Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
1-12
Overview
Zones
Access Control Zones
The TMS zl Module supports nine access control zones, which have the
following names and intended purposes:
Internal—your private network
External—the Internet or other untrusted networks
DMZ—demilitarized zone; publicly-accessible servers that are logically
located between the private network and the external network
Zone1 through Zone6—any user-defined purpose, as needed
Before the TMS zl Module can filter traffic on a VLAN, you must associate that
VLAN with a zone. When you associate a VLAN with a zone, you specify an IP
address for the TMS zl Module on that VLAN. The VLAN is then called a
TMSVLAN.
A TMS VLAN can be associated with only one zone at a time. You do not need
to use all of the zones, but you do need to use at least one. You can create up
to 19 VLAN associations.
Each zone should include VLANs that have similar security needs or trust
levels. For example, if your network includes user VLANs 20, 30, and 40 and
server VLAN 10, you could associate VLANs 10, 20, 30, and 40 with the Internal
zone.
The External zone generally includes all of the traffic that originates or
terminates outside of your private network. ProCurve Networking recom-
mends that the TMS VLAN in this zone is the VLAN on which the TMS zl
Module connects to an external router (often its default gateway), since there
are some firewall protections, such as sequence prediction attack, that will
only apply to the External zone when enabled.
You can configure policies that apply to all members of a zone generally, or
you can configure more granular policies that apply only to some of the
members of a zone. For example, if TMS VLANs 20 and 30 are associated with
the same zone, you can create separate access policies for controlling the
traffic to and from each VLAN.
However, if you plan to create many different policies for different TMS
VLANs, it might be easier to associate the VLANs with different zones. For
example, you could associate VLANs in your private network with three
separate zones: Zone1 contains the server VLAN 10; Zone2 contains user
VLAN 20, which is for regular employees; and Zone3 contains user VLAN 30,
which is for guests.