Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
271272273274275276277278279280
4-25
Firewall
Firewall Access Policies
Orphaned Policies
With the module in routing mode (Layer 3), only the traffic that crosses TMS
VLAN boundaries can be filtered by the TMS zl Module. If you configure a
policy to affect traffic that originates in and is destined for the same TMS
VLAN, the policy will not take effect because the traffic is not routed through
the module.
Figure 4-10. An Orphaned Policy and a Valid Policy
For example, suppose you want to block all traffic that originates from the IP
address 10.5.0.13 and is destined for 10.5.0.220. But because the two addresses
belong to the same VLAN, the switch automatically forwards the traffic at
Layer 2, and the traffic never passes through the TMS zl Module. In this case,
host 10.5.0.13 is able to contact server 10.5.0.220 with HTTP and HTTPS
despite the existence of the “orphaned” firewall access policy.