HP ProCurve Threat Management Solution Implementation Guide 2009-05
4-57
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 2: Detect Threats
Task: Configure the TMS zl Module in Monitor Mode
Rather than have the TMS zl Module route and filter traffic (using its firewall and IPS), you
might want to have the module function as an IDS and check the suspicious traffic that is
mirrored to its internal data port (port 1). You can set up local or remote mirroring for critical
areas that you want the TMS zl Module to monitor, or you can configure port mirroring or MAC
mirroring as an action that is triggered when suspicious traffic is detected. In the latter scenario,
the TMS zl Module provides what is essentially a second opinion, confirming that there is a
threat or ruling out the possibility of an attack.
If you want the TMS zl Module to function as an IDS, you must configure it to operate in
monitor mode.
Subtask: Access the TMS zl Module’s CLI
To begin the initial setup, you must first access the TMS zl Module through the host switch’s
CLI, using one of the following access methods:
■ Serial session
■ Telnet session
■ SSH session
To establish a serial connection with the switch, use the serial cable that was shipped with the
switch to connect a workstation to the switch. Then, run terminal session software such as
Tera Term or HyperTerminal on your workstation, and set the following parameters for the
session:
If you are prompted for a password when you access the host switch’s CLI, enter the password
for the manager user.
The TMS zl Module is designed to run multiple products on the same module, and each product
that is running on the module is assigned an index number at boot time. At the switch prompt,
type the following command to see the indices and chassis slots:
Hostswitch# show services
The output shows that a TMS zl Module is installed in slot C and E.
The top entry shows that the Services OS is running as a daemon on the TMS zl Module; the
index number can be used to access that functionality. The second entry, Threat Management
Services zl Module, shows that the TMS OS is installed and running on the module.
Note Before completing the steps outlined in this chapter, you should activate the TMS zl Module
and register the IDS/IPS Signature Subscription (if you have purchased the IDS/IPS Signature
Subscription). Consult the HP ProCurve Threat Management Services zl Module Management
and Configuration Guide for instructions on how to do both.
• Baud rate = 9600 • Stop bits = 1
• Parity = None • Flow control = None
• Data bits = 8
Installed Services
Slot Index Description Name
C,E 1. Services zl Module services-module
C,E 2. Threat Management Services zl Module tms-module