HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

231

232

233

234

235

236

237

238

239

240

4-26

HP ProCurve Network Immunity Manager with HP ProCurve Security Devices

Step 2: Detect Threats

This section guides you through the activities that will enable threat detection on your network.

The threat detection phase of the security management life cycle is shown in Figure 4-1 and

discussed in Chapter 4, “Design,” of the HP ProCurve Threat Management Solution Design

Guide.

Threat detection is the same, whether this is your first time or a subsequent time through the

process. To detect threats on your network, perform the tasks outlined in this section.

Task: Install the TMS zl Module and Select the Operating Mode

The solution outlined in this chapter includes the TMS zl Module, which must be installed in

one of the following chassis:

■ HP ProCurve 5400zl Series switch

■ HP ProCurve 8200zl Series switch

Consult the HP ProCurve Threat Management Services zl Module Installation and Getting

Started Guide for information on how to properly install the module in the switch chassis.

You must then determine which operating mode you want the TMS zl Module to use:

■ Routing mode

■ Monitor mode

In routing mode, the TMS zl Module provides three main security features: a stateful firewall,

an IPS, and VPN capabilities. It routes network traffic and actively controls and filters the traffic

that it routes. Its firewall allows you to separate the network into logical areas of trust and

apply unique access policies to each area.

In monitor mode, the TMS zl Module operates as an intrusion detection system (IDS), which

analyzes traffic mirrored to the module’s data port.

Move to the section in this guide for the operating mode you will use:

■ “Task: Configure the TMS zl Module in Routing Mode” on page 4-26

■ “Task: Configure the TMS zl Module in Monitor Mode” on page 4-57

Task: Configure the TMS zl Module in Routing Mode

This section describes how to configure the TMS zl Module in routing mode and integrate it

with NIM.

Subtask: Plan Zones

To filter traffic between virtual LANs (VLANs), you must associate the VLANs with a zone. The

TMS zl Module provides nine zones for your VLANs.

■ External

■ Internal

■ DMZ

■ Zone1–Zone6

A tenth zone, Self, contains the module’s interfaces. You cannot associate a VLAN with the

Self zone.