HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

4-33

HP ProCurve Network Immunity Manager with HP ProCurve Security Devices

Step 2: Detect Threats

b. If the default gateway is not in a management access zone, the TMS zl Module will

block ICMP echo packets between the Self zone and the gateway’s zone until you create

an access policy to allow this traffic.

i. Create an access policy to permit ICMP echo packets between the Self zone and

the gateway’s zone.

hostswitch (tms-module-C:config)# access-policy self <des-

tination zone> permit icmp echo <source address> <destination

address>

Table 4-4 shows the values you can use to replace the options in this command.

Table 4-4. Access-policy Command Options

Parameter Options

source zone • internal

• external

•dmz

• zone1

• zone2

• zone3

• zone4

• zone5

• zone6

• self

destination zone • internal

• external

•dmz

• zone1

• zone2

• zone3

• zone4

• zone5

• zone6

• self

action •permit

•deny

• move <original position> to <new position>

The module checks the policies according to their

priority. Therefore, policies should be ordered from

more precise to more general, so that the module first

checks packets against the more precise policies, and

then it checks more general policies.