Prisma Access
Create Linux Instances in the Alibaba Cloud VPCs
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Create Linux Instances in the Alibaba Cloud VPCs
Where Can I Use This? | What Do I Need? |
---|---|
|
|
After you create the VPCs in Alibaba Cloud,
you deploy instances in those VPCs.
- Deploy the router instance for Router 2.
- In Alibaba Cloud, select Elastic Compute Service (ECS); then, select Instances.Select Create Instance.Select Custom, then select the preferred billing method.Select the same Region and Zone that you selected for VPC 2.Select the following parameters:
- In the Interface Type area, select a vCPU of 2 vCPU and a Memory of 4 GiB.
- In the Image area, select Linux and 16.04 64bit.
- In the Storage, leave the System Disk size as Ultra Disk 40 GiB.
Select Networking at the bottom of the page to continue to the Networking area.Select the following parameters:- In the Network area, select VPC, then select the VPC you created and create a new security group for this instance.
- In the Network Billing Method area, select Assign public IP.
- In the Security Group area, select Create Security Group and create a security group that allows incoming connections on TCP port 22 and UDP ports 500 and 4500.
- (Optional) If you require more restrictive rules, create them by adding authorization objects.
Select Next: System Configurations.Create a new Key Pair or use an existing key pair for SSH access.Select Preview and review the information for the instance to make sure that it is correct; then, select Create Order.A page displays with the new instance.Test SSH connectivity by opening a CLI session and entering the ssh -i key-file root@instance-ip, where key-file is the file in which you stored the key and instance-ip is the public IP of the instance shown in the previous screenshot as (Internet).Deploy the VM-series firewall instance for Router 1.- Set up a VM-Series firewall on Alibaba Cloud.Create three elastic network interfaces (ENIs) in Alibaba cloud.
- Create an ENI for the Mgmt vSwitch with a public IP address.
- Create an ENI for the Untrust vSwitch (ethernet1/1 on the firewall) with an elastic IP address.
- Create an ENI for the Trust vSwitch (ethernet1/2 on the firewall) without a public IP address.
The following screenshot shows the VM-series network interfaces, with the EIP address you created in a previous step assigned to the Trust interface (Trust-ENI), the Untrust interface (ENI-Untrust), and the management interface.Create and configure the VM-series firewall.When complete, your configuration should look match the configuration that is shown on the following Alibaba Cloud screens:- Instance details:
- Security groups in VPC 1:
Decide which static private IP addresses you want to use for the VM-series instance and make a note of them.Verify that you can connect to the management interface of the firewall by opening a browser and entering http://public-ip-of-primary-interface, where public-ip-of-primary-interface is the public IP address of the primary interface.