Deploy the VM-Series Firewall on Alibaba Cloud

Community Team Member

Deploy the Palo Alto Networks VM-Series firewall on Alibaba Cloud to protect internet-facing applications, hybrid-cloud deployments, and provide east-west security for applications requiring strict compliance standards. Learn more about the VM-Series on Alibaba Cloud. Got Questions? Get Answers on Live Community!

 

Alibaba Cloud is a global cloud computing services company. VM-Series on Alibaba Cloud provides customers the same Next Generation Firewall security capability from Palo Alto Networks used to protect their enterprise networks. VM-Series can be deployed to protect internet-facing applications, hybrid-cloud deployments, and provide east-west security for applications requiring strict compliance standards. VM-Series for Alibaba Cloud uses the same exact software we provide for VM-Series on KVM. Only BYOL and VM-Series ELA are supported; hourly PAYG is not available. Customers must obtain the VM-Series software from our customer support portal; it will not be listed in the Alibaba Cloud Marketplace.

 

You can deploy the VM-Series firewall to secure north-south traffic, and east-west traffic for applications deployed across VPCs on Alibaba Cloud.
 
This release supports the bring your own license  (BYOL) and the VM-Series ELA on Alibaba Cloud International Regions and Mainland China. The VM-Series firewall on Alibaba Cloud runs on KVM and supports up to 8 network interfaces when you select an Alibaba Cloud instance with sufficient resources. See Minimum System Requirements for the VM-Series Firewall on Alibaba Cloud.
 

Minimum System Requirements for the VM-Series Firewall on Alibaba Cloud

On Alibaba Cloud, you can deploy the VM-Series firewall on a Linux server with the Kernel Virtualization Module (KVM) hypervisor (see VM-Series Deployments).
 

Prepare to Deploy the VM-Series Firewall on Alibaba Cloud

This task uses the Aliyun CLI to create a VPC and VSwitches for the VM-Series firewall, however, you should plan your network before you start. Evaluate the applications you want to protect, and determine where you will deploy the VM-Series firewall to secure north-south traffic. The firewall must be able to inspect traffic to and from your applications.
 

Deploy the VM-Series Firewall on Alibaba Cloud

The VM-Series firewall assumes a minimum of three interfaces: management, untrust, and trust. When you create an Alibaba Cloud VPC, it is logically isolated. To segment your virtual private network into subnets, create VSwitches, each having its own CIDR block.
 
Because the VM-Series firewall has multiple interfaces, it can inspect traffic on all subnets.
 
  • Typically, external inbound traffic encounters the VM-Series firewall untrust interface.
  • The firewall inspects the inbound traffic and sends it to an application through the trust interface.
  • Return traffic from the application goes to the firewall’s trust interface.
  • The firewall inspects the return traffic and sends it out through the untrust interface.
 
The following tasks demonstrate how to use the console to create the VM-Series firewall infrastructure.
 

 

Get started and get the full details from : Set Up the VM-Series Firewall on Alibaba Cloud

You may also learn more about VM-Series on Alibaba Cloud by downloading the datasheet here: VM-Series on Alibaba Cloud.

 

Aliyun-CLI : aliyun-cli

 

-Kiwi out!

 
 
711 Views
Ask Questions Get Answers Join the Live Community
Labels