Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
251252253254255256257258259260
4-7
Firewall
Overview
A stateful firewall, such as the firewall on the TMS zl Module, can analyze
Application Layer data without acting as a proxy server. Instead, the firewall
monitors sessions between hosts. When it determines that a session is valid,
it allows the session to be established. Then the firewall uses algorithms to
process the Application Layer data for packets that are associated with the
session. When new packets that are associated with the session arrive, the
stateful firewall compares the bit patterns of the new packets to the bit
patterns that were stored for previously authorized packets. The firewall can
then determine whether the new packets are a valid part of the session.
The TMS zl Module incorporates several ALGs to allow selected applications
to penetrate the firewall. For example, some applications may send traffic on
one port and receive it on another, behavior that the firewall would usually
consider suspicious. When an ALG is enabled on the TMS zl Module, the
firewall tracks connections made by the application and permits this special-
ized behavior.
Packet Flow
The core component of the TMS zl Module is the firewall, which controls the
packet flow through the other components of the TMS zl Module. The exam-
ples below show a simplified packet flow in each mode when all of the features
are in use. More detailed packet-flow diagrams are in the help files on the
module.
Routing Mode
Figure 4-1. Simplified Packet Flow through the TMS zl Module in Routing Mode