on 03-14-201910:37 AM - last edited on 03-27-201902:51 PM by ploera
Deploy the Palo Alto Networks VM-Series firewall on Alibaba Cloud to protect internet-facing applications, hybrid-cloud deployments, and provide east-west security for applications requiring strict compliance standards. Learn more about the VM-Series on Alibaba Cloud. Got Questions? Get Answers on Live Community!
Alibaba Cloud is a global cloud computing services company. VM-Series on Alibaba Cloud provides customers the same Next Generation Firewall security capability from Palo Alto Networks used to protect their enterprise networks. VM-Series can be deployed to protect internet-facing applications, hybrid-cloud deployments, and provide east-west security for applications requiring strict compliance standards. VM-Series for Alibaba Cloud uses the same exact software we provide for VM-Series on KVM. Only BYOL and VM-Series ELA are supported; hourly PAYG is not available. Customers must obtain the VM-Series software from our customer support portal; it will not be listed in the Alibaba Cloud Marketplace.
You can deploy the VM-Series firewall to secure north-south traffic, and east-west traffic for applications deployed across VPCs on Alibaba Cloud.
Prepare to Deploy the VM-Series Firewall on Alibaba Cloud
This task uses the Aliyun CLI to create a VPC and VSwitches for the VM-Series firewall, however, you should plan your network before you start. Evaluate the applications you want to protect, and determine where you will deploy the VM-Series firewall to secure north-south traffic. The firewall must be able to inspect traffic to and from your applications.
The VM-Series firewall assumes a minimum of three interfaces: management, untrust, and trust. When you create an Alibaba Cloud VPC, it is logically isolated. To segment your virtual private network into subnets, create VSwitches, each having its own CIDR block.
Because the VM-Series firewall has multiple interfaces, it can inspect traffic on all subnets.
Typically, external inbound traffic encounters the VM-Series firewall untrust interface.
The firewall inspects the inbound traffic and sends it to an application through the trust interface.
Return traffic from the application goes to the firewall’s trust interface.
The firewall inspects the return traffic and sends it out through the untrust interface.
The following tasks demonstrate how to use the console to create the VM-Series firewall infrastructure.