Hillstone Virtual-NGFW Advanced Edition（BYOL）

License to enter the license page. 3. Fill in the required fields under the License Request section. 4. Click Generate, and a series of code appears. 5. Copy and send the code to salesperson or vendor. They will return the license to you soon. Installing License After receiving license, you need to upload the license to make it take effect. To install a license: 1. Select System > License to enter the license page. 2. Under License Request, choose one of the following twomethods: l Upload License File: select this radio button and click Browse, select the license plain text file (.txt) to upload it to the system. l Manual Input: Select this radio button, and copy and paste license code into the text box. 3. ClickOK to save the license. 4. Go to System > Device Management, and click theOption tab. 5. Click Reboot, and select Yes in the prompt. 6. The system will reboot. When it starts again, installed license(s) will take effect. Deploying CloudEdge on Alibaba Cloud Preparation l Create an VPC as follows: l VPC:192.168.0.0/16 l Subnet 0：192.168.1.0/24 l Create a security group, and configure security group rules After CloudEdge is deployed, the network topology is: Licensing CloudEdge 5Installing vFW CloudEdge will be installed with an ECS instance in VPC. Step 1: Purchase vFW Images and Create an ECS Instance 1. Log into the Alibaba Cloud marketplace, enter a keyword such as "Hillstone" in the search box at the upper-right corner. Select the vFW version you need in the search results list. vFW image version includes the following two types: pay-on-demand and BYOL(Buy Your Own License). 2. Browse the detailed information about the product, then click Choose Your Plan to set specification parameter of ECS instance. 3. Click theQuick Buy tab. Licensing CloudEdge 64. Choose image version in VERSION area, the latest version is recommended. 5. Choose the physical location of the ECS instance in REGION area. 6. Choose the ECS instance type you need in ECS INSTANCE TYPE area, the detailed instance specification will displayed on the right. 7. Select VPC network type in NETWORK area. If you don''t have a VPC currently, click Create VPC below. 8. Click Agree Terms and Buy Now to pay for the ECS instance. Wait for a moment, ECS instance can be created successfully. Step 2: View initial configuration of vFW 1. After an ECS instance is created successfully, vFW will start automatically. 2. Select Elastic Compute Service in the left navigation pane, then click Instances item on the left. Instance list will be shown in the right page. 3. ClickMore in Action column of ECS instance which vFW is running in. Then select Reset Password to reset the login password of vFW. Enter a new login password and confirm password, then click Submit. The default login password(hillstone) will be modified so as to enhance the security of the system. 4. ClickMore in Action column of ECS instance which vFW is running in. Then select Connect to Management Terminal to login with console. AlibabaCloud will provide an initial password to login management terminal, make sure keep this password in mind. 5. Enter the initial password in the pop-up dialog box. If you need to modify the password, please clickModify management terminal password. 6. Enter the default username(hillstone) and new login password in CLI. By default, the eth0/0 interface can get the IP address from DHCP server automatically, and the system can get the default route. You can execute the show interface command and show IP route command to view. Licensing CloudEdge 7Step 3: Set default route for VPC 1. In the View Console page of Alibaba Cloud, click Products & Services at the upper-left corner, then select Virtual Priv- ate Cloud. 2. Select VPC in the left navigation pane, then clickManage in Action column of VPC which the vFW belongs to. Licensing CloudEdge 83. Select VRouter in the left navigation pane, then click Add route entry in the upper-right corner of the VRouter info page. 4. Add a default route entry for VPC, then clickOK. l Target CIDR: Specifies the destination IP address to 0.0.0.0/0. l Next Hop Type: Specifies the next hop type to ECS instance. l Next Hop ECS Instance: Specifies the ECS Instance which vFW belongs to. Step 4: Purchase and Apply for License Software This step is only applicable to the BYOL type of products. After you purchased BYOL type product, Hillstone next generation virtualization firewall License is also needed, which ensures vFW run normally in Alibaba Cloud. Please contact the Hillstone customer service representatives to get the license software. To install the license software in vFW, see "Installing License" on Page 5 Step 5: Visit the vFW If you need to visit the vFW from the Internet, the ECS security group should include rules which allow the public network to visit the private network. Licensing CloudEdge 9To Login vFW via SSH2 Note: When you login vFW via SSH2 through SecureCRT or other tools, the 3DES encryption algorithm should be moved to the top. Otherwise, the system will be unable to be connected and the following mes- sage will not be prompted: Invalid packet header. This probably indicates a problem with key exchange or encryption. 1. Open the remote terminal login software. We take SecureCRT as an example. 2. Click File > Quick Connect , then select SSH2 in Protocol drop-down menu. 3. Enter the elastic IP address in Hostname text box and click Connect. 4. Right-click the new session in Session Manager, then select Properties. Licensing CloudEdge 105. In the pop-up dialog, select the Advanced item on the left, then move the 3DES algorithm to the top. 6. ClickOK, and connect this session. 7. Enter username(hillstone) and press the Enter key. 8. Enter password(The new login password). Press the Enter key to log in. To Login vFW via HTTP 1. Open the browser and enter the elastic IP of vFW. 2. Enter the username(hillstone) and password(The new login password) on the login page. 3. Press the Enter key to log in. Licensing CloudEdge 11">