Alibaba accounts and permissions. If you do not have an account, see Alibaba Cloud Free Trial: How to Sign Up and Get Started.
- Obtain Alibaba Cloud licenses. Use the VM-Series model you have chosen to pick one of the Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall.
Create a Custom
Image in the Alibaba Cloud Console
- Obtain the VM-Series firewall qcow2 image file.
- On the CSP, selectand from theUpdatesSoftware UpdatesFilter Bydrop-down menu, choosePan OS for VM-Series KVM Base Imageand locate the qcow2 file for the current version.
- Download the qcow2 file to your local drive. For example,PA-VM-KVM-9.1.0.qcow2.
- Create a bucket for the VM-Series image.
- On the Alibaba Cloud Console home page, select Object Storage Service (OSS).
- ClickCreate Bucketon the right towards the upper right, or choose an existing bucket.
- Specify name and region.The bucket must be in the same region as the VPC in which you plan to deploy the VM-Series firewall.
- Upload the qcow2 image file to your bucket.
- Select your bucket, choose, andFilesUploadclick here to upload.
- Select the qcow2 image file on your local drive.
- Copy the OSS address object (the file URL).In your bucket, select the row for the qcow2 image file, and in theActioncolumn select, and clickMoreCopy File URLCopy.
- Import the VM-Series firewall image into ECS.
- On the Alibaba Cloud console home page, select Elastic Compute Service.
- SelectImagesand clickImport Imageon the upper right.
- Paste in the OSS object address, fill out the form, and clickOK.Your image appears inlist.Elastic Compute ServicesImages
Prepare to Use the Aliyun Command Line Interface
Everything you do in the ECS Console can be done from the Aliyun command line interface. The CLI is required if you want to use the VM-Series firewall to secure load balancing on Alibaba Cloud.
Install and configure a recent version of Aliyun, the Alibaba Cloud command line interface.
- Install Aliyun.
- The configuration prompts you for your Access Key information and other information.The region must match the region for the bucket that contains the qcow2 file in Create a Custom Image in the Alibaba Cloud Console.aliyun configureConfiguring profile '' in '' authenticate mode... Access Key Id [*************8rq]: *************8rq Access Key Secret [***************************tM2]: ***************************tM2 Default Region Id [us-west-1]: us-west-1 Default Output Format [json]: json (Only support json)) Default Language [zh|en] en: en Saving profile ...Done. available regions: ...
Recommended For You
Recommended videos not found.