HP ProCurve Threat Management Solution Design Guide 2009-04

2-23

Concepts

Deployment Options

Figure 2-16. NIM with the TMS zl Module Operating in Routing Mode and Providing Perimeter

Protection

Although you can use the TMS zl Module for perimeter protection, its main function is to

provide internal protection. This is the deployment option that will typically be used in a

Threat Management Solution. When deployed in this way, the TMS zl Module can protect

your internal network from threats such as authorized users who inadvertently launch

attacks or try to use the network in unauthorized ways.

Because the TMS zl Module must route the traffic that you want it to filter and control, you

must set up your network infrastructure so that the TMS zl Module acts as the default

router for all related VLANs. In Figure 2-17, the TMS zl Module is routing traffic from the

data center, the employee cubicles, visitor lobby, and conference rooms.

Traffic in the example network is routed to the TMS zl Module, which filters the traffic

using its firewall and IPS. The TMS zl Module’s firewall will, by default, detect and block

certain attacks. The IPS will also filter traffic using protocol anomaly detection and

signature-based detection, and it can take action on threats, based on their severity level.

Internet NIM

Data

Center

HP ProCurve 5406zl Switch

with TMS zl Module

Employee

Cubicles

Visitor Lobby

Conference Rooms

SNMP Traps

to NIM

TMS zl Module

Routes Traffic

Between Internal

Network and Internet

Routing Switch Routes

Traffic on Internal Network