HP TMS zl Module Security Administrator's Guide
4-433
Configuring a VPN on the HP TMS zl Module
Configure Global IPsec Settings
By default, this check box is selected.
5. For Maximum SA per Policy, type the maximum number of SAs that can be
established using each IPsec policy.
The valid range is 2 to 10000. The default is 10000. Each connection to a
remote client requires 2 SAs (one inbound and one outbound).
Note that although you can define up 10000 SAs per policy, only 4800
sessions can be open concurrently. (See “VPNs” on page 4-5 for more
information about the number of IPsec connections supported.)
6. Select the Auto SA Revalidation check box to allow the TMS zl Module to
automatically revalidate SAs when the associated policy is changed or
when the time or bandwidth limit expires.
If you clear the check box, the TMS zl Module does not revalidate the SA
until a packet arrives for that SA (which might slow processing for that
packet). By default, the check box is selected.
7. For Minimum Packet Size for IP Compression, type a packet size in bytes.
When IP compression is enabled for an SA (as specified in the IPsec policy
advanced settings), all packets of this size or larger will be compressed.
The valid range is 91 to 2147483647 bytes. The default is 1500 bytes.
8. Click Next.
9. Review the configuration settings you have selected. If you want to save
the changes as well as apply them, select the Save Configuration check box.
If the TMS zl Module is a master in a cluster and you want to immediately
synchronize the changes, select the Synchronize changes to Participant
check box.Note that this will cause the participant to reboot.
If you need to change any settings, click Back until you reach the appro-
priate window and can select a different setting.
When you are ready to apply the configuration, click Next in the Configu-
ration Preview window.
10. A window is displayed, showing the settings being applied to the TMS zl
Module. When you see that they have been applied successfully, click
Close.