Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
271272273274275276277278279280
4-26
Firewall
Firewall Access Policies
When host 10.10.0.56 tries to contact server 10.5.0.220, however, the switch
forwards the traffic to the module because the traffic must cross a VLAN
(subnet) boundary, which requires the services of a Layer-3 routing device.
The TMS zl Module can therefore block the traffic from 10.10.0.56 with a
firewall access policy.
Policy Examples
Three examples will be provided below:
A unicast access policy
A scheduled access policy
A rate-limiting access policy
Unicast Access Policy
In this example, a policy that permits all users from the Internet to access only
secure Web traffic inside the DMZ will be created. This policy will use an
address object.
To create the example unicast access policy, follow these steps:
1. Create a multiple-entry IP address object named DMZ_Servers with the
server addresses: 10.1.10.10, 10.1.10.21, and 10.1.10.35. (See “Address
Objects” on page 4-9 for instructions.)
2. Select Firewall > Access Policies > Unicast.
3. From the User Group list, select None.
4. Click Add a Policy.
5. From the Action list, select Permit Traffic.
6. From the From list, select EXTERNAL.
7. From the To list, select DMZ.
8. From the Service list, select https.
9. From the Source list, select Any Address.
10. From the Destination list, select DMZ_Servers.