Configure Real-Name Registration and Create the VPCs in Alibaba Cloud

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Activation & Onboarding
Administration
Version
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred

Configure Prisma Access for Mobile Users in China

Attach the CEN and Specify the Bandwidth

Configure Real-Name Registration and Create the VPCs in Alibaba Cloud

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Panorama)	Prisma Access license

To onboard mobile users in mainland China, you begin the configuration of Alibaba Cloud, then create and configure two VPC instances for the two termination points of the Prisma Access service connection (a VM-series next-generation router in China and a virtual Linux router outside of China).

Before you begin configuration in Alibaba Cloud, you must complete Real-Name Registration and configure and purchase bandwidth for CEN.

Complete real-name registration in Alibaba Cloud, if you have not done so already.
Organizations with an international Alibaba Cloud account can use a copy of a valid Driver’s license or passport to complete this registration. After you obtain the required documents, select Alibaba Cloud account management to submit required information and documents.
Determine the amount of bandwidth you require between the branch office and service connection to access corporate applications and resources.
You use this information when you create the CEN for the VPCs. You can use both the required bandwidth for the CEN and the cost of the CEN in your determination.
Create the VPC in China (VPC 1) and for the Prisma Access location (VPC 2).
1. Log in to the Alibaba Cloud console.
2. In the Networking area, select Virtual Private Cloud.
3. Select Create VPC.
4. Create a new VPC and vSwitch in the VPC.
  For VPC 1, select a Region that is closest to the branch office in mainland China; the following example uses China (Shenzhen) as the location. For VPC 2, select a region outside China; the examples in this workflow use a region in Japan as VPC 2.
5. Wait for Alibaba Cloud to create the VPC, then select Create VSwitch and add three vSwitches:
  One vSwitch for the management (Mgmt) interface.
  One vSwitch for the Untrust interface.
  One vSwitch for the Trust interface.
  You associate these vSwitches to an Elastic Network Interface (ENI) when you create Linux instances for the VPCs in Alibaba Cloud.
6. Select Create EIP to create an elastic IP.
7. Specify the parameters for the Elastic IP.
  Make a note of the elastic IP address; you use this address when you create a server certificate for the GlobalProtect gateway (you use the IP address as the common name (CN)).
8. Create VPC 2, using the same steps you used to create VPC 1, but specify a Region that is outside mainland China and close to a Prisma Access location.
To configure a second GlobalProtect gateway for redundancy, add another VPC. You add a VM-series firewall to the second VPC you create in a later task.