VM-Series Deployment Guide
    : Deploying the VM-Series Firewall on Tencent Cloud
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set up the VM-Series Firewall on Tencent Cloud China
    5. Deploying the VM-Series Firewall on Tencent Cloud
    Download PDF

    VM-Series Deployment Guide

    Deploying the VM-Series Firewall on Tencent Cloud

    Table of Contents

    Deploying the VM-Series Firewall on Tencent Cloud

    This is the procedure to deploy the VM-Series firewall on Tencent Cloud web console.
    Following are the steps to deploy the VM-Series firewall on the Tencent cloud:
    1. Begin with creating a VPC and Subnets on Tencent Cloud. Perform the following steps:
      By default, the Tencent cloud webpage is in Chinese language. Translate the webpage to English, and then proceed with the deployment procedure.
      1. Go to the Tencent console and click Log In.
      2. Click Sub-user.
      3. Enter your Sub-User login credentials.
      4. Click Login.
      5. Click Console.
      6. Go to Private Networks > New.
      7. In the Private Network > Information section, enter the VPC name and CIDR details.
      8. In the Initial Subnet Information section, enter the subnet name and IP address details.
      9. Click Save.
      To create Subnets, perform the following steps:
      1. In the Private Network menu, click subnets.
      2. Click New.
      3. Select your VPC.
      4. Enter the subnet Name and Availability zone.
      5. Click Save.
      You must create at least 3 subnets namely management, untrust, and trust subnets for your VPC.
    2. Upload the PA-VM qcow2 image file on the Tencent Cloud.
      You must have Panorama version 10.2.1 or above.
      1. In your Tencent console, click Object Storage.
      2. Go to Bucket List > Upload Files > Select Files.
      3. Select the image file from your local machine, and then click Upload.
    3. Import the image file on the cloud server.
      1. Go to the Cloud server > Mirror > Import an image.
      2. Select the I have made the above preparations checkbox.
      3. Click Next Step.
      4. Enter the Region.
      5. Enter the Name and Image file URL.
        To copy the temporary link to the image file:
        • Go to your image file, click Details.
        • Copy the temporary link shown on the screen.
      6. Select Other Linux as the Operating System option.
      7. Select 64-bit for System Structure.
      8. Select the Enable Forced Import checkbox.
      9. Click Next Step.
      10. Click Sure.
    4. Create a VM-Series firewall instance.
      1. Go to your VM-Series image file and click Create Instance.
      2. Click Sure.
      3. In the Basic Configuration section, select your Billing Model and Region.
      4. Select your instance, and click Next Step.
      5. In the Network and Bandwidth section, select your VPC and subnet.
      6. (Optional) Select the Manually assigning IP address checkbox to manually allocate the IP address out of the subnet.
      7. Select Assign the Independent IP checkbox to obtain a public interface for your firewall.
      8. Select your Security Group.
      9. Enter the Instance Name.
      10. Click Associate the Key and select your key option.
        You can either create a new key or import an existing public key.
      11. Click Save.
      12. Click Next.
      13. Select the Terms and conditions checkbox.
      14. Click Activate.
      The VM-Series firewall now gets deployed. Go to Cloud Server > Examples to see the list of VM-Series firewall instances deployed.
    5. Create Elastic Network Interfaces for your VM-Series Firewall.
      1. In the Tencent console, go to Cloud Server > Examples.
      2. Select your VM-Instance.
      3. Click the Elastic Network Interface tab.
      4. Click Bind an ENI.
        Note: By default, a VM-Series instance deployed will have one management interface.
      5. Click Create a New Elastic Network Card.
      6. Enter the name and subnet for your ENI.
      7. Click Save.
      • Ensure that you create an elastic card each for an untrust and trust interface.
      • Ensure that you bind an EIP for your untrust interface. Go to your untrust interface, go to IPV4 address management tab, click Bind an ENIP, and then Create a new one.
      • Ensure that you bind an EIP on your untrust interface.
        • Go to your untrust interface, and then click IPV4 Address Management tab.
        • Click Binding.
        • Click Create a New one and then create a new EIP and bind it to the untrust interface.
    6. Configure the VM-Series firewall.
      1. Log in to your VM-Series firewall web interface.
      2. License the VM-Series Firewall.
      3. Go to Networks > Zones.
      4. Click Add and create a trust zone.
        Repeat the above step to create an untrust zone.
      5. Go to Networks > Interfaces and configure the Layer 3 interfaces for ethernet 1/1 and ethernet 1/2.
      6. Commit your changes.
        Verify that the firewall is passing traffic. Select Monitor > Session Browser and verify that you are seeing new sessions.

    © 2024 Palo Alto Networks, Inc. All rights reserved.