Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
181182183184185186187188189190
3-3
Initial Setup in Monitor Mode
Overview
Overview
This chapter provides instructions for setting up the TMS zl Module if you are
using monitor mode. In monitor mode, the TMS zl Module provides the
intrusion detection system (IDS) feature, which includes the ability to:
Passive monitoring of threats inside your network (but not automatically
preventing or blocking them)
Monitoring traffic that is remotely mirrored to the TMS zl Module for
threats and intrusion attempts
Monitoring traffic without deploying an inline appliance in a high-band-
width network, such as a research and development laboratory
Note A TMS zl Module can run in one operating mode only. If you switch from one
operating mode to another, the module will revert to the factory defaults for
the new mode, or it will revert to any settings that you may have configured
previously for that mode.
Monitor Mode
In monitor mode, the TMS zl Module monitors traffic passively, and you are
alerted to intrusions through a log mechanism. You can also configure the
module to forward log messages in a variety of ways, including SNMP traps
to an external IPS.
Figures 3-1 and 3-2 show the logical functionality of the TMS zl Module in
monitor mode. The TMS zl Module is not in the path of the traffic; it receives
only a mirrored copy of the traffic. The ProCurve Series 5400zl or 8200zl switch
that hosts the TMS zl Module uses the module’s data port as the mirror
destination for local and remote mirroring.