: Prepare to Deploy the VM-Series Firewall on Alibaba Cloud
Focus
Focus

Prepare to Deploy the VM-Series Firewall on Alibaba Cloud

Table of Contents
End-of-Life (EoL)

Prepare to Deploy the VM-Series Firewall on Alibaba Cloud

Complete preliminary tasks before creating the Alibaba VPC and Networks.
This task uses the Aliyun CLI to create a VPC and VSwitches for the VM-Series firewall, however, you should plan your network before you start. Evaluate the applications you want to protect, and determine where you will deploy the VM-Series firewall to inspect and secure north-south traffic.

Choose Licenses and Plan Networks

Evaluate the applications you need to protect and create networks that permit the VM-Series firewall to inspect your inbound and outbound application traffic.
  1. Plan and design your VPC.
    1. Plan networks, including CIDR Blocks for your VPCs and VSwitches.
      Refer to Create a VPC and Configure Networks for a sample procedure.
    2. Plan your IP addresses. If you need specific addresses or address ranges, refer to the Elastic IP Address User Guide.
    3. Plan security groups.
  2. Evaluate your applications and network configurations and calculate the firewall capacity you need to secure your applications and networks.
  3. Obtain VM-Series firewall licenses.
    Although you do not need a license to install the VM-Series firewall (you can activate a license after the installation), you must choose an appropriate VM-Series model and ECS instance type before deploying the firewall.
    1. Choose a VM-Series model.
      The VM-Series firewall supports up to 8 interfaces, provided the VM-Series model and Alibaba Cloud instance have sufficient resources.You can use the model
      Use the VM-Series model you have chosen to choose one of the Alibaba Cloud Instance Type Recommendations for the VM-Series Firewall.
    2. Choose a VM-Series capacity license that meets your needs.
    3. Purchase a BYOL subscription bundle (if you do not already have one). You receive an auth code for your VM-Series subscription, and you must supply it during the deployment.
  4. Plan how to configure Alibaba accounts and permissions to access the VM-Series firewall. For a start, see the Security FAQ, and learn about Instance RAM Roles.

Prepare to Use the Aliyun Command Line Interface

This chapter focuses on the ECS Console, however, everything you do in the ECS Console can be done from the Aliyun command line interface. The CLI is required if you want to use the VM-Series firewall to secure load balancing on Alibaba Cloud.
Install and configure a recent version of Aliyun, the Alibaba Cloud command line interface.
  1. Create an AccessKey and save the Access Key ID and Secret in a secure place.
  2. Download a supported version of Aliyun from https://github.com/aliyun/aliyun-cli.
  3. Install Aliyun.
  4. Configure Aliyun.
    The configuration prompts you for your Access Key information and other information.
    If your deployment uses a storage bucket, the region must match the region for your bucket.
    aliyun configure 
    Configuring profile '' in '' authenticate mode... 
    Access Key Id [*************8rq]: *************8rq 
    Access Key Secret [***************************tM2]: 
    ***************************tM2 
    Default Region Id [us-west-1]: us-west-1
    Default Output Format [json]: json (Only support json))
    Default Language [zh|en] en: en 
    Saving profile[] ...Done. 
     available regions: 
    ...