TMS zl Management and Configuration Guide ST.1.0.090213

4-5

Firewall

Overview

Advantages of an Integrated Firewall

Although firewall software can protect individual PCs, a firewall integrated

into a switch has several advantages:

■ Software firewalls often use mainstream operating systems. Attackers

study such systems for vulnerabilities. These operating systems are more

vulnerable to targeted attacks and sporadic lock-ups, which can take

down your firewall and leave your network unprotected.

■ A switch firewall protects your network entry points, stopping threats

before they get through the switch.

■ A firewall integrated with a switch allows your organization to enforce a

standard security policy for all hosts.

Stateful Firewall

The TMS zl Module has a stateful firewall, which examines packet content at

several OSI layers. It combines aspects of:

■ A packet-filtering firewall

■ A circuit-level gateway

■ An application-level gateway

Packet-Filtering Firewall

A packet-filtering firewall is a router, switch, or computer that runs firewall

software that has been configured to screen incoming and outgoing packets.

Operating at the Network Layer (Layer 3) of the OSI model, a packet-filtering

firewall accepts or denies packets based on information contained in the

packet’s TCP and IP headers.

You must establish the access policies against which a packet-filtering firewall

compares the full association of the packets. Policies consist of the following:

■ Source zone

■ Destination zone

■ Source address

■ Destination address

■ Protocol

■ Source port number

■ Destination port number

See “Firewall Access Policies” on page 4-19.