Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
3-8
Products
HP ProCurve Threat Management Services zl Module
HP ProCurve Threat Management Services zl
Module
Installed in either an HP ProCurve 8200zl Series or 5400zl Series switch, the TMS zl Module
can operate in one of two modes—routing mode or monitor mode—and its operating mode
determines the functionality it provides.
In routing mode the TMS zl Module provides a stateful firewall, IPS, and virtual private network
(VPN) capabilities. It routes network traffic and actively controls and secures the traffic that
it routes. Its firewall allows you to separate the network into logical areas of trust and apply
unique access policies to each area.
The IPS uses signatures and protocol anomaly detection to identify threats and allows you to
configure actions based on the threat severity level. It can take the following actions: allow
traffic, terminate a session, or block traffic. You can also configure it to generate a log message.
The following features support the three main threat management functions:
User authentication
Network Address Translation (NAT)
Routing
High availability (HA)
Logging
With the exception of user authentication, these functions are self-explanatory. User authen-
tication allows you to set up special access policies for different groups of users.
When operating in monitor mode, the TMS zl Module analyzes traffic that is mirrored to its
internal port. The module can use its IDS/IPS signatures to screen the traffic for threats.
However, the module acts only as an IDS—that is, it detects the threats but does nothing on
its own to mitigate them. It does, however, log the threats to its internal log. It can also notify
an administrator with an email or send a trap to a SNMP server, such as PCM+/NIM, or to a
syslog server.