Create Linux Instances in the Alibaba Cloud VPCs
Focus
Focus
Prisma Access

Create Linux Instances in the Alibaba Cloud VPCs

Table of Contents

Create Linux Instances in the Alibaba Cloud VPCs

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Panorama)
After you create the VPCs in Alibaba Cloud, you deploy instances in those VPCs.
  1. Deploy the router instance for Router 2.
    1. In Alibaba Cloud, select Elastic Compute Service (ECS); then, select Instances.
    2. Select Create Instance.
    3. Select Custom, then select the preferred billing method.
      Select the same Region and Zone that you selected for VPC 2.
    4. Select the following parameters:
      • In the Interface Type area, select a vCPU of 2 vCPU and a Memory of 4 GiB.
      • In the Image area, select Linux and 16.04 64bit.
      • In the Storage, leave the System Disk size as Ultra Disk 40 GiB.
    5. Select Networking at the bottom of the page to continue to the Networking area.
    6. Select the following parameters:
      • In the Network area, select VPC, then select the VPC you created and create a new security group for this instance.
      • In the Network Billing Method area, select Assign public IP.
      • In the Security Group area, select Create Security Group and create a security group that allows incoming connections on TCP port 22 and UDP ports 500 and 4500.
      • (Optional) If you require more restrictive rules, create them by adding authorization objects.
    7. Select Next: System Configurations.
    8. Create a new Key Pair or use an existing key pair for SSH access.
    9. Select Preview and review the information for the instance to make sure that it is correct; then, select Create Order.
      A page displays with the new instance.
    10. Test SSH connectivity by opening a CLI session and entering the ssh -i key-file root@instance-ip, where key-file is the file in which you stored the key and instance-ip is the public IP of the instance shown in the previous screenshot as (Internet).
  2. Deploy the VM-series firewall instance for Router 1.
    1. Create three elastic network interfaces (ENIs) in Alibaba cloud.
      • Create an ENI for the Mgmt vSwitch with a public IP address.
      • Create an ENI for the Untrust vSwitch (ethernet1/1 on the firewall) with an elastic IP address.
      • Create an ENI for the Trust vSwitch (ethernet1/2 on the firewall) without a public IP address.
      The following screenshot shows the VM-series network interfaces, with the EIP address you created in a previous step assigned to the Trust interface (Trust-ENI), the Untrust interface (ENI-Untrust), and the management interface.
    When complete, your configuration should look match the configuration that is shown on the following Alibaba Cloud screens:
    • Instance details:
    • Security groups in VPC 1:
  3. Decide which static private IP addresses you want to use for the VM-series instance and make a note of them.
  4. Verify that you can connect to the management interface of the firewall by opening a browser and entering http://public-ip-of-primary-interface, where public-ip-of-primary-interface is the public IP address of the primary interface.